name: Dependency Check

on:
  schedule:
    # Run weekly on Sundays at 2 AM UTC
    - cron: '0 2 * * 0'
  workflow_dispatch:

jobs:
  dependency-scan:
    name: Dependency Security Scan
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: "3.11"

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install safety pip-audit

    - name: Check for known vulnerabilities
      run: |
        echo "🔍 Scanning dependencies for known vulnerabilities..."
        safety check --json --output safety-report.json || true
        pip-audit --format=json --output=pip-audit-report.json || true

    - name: Generate dependency report
      run: |
        echo "📊 Generating dependency report..."
        pip list --format=json > pip-list.json
        
        echo "## 🔒 Security Scan Results" >> $GITHUB_STEP_SUMMARY
        echo "- Safety scan completed" >> $GITHUB_STEP_SUMMARY
        echo "- Pip-audit scan completed" >> $GITHUB_STEP_SUMMARY
        echo "- Reports generated in artifacts" >> $GITHUB_STEP_SUMMARY

    - name: Upload reports
      uses: actions/upload-artifact@v3
      with:
        name: dependency-reports
        path: |
          safety-report.json
          pip-audit-report.json
          pip-list.json
        retention-days: 30