name: Dependency Updates

on:
  schedule:
    # Run weekly on Mondays at 3 AM UTC
    - cron: '0 3 * * 1'
  workflow_dispatch:

jobs:
  update-dependencies:
    name: Update Dependencies
    runs-on: ubuntu-latest
    
    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
      
      - name: Update Backend Dependencies
        working-directory: ./backend
        run: |
          npm update
          npm audit fix || true
      
      - name: Update Frontend Dependencies
        working-directory: ./frontend
        run: |
          npm update
          npm audit fix || true
      
      - name: Check for changes
        id: check_changes
        run: |
          if [[ -n $(git status -s) ]]; then
            echo "changes=true" >> $GITHUB_OUTPUT
          else
            echo "changes=false" >> $GITHUB_OUTPUT
          fi
      
      - name: Create Pull Request
        if: steps.check_changes.outputs.changes == 'true'
        uses: peter-evans/create-pull-request@v5
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: 'chore: update dependencies'
          title: 'Automated Dependency Updates'
          body: |
            ## Automated Dependency Updates

            This PR contains automated dependency updates for both frontend and backend packages.

            ### What's included:
            - Updated npm dependencies to latest compatible versions
            - Applied security fixes from `npm audit`

            ### Checklist:
            - [ ] Review dependency changes
            - [ ] Run tests locally
            - [ ] Check for breaking changes in updated packages
            - [ ] Update any affected code if needed

            *This PR was automatically generated by the dependency update workflow.*
          branch: deps/automated-update-${{ github.run_number }}
          delete-branch: true