name: dbsetup

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version: 'stable'
      - name: Run tests
        run: go test -race -coverprofile=coverage.txt ./...

      - name: Check coverage
        uses: vladopajic/go-test-coverage@v2
        with:
          config: ./.testcoverage.yml

      # Download baseline coverage from main branch (for PRs)
      - name: Download baseline coverage
        if: gitea.event_name == 'pull_request'
        uses: actions/download-artifact@v3
        with:
          name: coverage-baseline
          path: ./baseline
        continue-on-error: true

      # Compare coverage against baseline (for PRs)
      - name: Compare coverage
        if: gitea.event_name == 'pull_request'
        run: |
          CURRENT=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%')
          if [ -f ./baseline/coverage.txt ]; then
            BASE=$(go tool cover -func=./baseline/coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%')
            echo "Base coverage: ${BASE}%"
            echo "Current coverage: ${CURRENT}%"
            if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then
              echo "::error::Coverage decreased from ${BASE}% to ${CURRENT}%"
              exit 1
            fi
            echo "Coverage maintained or improved: ${BASE}% -> ${CURRENT}%"
          else
            echo "No baseline coverage found, skipping comparison"
            echo "Current coverage: ${CURRENT}%"
          fi

      # Upload coverage as baseline (only on main)
      - name: Upload coverage baseline
        if: gitea.ref == 'refs/heads/main'
        uses: actions/upload-artifact@v3
        with:
          name: coverage-baseline
          path: coverage.txt
          retention-days: 90

      # Post coverage to PR comment
      - name: Post coverage comment
        if: gitea.event_name == 'pull_request'
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
          GITEA_URL: ${{ gitea.server_url }}
        run: |
          COVERAGE=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}')
          curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
            -H "Authorization: token ${GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}**\"}"

  vulnerabilities:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version: 'stable'
      - name: Check vulnerabilities
        run: |
          go install golang.org/x/vuln/cmd/govulncheck@latest
          govulncheck ./...