name: CI - id_verif

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

jobs:
  code-quality:
    name: Code Quality
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - name: Install dependencies
        run: |
          if [ -f package.json ]; then (npm ci || npm install); fi
      - name: Lint (if present)
        run: |
          if [ -f package.json ]; then (npm run lint || true); fi
      - name: Build (if present)
        run: |
          if [ -f package.json ]; then (npm run build || true); fi

  security-audit:
    name: Security Audit
    runs-on: ubuntu-latest
    needs: [code-quality]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Ensure scripts executable
        run: |
          chmod +x scripts/security/audit.sh || true
      - name: Run security audit
        run: |
          if [ -f scripts/security/audit.sh ]; then
            ./scripts/security/audit.sh
          else
            echo "No security audit script (ok)"
          fi

  docker-build:
    name: Docker Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build Docker image
        run: |
          docker build -t id_verif:latest .