# DSS Design System Validation - GitHub Actions
# Generated by @dss/rules init
#
# This workflow validates design system compliance and uploads metrics
# to the DSS dashboard for portfolio-wide visibility.
#
# Required Secrets:
#   DSS_DASHBOARD_URL: URL to DSS metrics API (e.g., https://dss.example.com)
#   DSS_API_TOKEN: Authentication token for metrics upload

name: DSS Validate

on:
  push:
    branches: [main, master, develop]
  pull_request:
    branches: [main, master]

env:
  NODE_VERSION: '20'

jobs:
  validate:
    name: Design System Validation
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for baseline comparison

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      # Check for break-glass [dss-skip] in commit message
      - name: Check for [dss-skip]
        id: skip-check
        run: |
          COMMIT_MSG=$(git log -1 --pretty=%B)
          if echo "$COMMIT_MSG" | grep -q '\[dss-skip\]'; then
            echo "skip=true" >> $GITHUB_OUTPUT
            echo "::warning::DSS validation skipped via [dss-skip] commit message"
            echo "::warning::Commit: $(git log -1 --pretty='%h %s')"
          else
            echo "skip=false" >> $GITHUB_OUTPUT
          fi

      # Check @dss/rules version drift
      - name: Check rules version
        if: steps.skip-check.outputs.skip != 'true'
        run: |
          INSTALLED=$(npm list @dss/rules --json 2>/dev/null | jq -r '.dependencies["@dss/rules"].version // "not-installed"')
          LATEST=$(npm view @dss/rules version 2>/dev/null || echo "unknown")

          echo "Installed @dss/rules: $INSTALLED"
          echo "Latest @dss/rules: $LATEST"

          if [ "$INSTALLED" != "$LATEST" ] && [ "$LATEST" != "unknown" ]; then
            echo "::warning::@dss/rules is outdated ($INSTALLED vs $LATEST). Consider updating."
          fi

      # Run DSS validation
      - name: Run DSS validation
        if: steps.skip-check.outputs.skip != 'true'
        id: validate
        run: |
          # Run validation with CI mode (strict, JSON output)
          npm run dss:validate:ci || echo "validation_failed=true" >> $GITHUB_OUTPUT

          # Extract summary for PR comment
          if [ -f .dss/results.json ]; then
            ERRORS=$(jq -r '.metrics.totalErrors // 0' .dss/results.json)
            WARNINGS=$(jq -r '.metrics.totalWarnings // 0' .dss/results.json)
            SCORE=$(jq -r '.metrics.adoptionScore // 0' .dss/results.json)

            echo "errors=$ERRORS" >> $GITHUB_OUTPUT
            echo "warnings=$WARNINGS" >> $GITHUB_OUTPUT
            echo "score=$SCORE" >> $GITHUB_OUTPUT
          fi

      # Upload metrics to DSS dashboard
      - name: Upload metrics to dashboard
        if: steps.skip-check.outputs.skip != 'true' && always()
        continue-on-error: true
        run: |
          if [ ! -f .dss/results.json ]; then
            echo "No results file found, skipping upload"
            exit 0
          fi

          # Add git metadata to results
          jq --arg branch "${{ github.ref_name }}" \
             --arg commit "${{ github.sha }}" \
             --arg repo "${{ github.repository }}" \
             '. + {branch: $branch, commit: $commit, project: $repo}' \
             .dss/results.json > .dss/upload.json

          curl -X POST "${DSS_DASHBOARD_URL}/api/metrics/upload" \
            -H "Content-Type: application/json" \
            -H "Authorization: Bearer ${DSS_API_TOKEN}" \
            -d @.dss/upload.json \
            --fail --silent --show-error
        env:
          DSS_DASHBOARD_URL: ${{ secrets.DSS_DASHBOARD_URL }}
          DSS_API_TOKEN: ${{ secrets.DSS_API_TOKEN }}

      # Comment on PR with results
      - name: Comment on PR
        if: github.event_name == 'pull_request' && steps.skip-check.outputs.skip != 'true'
        uses: actions/github-script@v7
        with:
          script: |
            const errors = '${{ steps.validate.outputs.errors }}' || '0';
            const warnings = '${{ steps.validate.outputs.warnings }}' || '0';
            const score = '${{ steps.validate.outputs.score }}' || 'N/A';

            const status = errors === '0' ? '✅' : '❌';
            const body = `## ${status} DSS Validation Results

            | Metric | Value |
            |--------|-------|
            | Adoption Score | ${score}% |
            | Errors | ${errors} |
            | Warnings | ${warnings} |

            ${errors !== '0' ? '⚠️ Please fix design system violations before merging.' : '🎉 All design system checks passed!'}

            ---
            *Powered by @dss/rules*`;

            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: body
            });

      # Fail if validation errors (authoritative enforcement)
      - name: Check validation result
        if: steps.skip-check.outputs.skip != 'true'
        run: |
          if [ "${{ steps.validate.outputs.validation_failed }}" = "true" ]; then
            echo "::error::DSS validation failed with errors. Please fix violations."
            exit 1
          fi