name: CI-CD

on:
  pull_request:
  push:
    branches: [main]
  workflow_dispatch:

concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true

env:
  PYTHON_VERSION: "3.11"
  IMAGE_NAME: fraud-detection-api

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}

      - name: Set up uv
        uses: astral-sh/setup-uv@v5

      - name: Install dependencies
        run: |
          uv pip install --system -r requirements.txt

      - name: Run tests
        run: python -m pytest

  build-image:
    runs-on: ubuntu-latest
    needs: test
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build Docker image
        run: docker build -t $IMAGE_NAME:${{ github.sha }} .

      - name: Smoke check image metadata
        run: docker image inspect $IMAGE_NAME:${{ github.sha }}

  deploy:
    runs-on: ubuntu-latest
    needs: build-image
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    steps:
      - name: Trigger deployment webhook (if configured)
        run: |
          if [ -z "$DEPLOY_WEBHOOK_URL" ]; then
            echo "DEPLOY_WEBHOOK_URL secret is not set; skipping deploy trigger."
            exit 0
          fi
          curl -fsS -X POST "$DEPLOY_WEBHOOK_URL"
        env:
          DEPLOY_WEBHOOK_URL: ${{ secrets.DEPLOY_WEBHOOK_URL }}