name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]
  release:
    types: [ published ]

env:
  CARGO_TERM_COLOR: always
  RUST_BACKTRACE: 1

jobs:
  test:
    name: Test Suite
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [windows-latest, ubuntu-latest, macos-latest]
        rust: [stable, beta]
    
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable
      with:
        toolchain: ${{ matrix.rust }}
        components: rustfmt, clippy

    - name: Cache cargo registry
      uses: actions/cache@v3
      with:
        path: ~/.cargo/registry
        key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}

    - name: Cache cargo index
      uses: actions/cache@v3
      with:
        path: ~/.cargo/git
        key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}

    - name: Cache cargo build
      uses: actions/cache@v3
      with:
        path: target
        key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}

    - name: Check formatting
      run: cargo fmt --all -- --check

    - name: Run clippy
      run: cargo clippy --all-targets --all-features -- -D warnings

    - name: Run tests
      run: cargo test --all-features --verbose

    - name: Run doc tests
      run: cargo test --doc

  security:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable

    - name: Install cargo-audit
      run: cargo install cargo-audit

    - name: Run security audit
      run: cargo audit

    - name: Install cargo-deny
      run: cargo install cargo-deny

    - name: Run license and dependency check
      run: cargo deny check

  coverage:
    name: Code Coverage
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable
      with:
        components: llvm-tools-preview

    - name: Install cargo-llvm-cov
      run: cargo install cargo-llvm-cov

    - name: Generate coverage
      run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info

    - name: Upload to codecov.io
      uses: codecov/codecov-action@v3
      with:
        file: lcov.info
        fail_ci_if_error: false

  benchmark:
    name: Performance Benchmarks
    runs-on: windows-latest
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable

    - name: Run benchmarks
      run: cargo bench --all-features


  build:
    name: Build Release
    runs-on: ${{ matrix.os }}
    needs: [test, security]
    strategy:
      matrix:
        include:
          - os: windows-latest
            target: x86_64-pc-windows-msvc
            extension: .exe
          - os: ubuntu-latest
            target: x86_64-unknown-linux-gnu
            extension: ''
          - os: macos-latest
            target: x86_64-apple-darwin
            extension: ''

    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Install Rust
      uses: dtolnay/rust-toolchain@stable
      with:
        targets: ${{ matrix.target }}

    - name: Build release
      run: cargo build --release --target ${{ matrix.target }}

    - name: Create archive
      shell: bash
      run: |
        if [[ "${{ matrix.os }}" == "windows-latest" ]]; then
          7z a ghost-${{ matrix.target }}.zip target/${{ matrix.target }}/release/ghost-cli.exe
        else
          tar czf ghost-${{ matrix.target }}.tar.gz -C target/${{ matrix.target }}/release ghost-cli
        fi

    - name: Upload artifacts
      uses: actions/upload-artifact@v4
      with:
        name: ghost-${{ matrix.target }}
        path: ghost-${{ matrix.target }}.*

  release:
    name: Create Release
    runs-on: ubuntu-latest
    needs: [build]
    if: github.event_name == 'release'
    steps:
    - name: Download all artifacts
      uses: actions/download-artifact@v4

    - name: Create release
      uses: softprops/action-gh-release@v1
      with:
        files: '**/ghost-*'
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  docker:
    name: Build Docker Image
    runs-on: ubuntu-latest
    needs: [test, security]
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Login to GitHub Container Registry
      uses: docker/login-action@v3
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Build and push
      uses: docker/build-push-action@v5
      with:
        context: .
        push: true
        tags: |
          ghcr.io/${{ github.repository }}:latest
          ghcr.io/${{ github.repository }}:${{ github.sha }}
        cache-from: type=gha
        cache-to: type=gha,mode=max