internet-id/.github/workflows/ci.yml

name: CI

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

permissions:
  contents: read

jobs:
  # Backend: Lint, TypeScript build, Hardhat compile, and tests
  backend:
    name: Backend (Lint, Build, Test)
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: internetid
          POSTGRES_PASSWORD: internetid
          POSTGRES_DB: internetid_test
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    env:
      DATABASE_URL: postgresql://internetid:internetid@localhost:5432/internetid_test?schema=public

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"

      - name: Install dependencies
        run: npm ci --legacy-peer-deps

      - name: Security audit (high severity)
        run: npm audit --audit-level=high

      - name: Run linter (root)
        run: npm run lint:root

      - name: Check formatting
        run: npm run format:check

      - name: Validate Prisma schema format
        run: npm run db:format:check

      - name: Compile Hardhat contracts
        run: npm run build

      - name: Generate Prisma client
        run: npm run db:generate

      - name: Run database migrations
        run: npx prisma migrate deploy

      - name: Run tests
        run: npm test

  # Web: Lint and TypeScript check
  web:
    name: Web (Lint, TypeScript, Tests)
    runs-on: ubuntu-latest

    env:
      # Mock environment variables for Next.js build
      # The build uses standalone mode and doesn't require real values
      DATABASE_URL: postgresql://internetid:internetid@localhost:5432/internetid_test?schema=public
      NEXTAUTH_URL: http://localhost:3000
      NEXTAUTH_SECRET: ci-test-secret-not-for-production

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"
          cache-dependency-path: "web/package-lock.json"

      - name: Install root dependencies (for Prisma schema)
        run: npm ci --legacy-peer-deps

      - name: Install web dependencies
        working-directory: web
        run: npm ci --legacy-peer-deps

      - name: Security audit (high severity)
        working-directory: web
        run: npm audit --audit-level=high

      - name: Run linter (web)
        working-directory: web
        run: npm run lint

      - name: Check formatting (web)
        working-directory: web
        run: npm run format:check

      - name: Run component tests (web)
        working-directory: web
        run: npm test

      - name: Build Next.js app
        working-directory: web
        run: npm run build