name: security

on:
  push:
    branches:
      - develop
      - main
      - master
  pull_request:
    branches:
      - develop
      - main
      - master

jobs:
  audit:
    name: Dependency Audit
    runs-on: ubuntu-latest
    environment: Testing
    steps:
      - uses: actions/checkout@v6

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: '22'

      - name: Add Flux Credentials Loaded From ENV
        run: composer config http-basic.composer.fluxui.dev "${{ secrets.FLUX_USERNAME }}" "${{ secrets.FLUX_LICENSE_KEY }}"

      - name: Install PHP Dependencies
        run: composer install --no-interaction --prefer-dist --optimize-autoloader

      - name: Install Node Dependencies
        run: npm install

      - name: Composer Audit
        run: composer audit

      - name: NPM Audit
        run: npm audit --omit=dev

  phpstan:
    name: Static Analysis
    runs-on: ubuntu-latest
    environment: Testing
    steps:
      - uses: actions/checkout@v6

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'

      - name: Add Flux Credentials Loaded From ENV
        run: composer config http-basic.composer.fluxui.dev "${{ secrets.FLUX_USERNAME }}" "${{ secrets.FLUX_LICENSE_KEY }}"

      - name: Install Dependencies
        run: composer install --no-interaction --prefer-dist --optimize-autoloader

      - name: Run PHPStan
        run: vendor/bin/phpstan analyse --no-progress