clawfort/.github/workflows/quality-gates.yml

name: quality-gates

on:
  pull_request:
  push:
    branches: [main]

jobs:
  lint-and-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install project dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -e .[dev]
      - name: Ruff lint
        run: python -m ruff check backend tests
      - name: Pytest coverage and contracts
        run: python -m pytest

  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install scanner
        run: |
          python -m pip install --upgrade pip
          pip install pip-audit
      - name: Dependency vulnerability scan
        run: pip-audit

  playwright-smoke:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install Python dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -e .
      - name: Install Playwright dependencies
        run: |
          cd e2e
          npm ci
          npx playwright install --with-deps chromium
      - name: Run Playwright smoke tests
        run: |
          cd e2e
          npm run test:smoke
      - name: Upload test results
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: playwright-smoke-report
          path: |
            e2e/playwright-report/
            e2e/test-results/
          retention-days: 14

  playwright-full:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install Python dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -e .
      - name: Install Playwright dependencies
        run: |
          cd e2e
          npm ci
          npx playwright install --with-deps
      - name: Run Playwright full regression
        run: |
          cd e2e
          npm run test:full
      - name: Upload test results
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: playwright-full-report
          path: |
            e2e/playwright-report/
            e2e/test-results/
          retention-days: 30