name: Deploy Production

on:
  push:
    tags: ["v*"]
  workflow_dispatch:

jobs:
  deploy:
    if: ${{ github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/v') }}
    uses: platform/workflow/.gitea/workflows/reusable-prepare-workspace.yml@1.2
    secrets: inherit
    with:
      repo_url: "${{ github.server_url }}/${{ github.repository }}.git"
      git_sha: "${{ github.sha }}"
      node_major: "22"
      yarn_version: "stable"
      run_commands: |
        set -euo pipefail

        DEPLOY_HOST="${{ vars.DEPLOY_HOST }}"
        DEPLOY_PORT="${{ vars.DEPLOY_PORT }}"
        DEPLOY_USER="${{ vars.DEPLOY_USER }}"
        DEPLOY_PATH="${{ vars.DEPLOY_PATH }}"
        IMAGE_REPO="${{ vars.IMAGE_REPO }}"
        REGISTRY="${{ vars.REGISTRY }}"
        REGISTRY_USERNAME="${{ vars.REGISTRY_USERNAME }}"
        REGISTRY_PASSWORD="${{ vars.REGISTRY_PASSWORD }}"

        if ! command -v docker >/dev/null 2>&1; then
          apt-get update
          apt-get install -y docker.io
        fi

        mkdir -p ~/.ssh
        echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
        chmod 600 ~/.ssh/id_rsa
        ssh-keyscan -p "${DEPLOY_PORT:-22}" "${DEPLOY_HOST}" >> ~/.ssh/known_hosts

        if [[ "${GITHUB_REF:-}" == refs/tags/* ]]; then
          IMAGE_TAG="${GITHUB_REF_NAME}"
        else
          IMAGE_TAG="${GITHUB_SHA:0:12}"
        fi

        if [ -z "${REGISTRY}" ] || [ -z "${IMAGE_REPO}" ]; then
          echo "REGISTRY and IMAGE_REPO vars are required"
          exit 1
        fi

        echo "${REGISTRY_PASSWORD}" | docker login "${REGISTRY}" -u "${REGISTRY_USERNAME}" --password-stdin
        docker build -f deploy/docker/Dockerfile -t "${IMAGE_REPO}:${IMAGE_TAG}" .
        docker push "${IMAGE_REPO}:${IMAGE_TAG}"

        ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p \"${DEPLOY_PATH}/deploy/docker\""
        scp -P "${DEPLOY_PORT:-22}" deploy/docker/docker-compose.yml "${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}/deploy/docker/docker-compose.yml"

        ssh -p "${DEPLOY_PORT:-22}" "${DEPLOY_USER}@${DEPLOY_HOST}" <<EOF
        set -euo pipefail
        cd "${DEPLOY_PATH}"

        cat > deploy/docker/.env <<EOT
        ${{ secrets.DEPLOY_DOCKER_ENV }}
        IMAGE_REPO=${IMAGE_REPO}
        IMAGE_TAG=${IMAGE_TAG}
        EOT

        echo "${REGISTRY_PASSWORD}" | docker login "${REGISTRY}" -u "${REGISTRY_USERNAME}" --password-stdin
        docker compose -f deploy/docker/docker-compose.yml --env-file deploy/docker/.env pull app
        docker compose -f deploy/docker/docker-compose.yml --env-file deploy/docker/.env up -d app
        docker compose -f deploy/docker/docker-compose.yml ps
        curl -fsS "http://127.0.0.1:\${HOST_BIND_PORT:-3000}/api/docs" >/dev/null
        EOF