name: Code Analysis (JS/Vue)

on:
  pull_request:
  push:
    branches: [ main ]

jobs:
  analyze:
    runs-on: gitea
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Show versions
        run: |
          node -v || true
          npm -v || true

      # Install
      - name: Install dependencies
        run: npm ci

      # 1) Linting / Code-Qualität
      - name: Lint
        run: npm run lint

      # Tests (optional aber sehr sinnvoll)
      - name: Unit tests
        run: npm test

      # Optional: Build check (Vue/Vite/Nuxt)
      - name: Build
        run: npm run build --if-present

      # 2) SAST / Security: Semgrep (ohne Docker, via pip)
      - name: Semgrep (SAST)
        run: |
          python3 -m pip install --user --upgrade pip semgrep
          ~/.local/bin/semgrep --config p/default --error