name: Update Dependencies

on:
  schedule:
    # Run every Monday at 9:00 AM UTC
    - cron: '0 9 * * 1'
  workflow_dispatch:

jobs:
  update-dependencies:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Install system dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 8

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Install cargo-edit
        run: cargo install cargo-edit

      - name: Update frontend dependencies
        run: |
          pnpm update --latest
          pnpm install

      - name: Update Rust dependencies
        run: |
          cargo update
        working-directory: src-tauri

      - name: Check if build still works
        run: |
          pnpm build
          cargo check --all-targets --all-features
        working-directory: src-tauri

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v5
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'chore: update dependencies'
          title: 'chore: update dependencies'
          body: |
            ## Automated Dependency Update
            
            This PR updates all dependencies to their latest versions.
            
            ### Changes
            - Updated frontend dependencies via `pnpm update --latest`
            - Updated Rust dependencies via `cargo update`
            
            ### Testing
            - ✅ Frontend build passes
            - ✅ Rust compilation check passes
            
            Please review the changes and run full tests before merging.
          branch: chore/update-dependencies
          delete-branch: true

  security-updates:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 8

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Install cargo-audit
        run: cargo install cargo-audit

      - name: Check for security vulnerabilities
        run: |
          echo "## Frontend Security Audit" >> security-report.md
          pnpm audit --audit-level moderate >> security-report.md || true
          
          echo "## Rust Security Audit" >> security-report.md
          cd src-tauri
          cargo audit >> ../security-report.md || true

      - name: Create security issue if vulnerabilities found
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const report = fs.readFileSync('security-report.md', 'utf8');
            
            if (report.includes('vulnerabilities') || report.includes('RUSTSEC')) {
              github.rest.issues.create({
                owner: context.repo.owner,
                repo: context.repo.repo,
                title: '🔒 Security vulnerabilities detected',
                body: `## Security Audit Report\n\n\`\`\`\n${report}\n\`\`\`\n\nPlease review and update the affected dependencies.`,
                labels: ['security', 'dependencies']
              });
            }