name: Code Quality

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  quality:
    runs-on: ubuntu-latest
    
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.10'
    
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install flake8 black isort
        pip install -r app/requirements.txt
    
    - name: Lint with flake8
      run: |
        # Check for critical syntax errors and undefined names, but ignore specific legacy issues
        flake8 app/stiftung app/core --count --select=E9,F63,F7,F82 --ignore=F401,F811,F841 --show-source --statistics --exit-zero
        # General linting with more lenient settings for legacy code
        flake8 app/stiftung app/core --count --exit-zero --max-complexity=15 --max-line-length=120 --exclude=migrations --extend-ignore=E203,W503,E501,F401,F811,F841,E402,E722 --statistics
    
    - name: Check code formatting with black
      run: |
        black --check app/stiftung app/core
    
    - name: Check import sorting with isort
      run: |
        isort --check-only app/stiftung app/core
    
    - name: Check for security issues
      run: |
        pip install bandit
        bandit -r app/stiftung app/core -f json -o bandit-report.json || true
    
    - name: Upload security report
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: bandit-security-report
        path: bandit-report.json