1  name: Weekly Maintenance
 2  
 3  on:
 4    schedule:
 5      # Every Monday at 9:00 AM UTC
 6      - cron: '0 9 * * 1'
 7    workflow_dispatch: # Allow manual trigger
 8  
 9  jobs:
10    maintenance:
11      runs-on: ubuntu-latest
12  
13      steps:
14        - name: Checkout code
15          uses: actions/checkout@v4
16  
17        - name: Setup Node.js
18          uses: actions/setup-node@v4
19          with:
20            node-version: '20'
21            cache: 'npm'
22  
23        - name: Install dependencies
24          run: npm ci
25  
26        - name: Check for vulnerabilities
27          id: audit
28          run: |
29            npm audit --json > audit-report.json || true
30            echo "## Security Audit" >> $GITHUB_STEP_SUMMARY
31            npm audit || echo "Vulnerabilities found - review required" >> $GITHUB_STEP_SUMMARY
32  
33        - name: Check for outdated packages
34          id: outdated
35          run: |
36            npm outdated --json > outdated-report.json || true
37            echo "## Outdated Packages" >> $GITHUB_STEP_SUMMARY
38            npm outdated || echo "Some packages are outdated" >> $GITHUB_STEP_SUMMARY
39  
40        - name: Run unit tests
41          # E2E tests require Playwright + live external services (PayPal sandbox,
42          # production site) — run locally only, not in CI.
43          run: |
44            npm run test:unit
45            echo "## Test Results" >> $GITHUB_STEP_SUMMARY
46            echo "Unit tests completed successfully" >> $GITHUB_STEP_SUMMARY
47  
48        - name: Upload reports
49          uses: actions/upload-artifact@v4
50          if: always()
51          with:
52            name: maintenance-reports
53            path: |
54              audit-report.json
55              outdated-report.json
56  
57        - name: Create issue if problems found
58          if: failure()
59          uses: actions/github-script@v7
60          with:
61            script: |
62              github.rest.issues.create({
63                owner: context.repo.owner,
64                repo: context.repo.repo,
65                title: '⚠️ Weekly Maintenance Check Failed',
66                body: `The automated weekly maintenance check has detected issues that require attention.\n\n**Run Date:** ${new Date().toISOString()}\n\n**Action Required:** Review the [workflow run](${context.payload.repository.html_url}/actions/runs/${context.runId}) for details.\n\n**Common Issues:**\n- Security vulnerabilities requiring updates\n- Test failures\n- Outdated dependencies\n\nPlease review and address these issues.`,
67                labels: ['maintenance', 'automated']
68              })