name: MobSF Security Scan
on: [push]

jobs:
  mobsf-analysis:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: https://github.com/actions/checkout@v4

      - name: Run MobSF Scan
        run: |
          # Setup environment
          python3 -m venv .mobsf_venv
          source .mobsf_venv/bin/activate
          python3 -m pip install mobsfscan --quiet

          # ---------------------------------------------------------
          # ENFORCEMENT STRENGTH (Uncomment only ONE line)
          # ---------------------------------------------------------
          
          # STRENGTH: LOG ONLY (Always green build, artifact if bugs found)
          mobsfscan --html --output report.html app/src/main || true
          
          # STRENGTH: STRICT (Red build if ANY Warning/Error found)
          # mobsfscan --html --output report.html app/src/main

          # STRENGTH: CRITICAL ONLY (Red build only on High/Error severity)
          # mobsfscan --html --output report.html --error-level ERROR app/src/main
          # ---------------------------------------------------------

      - name: Upload Report to Gitea
        # if-no-files-found: ignore ensures NO artifact is created if scan is clean
        uses: https://gitea.com/actions/upload-artifact@v3
        with:
          name: MobSF-Security-Report
          path: report.html
          if-no-files-found: ignore
          # THE SETTING BELOW CONTROLS DELETION
          retention-days: 7