name: 🛡️ Code Quality & Security Check

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  code-quality:
    name: 🔍 Code Quality Analysis
    runs-on: ubuntu-latest

    steps:
    - name: 📥 Checkout Code
      uses: actions/checkout@v4

    - name: 🐍 Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'

    - name: 📦 Install Dependencies
      run: |
        python -m pip install --upgrade pip
        pip install flake8 black isort mypy bandit safety
        pip install homeassistant==2025.9.4
        pip install -r requirements-dev.txt || echo "No dev requirements found"

    - name: 🎨 Check Code Formatting (Black)
      run: |
        black --check --diff custom_components/

    - name: 📊 Import Sorting (isort)
      run: |
        isort --check-only --diff custom_components/

    - name: 🔍 Linting (Flake8)
      run: |
        flake8 custom_components/ --count --select=E9,F63,F7,F82 --show-source --statistics
        flake8 custom_components/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics

    - name: 🔒 Security Scan (Bandit)
      run: |
        bandit -r custom_components/ -f json -o bandit-report.json || true
        bandit -r custom_components/ --severity-level medium

    - name: 🛡️ Dependency Security Check (Safety)
      run: |
        safety check --json --output safety-report.json || true
        safety check

    - name: 🏷️ Type Checking (MyPy)
      run: |
        mypy custom_components/ --ignore-missing-imports --no-strict-optional