name: Validate Python Project

on:
  pull_request:
    branches: [main, develop]
  push:
    branches: [main, develop]
  workflow_dispatch:
  schedule:
    - cron: '0 6 * * *'

jobs:
  validate:
    name: Validate Python Project
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout project
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Checkout MokoStandards
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          repository: mokoshalb/MokoStandards
          path: .mokostandards
          ref: main

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          cache: 'pip'

      - name: Setup PHP
        run: |
          php -v && composer --version

      - name: Install MokoStandards dependencies
        working-directory: .mokostandards
        run: composer install --prefer-dist --no-progress

      - name: Run Python validation
        id: validate
        run: |
          php .mokostandards/api/plugin_validate.php \
            --project-path . \
            --project-type python \
            --json > validation-results.json
          
          cat validation-results.json
          
          if jq -e '.valid == false' validation-results.json > /dev/null; then
            echo "::error::Project validation failed"
            exit 1
          fi

      - name: Run health check
        id: health
        run: |
          php .mokostandards/api/plugin_health_check.php \
            --project-path . \
            --project-type python \
            --json > health-results.json
          
          cat health-results.json
          
          SCORE=$(jq -r '.score' health-results.json)
          echo "Health Score: $SCORE/100"

      - name: Collect metrics
        id: metrics
        run: |
          php .mokostandards/api/plugin_metrics.php \
            --project-path . \
            --project-type python \
            --json > metrics-results.json
          
          cat metrics-results.json

      - name: Check release readiness
        id: readiness
        if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
        run: |
          php .mokostandards/api/plugin_readiness.php \
            --project-path . \
            --project-type python \
            --json > readiness-results.json
          
          cat readiness-results.json

      - name: Check for security vulnerabilities
        continue-on-error: true
        run: |
          pip install safety
          safety check --json > safety-report.json || true
          cat safety-report.json

      - name: Upload validation artifacts
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: python-validation-results
          path: |
            validation-results.json
            health-results.json
            metrics-results.json
            readiness-results.json
            safety-report.json
          retention-days: 30