# Advanced Woodpecker CI with self-hosted features
# Requires: Multiple agents (Linux/macOS/Windows), S3 cache, SonarQube

when:
  event: [push, pull_request]
  branch: [main, develop]

# === MATRIX BUILDS (Multi-OS) ===
# Requires Woodpecker agents on each platform

matrix:
  PLATFORM:
    - linux/amd64
    - darwin/amd64
    - windows/amd64

steps:
  # Lint (parallel, Linux only for tools availability)
  lint:
    image: rust:latest
    when:
      matrix:
        PLATFORM: linux/amd64
    commands:
      - curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
      - rustup component add clippy
      - just ci::lint-all
    cache:
      - ~/.cargo/registry
      - ~/.cargo/git

  # Test (all platforms)
  test:
    image: rust:latest
    platform: ${PLATFORM}
    commands:
      - curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
      - just ci::test-all
    cache:
      - ~/.cargo/registry
      - ~/.cargo/git
      - target/
    depends_on:
      - lint

  # Coverage (Linux only, upload to SonarQube)
  coverage:
    image: rust:latest
    when:
      matrix:
        PLATFORM: linux/amd64
    secrets: [sonar_token]
    commands:
      - cargo install cargo-llvm-cov
      - cargo llvm-cov --lcov --output-path lcov.info
      - |
        curl -sSL https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip -o sonar.zip
        unzip -q sonar.zip
        sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner \
          -Dsonar.host.url=${SONAR_URL} \
          -Dsonar.login=${SONAR_TOKEN} \
          -Dsonar.projectKey=typedialog \
          -Dsonar.sources=. \
          -Dsonar.rust.lcov.reportPaths=lcov.info
    depends_on:
      - test

  # Benchmark (on PRs, post results as comment)
  benchmark:
    image: rust:latest
    when:
      event: pull_request
      matrix:
        PLATFORM: linux/amd64
    secrets: [gitea_token]
    commands:
      - cargo install cargo-criterion
      - cargo criterion --message-format json > bench.json || true
      - apk add --no-cache curl jq
      - |
        SUMMARY=$(cat bench.json | jq -r 'select(.reason=="benchmark-complete") | "\(.id): \(.mean.estimate)ns"' | head -10)
        COMMENT="## 📊 Benchmark Results\n\`\`\`\n${SUMMARY}\n\`\`\`"
        curl -X POST "${GITEA_URL}/api/v1/repos/${CI_REPO}/issues/${CI_PULL_REQUEST}/comments" \
          -H "Authorization: token ${GITEA_TOKEN}" \
          -H "Content-Type: application/json" \
          -d "{\"body\": \"${COMMENT}\"}"
    depends_on:
      - test

  # Security audit (all platforms)
  security:
    image: rust:latest
    platform: ${PLATFORM}
    commands:
      - cargo install cargo-audit --locked
      - cargo audit
    cache:
      - ~/.cargo/bin
    depends_on:
      - lint

  # Build (all platforms)
  build:
    image: rust:latest
    platform: ${PLATFORM}
    commands:
      - curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
      - just ci::build-release
    cache:
      - ~/.cargo/registry
      - ~/.cargo/git
      - target/
    depends_on:
      - test
      - security