name: Scheduled Maintenance

on:
  schedule:
    - cron: '0 9 * * 1'  # Weekly Monday 9am UTC
  workflow_dispatch:

permissions:
  contents: read
  issues: write
  pull-requests: write

jobs:
  dependency-check:
    name: Check Dependencies
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20.x'
      - name: Check for outdated packages
        run: npm outdated || true

  security-audit:
    name: Security Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20.x'
      - name: Run security audit
        run: |
          if [ -f package-lock.json ]; then
            npm ci
            npm audit --audit-level=high
          else
            echo "No package-lock.json found; skipping npm audit"
          fi

  stale:
    name: Stale Issues/PRs
    runs-on: ubuntu-latest
    steps:
      - uses: actions/stale@v9
        with:
          stale-issue-message: 'This issue is stale due to inactivity.'
          stale-pr-message: 'This PR is stale due to inactivity.'
          days-before-stale: 30
          days-before-close: 7