name: Tests

on:
  push:
    branches: [main, dev]
  pull_request:
    branches: [main, dev]

jobs:
  unit-tests:
    name: Unit Tests
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install bats
        run: brew install bats-core

      - name: Run all test suites
        run: |
          echo "Running all test suites..."
          bats tests/*.bats --formatter tap
          echo ""
          echo "Test summary:"
          echo "  Total test files: $(ls tests/*.bats | wc -l | tr -d ' ')"
          echo "  Total tests: $(grep -c "^@test" tests/*.bats | awk -F: '{sum+=$2} END {print sum}')"
          echo "✓ All tests passed"

  go-tests:
    name: Go Tests
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.24'

      - name: Build Go binaries
        run: |
          echo "Building Go binaries..."
          go build ./...
          echo "✓ Build successful"

      - name: Run go vet
        run: |
          echo "Running go vet..."
          go vet ./cmd/...
          echo "✓ Vet passed"

      - name: Run go test
        run: |
          echo "Running go test..."
          go test ./cmd/...
          echo "✓ Go tests passed"

  integration-tests:
    name: Integration Tests
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install dependencies
        run: brew install coreutils

      - name: Test module loading
        run: |
          echo "Testing module loading..."
          bash -c 'source lib/core/common.sh && echo "✓ Modules loaded successfully"'

      - name: Test clean --dry-run
        run: |
          echo "Testing clean --dry-run..."
          ./bin/clean.sh --dry-run
          echo "✓ Clean dry-run completed"

      - name: Test installation
        run: |
          echo "Testing installation script..."
          ./install.sh --prefix /tmp/mole-test
          test -f /tmp/mole-test/mole
          echo "✓ Installation successful"

  compatibility:
    name: macOS Compatibility
    strategy:
      matrix:
        os: [macos-14, macos-15]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4

      - name: Test on ${{ matrix.os }}
        run: |
          echo "Testing on ${{ matrix.os }}..."
          bash -n mole
          source lib/core/common.sh
          echo "✓ Successfully loaded on ${{ matrix.os }}"

  security:
    name: Security Checks
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v4

      - name: Check for unsafe rm usage
        run: |
          echo "Checking for unsafe rm patterns..."
          if grep -r "rm -rf" --include="*.sh" lib/ | grep -v "safe_remove\|validate_path\|# "; then
            echo "✗ Unsafe rm -rf usage found"
            exit 1
          fi
          echo "✓ No unsafe rm usage found"

      - name: Verify app protection
        run: |
          echo "Verifying critical file protection..."
          bash -c '
          source lib/core/common.sh
          if should_protect_from_uninstall "com.apple.Safari"; then
            echo "✓ Safari is protected"
          else
            echo "✗ Safari protection failed"
            exit 1
          fi
          '

      - name: Check for secrets
        run: |
          echo "Checking for hardcoded secrets..."
          matches=$(grep -r "password\|secret\|api_key" --include="*.sh" . \
            | grep -v "# \|test" \
            | grep -v -E "lib/core/sudo\.sh|lib/core/app_protection\.sh|lib/clean/user\.sh|lib/clean/brew\.sh" || true)
          if [[ -n "$matches" ]]; then
            echo "$matches"
            echo "✗ Potential secrets found"
            exit 1
          fi
          echo "✓ No secrets found"