name: CI

on:
  push:
    branches: [ main, master ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go-version: [1.23.x]

    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ matrix.go-version }}

    - name: Cache Go modules
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/go-build
          ~/go/pkg/mod
        key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-${{ matrix.go-version }}-

    - name: Download dependencies
      run: go mod download

    - name: Build
      run: go build -v ./...

    - name: Test with coverage
      run: go test -v -race -coverprofile=coverage.out -covermode=atomic ./...

    - name: Calculate coverage
      run: |
        TOTAL=$(go test -cover ./... 2>&1 | awk '/^ok /{for(i=1;i<=NF;i++) if($i~/%$/) print $i}' | head -1 | tr -d '%')
        echo "Coverage: ${TOTAL}"
        if [ -z "$TOTAL" ]; then
          echo "No coverage data found"
          exit 1
        fi
        if (( $(echo "$TOTAL < 80" | bc -l) )); then
          echo "Coverage ${TOTAL}% is below 80% threshold"
          exit 1
        fi
        echo "Coverage ${TOTAL}% meets 80% threshold"

    - name: Upload coverage report
      uses: codecov/codecov-action@v4
      with:
        files: ./coverage.out
        flags: unittests
        name: codecov-pop

    - name: Lint
      run: |
        go vet ./...
        test -z $(gofmt -l .)

  security-scan:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: 1.23.x

    - name: Run GoSec
      uses: securego/gosec@v2
      with:
        args: ./...