name: 🚀 LLM Fusion MCP - CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
    tags: [ 'v*' ]
  pull_request:
    branches: [ main ]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  # =============================================================================
  # CODE QUALITY & TESTING
  # =============================================================================
  quality:
    name: 🔍 Code Quality & Testing
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.10", "3.11", "3.12"]
    
    steps:
    - name: 📥 Checkout Code
      uses: actions/checkout@v4

    - name: 🐍 Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ matrix.python-version }}

    - name: ⚡ Install uv
      uses: astral-sh/setup-uv@v2

    - name: 📦 Install Dependencies
      run: |
        uv sync --all-extras --dev

    - name: 🔧 Code Formatting Check
      run: |
        uv run ruff format --check

    - name: 🔍 Linting
      run: |
        uv run ruff check

    - name: 🏷️  Type Checking
      run: |
        uv run mypy src/

    - name: 🧪 Run Tests
      run: |
        uv run python test_all_tools.py || echo "Tests require API keys"

  # =============================================================================
  # SECURITY SCANNING
  # =============================================================================
  security:
    name: 🛡️ Security Scanning
    runs-on: ubuntu-latest
    needs: quality
    
    steps:
    - name: 📥 Checkout Code
      uses: actions/checkout@v4

    - name: 🔒 Run Trivy Security Scanner
      uses: aquasecurity/trivy-action@master
      with:
        scan-type: 'fs'
        scan-ref: '.'
        format: 'sarif'
        output: 'trivy-results.sarif'

    - name: 📊 Upload Trivy Results
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: 'trivy-results.sarif'

  # =============================================================================
  # DOCKER BUILD & PUSH
  # =============================================================================
  docker:
    name: 🐳 Docker Build & Push
    runs-on: ubuntu-latest
    needs: [quality, security]
    permissions:
      contents: read
      packages: write

    steps:
    - name: 📥 Checkout Code
      uses: actions/checkout@v4

    - name: 🏗️ Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: 🔐 Login to Container Registry
      if: github.event_name != 'pull_request'
      uses: docker/login-action@v3
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: 📋 Extract Metadata
      id: meta
      uses: docker/metadata-action@v5
      with:
        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
        tags: |
          type=ref,event=branch
          type=ref,event=pr
          type=semver,pattern={{version}}
          type=semver,pattern={{major}}.{{minor}}
          type=raw,value=latest,enable={{is_default_branch}}

    - name: 🏗️ Build and Push Docker Image
      uses: docker/build-push-action@v5
      with:
        context: .
        push: ${{ github.event_name != 'pull_request' }}
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}
        cache-from: type=gha
        cache-to: type=gha,mode=max
        platforms: linux/amd64,linux/arm64

  # =============================================================================
  # RELEASE
  # =============================================================================
  release:
    name: 🎉 Create Release
    runs-on: ubuntu-latest
    needs: [docker]
    if: startsWith(github.ref, 'refs/tags/')
    permissions:
      contents: write

    steps:
    - name: 📥 Checkout Code
      uses: actions/checkout@v4

    - name: 📄 Generate Changelog
      id: changelog
      run: |
        echo "CHANGELOG<<EOF" >> $GITHUB_OUTPUT
        echo "## 🚀 What's New" >> $GITHUB_OUTPUT
        echo "" >> $GITHUB_OUTPUT
        echo "### ✨ Features & Improvements" >> $GITHUB_OUTPUT
        git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 HEAD^)..HEAD >> $GITHUB_OUTPUT
        echo "" >> $GITHUB_OUTPUT
        echo "" >> $GITHUB_OUTPUT
        echo "### 🐳 Docker Images" >> $GITHUB_OUTPUT
        echo "- \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}\`" >> $GITHUB_OUTPUT
        echo "- \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest\`" >> $GITHUB_OUTPUT
        echo "EOF" >> $GITHUB_OUTPUT

    - name: 🎉 Create Release
      uses: actions/create-release@v1
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        tag_name: ${{ github.ref_name }}
        release_name: LLM Fusion MCP ${{ github.ref_name }}
        body: ${{ steps.changelog.outputs.CHANGELOG }}
        draft: false
        prerelease: ${{ contains(github.ref_name, 'beta') || contains(github.ref_name, 'alpha') }}

  # =============================================================================
  # DEPLOYMENT NOTIFICATION
  # =============================================================================
  notify:
    name: 📢 Deployment Notification
    runs-on: ubuntu-latest
    needs: [release]
    if: always() && contains(needs.*.result, 'success')

    steps:
    - name: 🎊 Success Notification
      run: |
        echo "🚀 LLM Fusion MCP deployed successfully!"
        echo "🏷️  Version: ${{ github.ref_name }}"
        echo "🐳 Docker: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}"
        echo "📋 Ready for production deployment!"