name: CI

on:
  push:
    branches: ["**"]
  pull_request:
    branches: [master]

permissions:
  contents: read

jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
    timeout-minutes: 3
    steps:
      - uses: actions/checkout@v4
      - uses: jdx/mise-action@v2
      - run: npm ci
      - name: Biome check
        run: npx @biomejs/biome ci .

  test:
    name: Test
    needs: lint
    runs-on: ubuntu-latest
    timeout-minutes: 10
    environment: env-for-buildci
    env:
      DROPBOX_APP_KEY: ${{secrets.DROPBOX_APP_KEY}}
      ONEDRIVE_CLIENT_ID: ${{secrets.ONEDRIVE_CLIENT_ID}}
      ONEDRIVE_AUTHORITY: ${{secrets.ONEDRIVE_AUTHORITY}}
      REMOTELYSAVE_WEBSITE: ${{secrets.REMOTELYSAVE_WEBSITE}}
      REMOTELYSAVE_CLIENT_ID: ${{secrets.REMOTELYSAVE_CLIENT_ID}}
      GOOGLEDRIVE_CLIENT_ID: ${{secrets.GOOGLEDRIVE_CLIENT_ID}}
      GOOGLEDRIVE_CLIENT_SECRET: ${{secrets.GOOGLEDRIVE_CLIENT_SECRET}}
      BOX_CLIENT_ID: ${{secrets.BOX_CLIENT_ID}}
      BOX_CLIENT_SECRET: ${{secrets.BOX_CLIENT_SECRET}}
      PCLOUD_CLIENT_ID: ${{secrets.PCLOUD_CLIENT_ID}}
      PCLOUD_CLIENT_SECRET: ${{secrets.PCLOUD_CLIENT_SECRET}}
      YANDEXDISK_CLIENT_ID: ${{secrets.YANDEXDISK_CLIENT_ID}}
      YANDEXDISK_CLIENT_SECRET: ${{secrets.YANDEXDISK_CLIENT_SECRET}}
      KOOFR_CLIENT_ID: ${{secrets.KOOFR_CLIENT_ID}}
      KOOFR_CLIENT_SECRET: ${{secrets.KOOFR_CLIENT_SECRET}}
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
      - name: Checkout LFS file list
        run: git lfs ls-files --long | cut -d ' ' -f1 | sort > .lfs-assets-id
      - name: LFS Cache
        uses: actions/cache@v4
        with:
          path: .git/lfs/objects
          key: ${{ runner.os }}-lfs-${{ hashFiles('.lfs-assets-id') }}
          restore-keys: |
            ${{ runner.os }}-lfs-
      - name: Git LFS Pull
        run: git lfs pull
      - uses: jdx/mise-action@v2
      - run: npm ci
      - name: Testes com cobertura
        run: npm run test:coverage
      - run: npm run build
      - uses: actions/upload-artifact@v4
        with:
          name: dist
          path: |
            main.js
            manifest.json
            styles.css
      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: coverage
          path: coverage/

  security:
    name: Security
    needs: test
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v4
      - uses: jdx/mise-action@v2
      - run: npm ci
      - name: npm audit
        run: npm audit --audit-level=high
      - name: Biome lint (regras de seguranca)
        run: npx @biomejs/biome lint .