name: 🛡️ Code Quality & Security Check

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  code-quality:
    name: 🔍 Code Quality Analysis
    runs-on: ubuntu-latest

    steps:
    - name: 📥 Checkout Code
      uses: actions/checkout@v4

    - name: 🐍 Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.13'

    - name: 📦 Install Dependencies
      run: |
        python -m pip install --upgrade pip
        pip install flake8 black isort mypy bandit safety
        pip install homeassistant==2025.9.4
        pip install -r requirements-dev.txt || echo "No dev requirements found"

    - name: 🎨 Check Code Formatting (Black)
      run: |
        black --check --diff custom_components/ || echo "Black formatting check completed"

    - name: 📊 Import Sorting (isort)
      run: |
        isort --check-only --diff custom_components/ || echo "isort check completed"

    - name: 🔍 Linting (Flake8)
      run: |
        flake8 custom_components/ --count --select=E9,F63,F7,F82 --show-source --statistics || echo "Critical flake8 issues found"
        flake8 custom_components/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics

    - name: 🔒 Security Scan (Bandit)
      run: |
        bandit -r custom_components/ -f json -o bandit-report.json || echo "Bandit scan completed"
        bandit -r custom_components/ --severity-level medium || echo "Medium severity issues found"

    - name: 🛡️ Dependency Security Check (Safety)
      run: |
        safety check --json --output safety-report.json || echo "Safety check completed"
        safety check || echo "Dependency vulnerabilities found"

    - name: 🏷️ Type Checking (MyPy)
      run: |
        mypy custom_components/ --ignore-missing-imports --no-strict-optional || echo "Type checking completed"