name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  quality:
    runs-on: ubuntu-latest
    env:
      VITE_API_URL: "http://localhost:3000"
      VITE_SUPABASE_URL: "https://fake.supabase.co"
      VITE_SUPABASE_ANON_KEY: "fake-anon-key-for-ci"
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
      - run: npm ci
      - run: npm run lint
      - run: npm run format:check
      - run: npm run typecheck
      - run: npm run test
      - run: npm audit --audit-level=high
      - name: Install Semgrep
        run: python3 -m pip install --user semgrep
      - name: Semgrep scan
        run: semgrep scan --config=auto --error --severity=ERROR