# GitLab CI/CD Configuration
# =========================

stages:
  - lint
  - test
  - security
  - build

variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
  PYTHON_VERSION: "3.11"

# Cache dependencies between jobs
cache:
  paths:
    - .cache/pip
    - .venv/

# Lint Stage
# ----------

ruff:
  stage: lint
  image: python:${PYTHON_VERSION}
  before_script:
    - pip install uv
    - uv sync --frozen
  script:
    - .venv/bin/ruff check .
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Test Stage
# ----------

pytest:
  stage: test
  image: python:${PYTHON_VERSION}
  before_script:
    - pip install uv
    - uv sync --frozen
  script:
    - .venv/bin/python -m pytest tests/ -v --tb=short
  coverage: '/TOTAL.*\s+(\d+%)/'
  artifacts:
    reports:
      junit: report.xml
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

architecture:
  stage: test
  image: python:${PYTHON_VERSION}
  before_script:
    - pip install uv
    - uv sync --frozen
  script:
    - .venv/bin/python scripts/validate_architecture.py
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Security Stage
# --------------

dependency_scanning:
  stage: security
  image: python:${PYTHON_VERSION}
  before_script:
    - pip install pip-audit
  script:
    - pip-audit --requirement requirements.txt || true
  allow_failure: true
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

audit:
  stage: security
  image: python:${PYTHON_VERSION}
  before_script:
    - pip install uv
    - uv sync --frozen
  script:
    - .venv/bin/python scripts/validate_audit.py
  allow_failure: true
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

# Build Stage
# -----------

docs:
  stage: build
  image: python:${PYTHON_VERSION}
  before_script:
    - pip install uv
    - uv sync --frozen
  script:
    - .venv/bin/mkdocs build
  artifacts:
    paths:
      - site/
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH