name: Offline E2E Tests

on:
  pull_request:
    paths:
      - 'src/AirGap/**'
      - 'src/Scanner/**'
      - 'tests/offline/**'
  schedule:
    - cron: '0 4 * * *'  # Nightly at 4 AM UTC
  workflow_dispatch:

env:
  STELLAOPS_OFFLINE_MODE: 'true'
  DOTNET_VERSION: '10.0.100'

jobs:
  offline-e2e:
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: ${{ env.DOTNET_VERSION }}

      - name: Cache NuGet packages
        uses: actions/cache@v3
        with:
          path: ~/.nuget/packages
          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
          restore-keys: |
            ${{ runner.os }}-nuget-

      - name: Download offline bundle
        run: |
          # In real scenario, bundle would be pre-built and cached
          # For now, create minimal fixture structure
          mkdir -p ./offline-bundle/{images,feeds,policies,keys,certs,vex}
          echo '{}' > ./offline-bundle/manifest.json

      - name: Build in isolated environment
        run: |
          # Build offline test library
          dotnet build src/__Libraries/StellaOps.Testing.AirGap/StellaOps.Testing.AirGap.csproj

          # Build offline E2E tests
          dotnet build tests/offline/StellaOps.Offline.E2E.Tests/StellaOps.Offline.E2E.Tests.csproj

      - name: Run offline E2E tests with network isolation
        run: |
          # Set offline bundle path
          export STELLAOPS_OFFLINE_BUNDLE=$(pwd)/offline-bundle

          # Run tests
          dotnet test tests/offline/StellaOps.Offline.E2E.Tests \
            --logger "trx;LogFileName=offline-e2e.trx" \
            --logger "console;verbosity=detailed" \
            --results-directory ./results

      - name: Verify no network calls
        if: always()
        run: |
          # Parse test output for any NetworkIsolationViolationException
          if [ -f "./results/offline-e2e.trx" ]; then
            if grep -q "NetworkIsolationViolation" ./results/offline-e2e.trx; then
              echo "::error::Tests attempted network calls in offline mode!"
              exit 1
            else
              echo "✅ No network isolation violations detected"
            fi
          fi

      - name: Upload results
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: offline-e2e-results
          path: ./results/

  verify-isolation:
    runs-on: ubuntu-22.04
    needs: offline-e2e
    if: always()

    steps:
      - name: Download results
        uses: actions/download-artifact@v4
        with:
          name: offline-e2e-results
          path: ./results

      - name: Generate summary
        run: |
          echo "## Offline E2E Test Summary" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY

          if [ -f "./results/offline-e2e.trx" ]; then
            # Parse test results
            TOTAL=$(grep -o 'total="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
            PASSED=$(grep -o 'passed="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")
            FAILED=$(grep -o 'failed="[0-9]*"' ./results/offline-e2e.trx | cut -d'"' -f2 || echo "0")

            echo "| Metric | Value |" >> $GITHUB_STEP_SUMMARY
            echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
            echo "| Total Tests | ${TOTAL} |" >> $GITHUB_STEP_SUMMARY
            echo "| Passed | ${PASSED} |" >> $GITHUB_STEP_SUMMARY
            echo "| Failed | ${FAILED} |" >> $GITHUB_STEP_SUMMARY
            echo "" >> $GITHUB_STEP_SUMMARY

            if grep -q "NetworkIsolationViolation" ./results/offline-e2e.trx; then
              echo "❌ **Network isolation was violated**" >> $GITHUB_STEP_SUMMARY
            else
              echo "✅ **Network isolation verified - no egress detected**" >> $GITHUB_STEP_SUMMARY
            fi
          else
            echo "⚠️ No test results found" >> $GITHUB_STEP_SUMMARY
          fi