name: audit
on:
  workflow_call:
  push:
    branches-ignore:
      - main
    paths:
      - "projects/backend/**"
      - ".github/workflows/backend/**"
  pull_request:
    branches-ignore:
      - main
    paths:
      - "projects/backend/**"
      - ".github/workflows/backend/**"
defaults:
  run:
    working-directory: projects/backend
jobs:
  audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: 8.4
          tools: composer:v2

      - name: Setup cache
        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV

      - name: Cache dependencies installed with composer
        uses: actions/cache@v4
        with:
          path: ${{ env.COMPOSER_CACHE_DIR }}
          key: php8.3-composer-${{ hashFiles('projects/backend/composer.lock') }}
          restore-keys: |
            php8.3-composer-latest-
      - name: Update composer
        run: composer self-update

      - name: Install dependencies with composer
        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi

      - name: Security Audit with composer
        run: composer audit
        continue-on-error: true