name: C/C++ CI

permissions:
  contents: read

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      C_INCLUDE_PATH: /usr/include:/usr/local/include
      LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu
      LD_LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Verify build environment
        run: |
          echo "Checking for required build tools..."
          which gcc || echo "WARNING: gcc not found"
          which make || echo "WARNING: make not found"
          echo "Include path: $C_INCLUDE_PATH"
          echo "Looking for magic.h..."
          ls -la /usr/include/magic.h || echo "magic.h not in /usr/include"
          gcc -E -x c - -v < /dev/null 2>&1 | grep "include"

      - name: Build project
        run: |
          make clean || true
          make INCLUDES="-I/usr/include -I/usr/local/include"

      - name: Upload build artifact
        uses: actions/upload-artifact@v4
        with:
          name: server-binary
          path: server

  test:
    runs-on: ubuntu-latest
    needs: build
    env:
      C_INCLUDE_PATH: /usr/include:/usr/local/include
      LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu
      LD_LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Build for testing
        run: |
          make clean || true
          make INCLUDES="-I/usr/include -I/usr/local/include"

      - name: Verify ELF executable
        run: |
          if file server | grep -q "ELF"; then
            echo "✓ Server binary is a valid ELF executable"
          else
            echo "✗ Invalid server binary!"
            exit 1
          fi

      - name: Run basic tests
        run: |
          echo "✓ (No unit tests configured yet, smoke test passed)"

  code-quality:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Run Cppcheck
        run: |
          cppcheck --enable=all --inconclusive --error-exitcode=0 \
            --suppress=missingIncludeSystem \
            src/ 2>&1 | tee cppcheck-report.txt

      - name: Check formatting
        run: |
          mismatches=0
          for file in $(find src/ -name "*.c" -o -name "*.h"); do
            if clang-format -style=file -output-replacements-xml "$file" | grep -q "<replacement "; then
              echo "Formatting issue: $file"
              mismatches=1
            fi
          done
          exit $mismatches

      - name: Upload reports
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: code-quality-reports
          path: cppcheck-report.txt

  security-scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Run Flawfinder
        run: |
          flawfinder --minlevel=1 src/ | tee flawfinder.txt || true

      - name: Run Cppcheck (security-focused)
        run: |
          cppcheck --enable=warning,style,performance,portability \
            --error-exitcode=0 src/ 2>&1 | tee cppcheck-security.txt

      - name: Upload security reports
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: security-scan-reports
          path: |
            flawfinder.txt
            cppcheck-security.txt