name: CI

on:
  push:
    branches: [lotus]
  pull_request:
    branches: [lotus]

jobs:
  build:
    name: Build & Quality Checks
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: '.node-version'
          cache: npm

      - name: Install dependencies
        run: npm ci

      # ── Critical gate — if this fails, nothing deploys ──────────────────
      - name: Build
        run: npm run build
        env:
          NODE_OPTIONS: '--max_old_space_size=4096'
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          VITE_APP_VERSION: ${{ github.sha }}

      # ── Quality checks (informational — pre-existing issues exist) ───────
      - name: TypeScript
        run: npm run typecheck
        continue-on-error: true

      - name: ESLint
        run: npm run check:eslint
        continue-on-error: true

      - name: Prettier
        run: npm run check:prettier
        continue-on-error: true

      # ── Security ─────────────────────────────────────────────────────────
      - name: Audit (high/critical)
        run: npm audit --audit-level=high --omit=dev
        continue-on-error: true

      # ── Bundle size report ───────────────────────────────────────────────
      - name: Report bundle sizes
        run: |
          echo "### Bundle sizes" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "| File | Size | Gzip |" >> $GITHUB_STEP_SUMMARY
          echo "|------|------|------|" >> $GITHUB_STEP_SUMMARY
          find dist/assets -name "*.js" -not -name "*.map" | sort | while read f; do
            name=$(basename "$f")
            size=$(du -sh "$f" | cut -f1)
            gzip_size=$(gzip -c "$f" | wc -c | awk '{printf "%.1f kB", $1/1024}')
            echo "| $name | $size | $gzip_size |" >> $GITHUB_STEP_SUMMARY
          done