name: SonarQube

on:
  schedule:
    - cron: '0 2 * * *'
  workflow_dispatch:

jobs:
  sonarqube:
    runs-on: ubuntu-latest
    container:
      image: gitea.siegeln.net/cameleer/cameleer-build:1
      credentials:
        username: cameleer
        password: ${{ secrets.REGISTRY_TOKEN }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure Gitea Maven Registry
        run: |
          mkdir -p ~/.m2
          cat > ~/.m2/settings.xml << 'SETTINGS'
          <settings>
            <servers>
              <server>
                <id>gitea</id>
                <username>cameleer</username>
                <password>${env.REGISTRY_TOKEN}</password>
              </server>
            </servers>
          </settings>
          SETTINGS
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}

      - name: Cache Maven dependencies
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-maven-

      - name: Build and Test Java
        run: mvn clean verify -DskipITs -U --batch-mode

      - name: Install UI dependencies
        working-directory: ui
        run: |
          echo '//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}' >> .npmrc
          npm ci
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}

      - name: Lint UI
        working-directory: ui
        run: npm run lint -- --format json --output-file eslint-report.json || true

      - name: Install sonar-scanner
        run: |
          SONAR_SCANNER_VERSION=6.2.1.4610
          ARCH=$(uname -m)
          case "$ARCH" in
            aarch64|arm64) PLATFORM="linux-aarch64" ;;
            *)             PLATFORM="linux-x64" ;;
          esac
          curl -sSLo sonar-scanner.zip "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-${PLATFORM}.zip"
          jar xf sonar-scanner.zip
          chmod +x "sonar-scanner-${SONAR_SCANNER_VERSION}-${PLATFORM}/bin/sonar-scanner"
          ln -s "$(pwd)/sonar-scanner-${SONAR_SCANNER_VERSION}-${PLATFORM}/bin/sonar-scanner" /usr/local/bin/sonar-scanner

      - name: SonarQube Analysis
        run: |
          # Derive JAVA_HOME from jar binary (java may not be on PATH directly)
          if [ -z "$JAVA_HOME" ]; then
            JAR_PATH=$(readlink -f $(which jar) 2>/dev/null || find / -name jar -type f 2>/dev/null | head -1)
            export JAVA_HOME=$(dirname $(dirname "$JAR_PATH"))
          fi
          export PATH="$JAVA_HOME/bin:$PATH"
          echo "JAVA_HOME=$JAVA_HOME"
          java -version
          sonar-scanner \
            -Dsonar.host.url="$SONAR_HOST_URL" \
            -Dsonar.token="$SONAR_TOKEN" \
            -Dsonar.projectKey=cameleer3-server \
            -Dsonar.projectName="Cameleer3 Server" \
            -Dsonar.sources=cameleer3-server-core/src/main/java,cameleer3-server-app/src/main/java,ui/src \
            -Dsonar.tests=cameleer3-server-core/src/test/java,cameleer3-server-app/src/test/java \
            -Dsonar.java.binaries=cameleer3-server-core/target/classes,cameleer3-server-app/target/classes \
            -Dsonar.java.test.binaries=cameleer3-server-core/target/test-classes,cameleer3-server-app/target/test-classes \
            -Dsonar.java.libraries="$HOME/.m2/repository/**/*.jar" \
            -Dsonar.typescript.eslint.reportPaths=ui/eslint-report.json \
            -Dsonar.eslint.reportPaths=ui/eslint-report.json \
            -Dsonar.exclusions="ui/node_modules/**,ui/dist/**,**/target/**"
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}