name: Scheduled Maintenance

on:
  schedule:
    # Run quarterly on first day of each quarter at 6 AM UTC
    - cron: '0 6 1 */3 *'
    # Run weekly on Sundays at 8 AM UTC
    - cron: '0 8 * * 0'
    # Run monthly on the 1st at 10 AM UTC
    - cron: '0 10 1 * *'

env:
  AWS_REGION: us-west-2
  S3_BUCKET: fredmlv1
  LAMBDA_FUNCTION: fred-ml-processor
  PYTHON_VERSION: '3.9'

jobs:
  # Quarterly Health Check
  quarterly-health-check:
    name: 🏥 Quarterly Health Check
    runs-on: ubuntu-latest
    if: github.event.schedule == '0 6 1 */3 *'
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Python ${{ env.PYTHON_VERSION }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ env.PYTHON_VERSION }}
        
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}
        
    - name: Check Lambda function status
      run: |
        echo "⚡ Checking Lambda function status..."
        aws lambda get-function --function-name ${{ env.LAMBDA_FUNCTION }} --region ${{ env.AWS_REGION }}
        
    - name: Check S3 bucket status
      run: |
        echo "📦 Checking S3 bucket status..."
        aws s3 ls s3://${{ env.S3_BUCKET }} --region ${{ env.AWS_REGION }}
        
    - name: Check EventBridge rules
      run: |
        echo "⏰ Checking EventBridge rules..."
        aws events list-rules --name-prefix "fred-ml" --region ${{ env.AWS_REGION }}
        
    - name: Run basic system test
      run: |
        echo "🧪 Running basic system test..."
        python scripts/test_complete_system.py --quick
      env:
        AWS_DEFAULT_REGION: ${{ env.AWS_REGION }}
        S3_BUCKET: ${{ env.S3_BUCKET }}
        LAMBDA_FUNCTION: ${{ env.LAMBDA_FUNCTION }}

  # Weekly Dependency Update Check
  weekly-dependencies:
    name: 📦 Weekly Dependency Check
    runs-on: ubuntu-latest
    if: github.event.schedule == '0 8 * * 0'
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Python ${{ env.PYTHON_VERSION }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ env.PYTHON_VERSION }}
        
    - name: Check for outdated packages
      run: |
        echo "📦 Checking for outdated packages..."
        pip install pip-check-updates
        pcu --version || echo "pip-check-updates not available"
        
    - name: Check for security vulnerabilities
      run: |
        echo "🔒 Checking for security vulnerabilities..."
        pip install safety
        safety check --json --output safety-report.json || true
        
    - name: Upload dependency report
      uses: actions/upload-artifact@v3
      with:
        name: dependency-report
        path: safety-report.json

  # Monthly Performance Test
  monthly-performance:
    name: ⚡ Monthly Performance Test
    runs-on: ubuntu-latest
    if: github.event.schedule == '0 10 1 * *'
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Python ${{ env.PYTHON_VERSION }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ env.PYTHON_VERSION }}
        
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}
        
    - name: Run performance tests
      run: |
        echo "⚡ Running performance tests..."
        python scripts/test_complete_system.py --performance
      env:
        AWS_DEFAULT_REGION: ${{ env.AWS_REGION }}
        S3_BUCKET: ${{ env.S3_BUCKET }}
        LAMBDA_FUNCTION: ${{ env.LAMBDA_FUNCTION }}
        
    - name: Generate performance report
      run: |
        echo "📊 Generating performance report..."
        echo "Performance test completed at $(date)" > performance-report.txt
        echo "Lambda function: ${{ env.LAMBDA_FUNCTION }}" >> performance-report.txt
        echo "S3 bucket: ${{ env.S3_BUCKET }}" >> performance-report.txt
        
    - name: Upload performance report
      uses: actions/upload-artifact@v3
      with:
        name: performance-report
        path: performance-report.txt

  # Cleanup Old Artifacts
  cleanup:
    name: 🧹 Cleanup Old Artifacts
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}
        
    - name: Clean up old S3 objects
      run: |
        echo "🧹 Cleaning up old S3 objects..."
        # Delete objects older than 90 days
        aws s3 ls s3://${{ env.S3_BUCKET }}/exports/ --recursive | \
        while read -r line; do
          createDate=$(echo $line | awk {'print $1'})
          createDate=$(date -d "$createDate" +%s)
          olderThan=$(date -d "-90 days" +%s)
          if [[ $createDate -lt $olderThan ]]; then
            fileName=$(echo $line | awk {'print $4'})
            if [[ $fileName != "" ]]; then
              aws s3 rm s3://${{ env.S3_BUCKET }}/exports/$fileName
              echo "Deleted: $fileName"
            fi
          fi
        done || echo "No old files to clean up"
        
    - name: Clean up old Lambda logs
      run: |
        echo "🧹 Cleaning up old Lambda logs..."
        # This is a placeholder - CloudWatch log cleanup would require additional setup
        echo "CloudWatch log cleanup requires additional IAM permissions"