# Gitea Actions：需开启 Actions 并注册 act_runner。
# Runner 建议：GITEA_RUNNER_LABELS=ubuntu-latest:docker://node:22-bookworm（Job 内自带 Node，避免 setup-node 重复下载）
# 需挂载 /var/run/docker.sock。
#
# 说明：NODEJS_ORG_MIRROR 在 act_runner 中常被忽略/不生效；用镜像自带 Node 即可绕过。
#
# 部署（推送到 main/master 时）：在仓库「工作流 → 密钥」中配置
#   SSH_PRIVATE_KEY  DEPLOY_HOST  DEPLOY_USER  DEPLOY_PATH
# DEPLOY_PATH 为站点父目录；实际发布目录为 ${DEPLOY_PATH}/chat.alboped.com（与 Nginx root 一致）。
# 使用 tar|ssh 推送，远端无需安装 rsync（rsync 会要求在服务器上也存在 rsync 命令）。

name: CI

on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]

concurrency:
  group: ci-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      # 使用 Job 镜像（node:22-bookworm）自带的 Node，不再使用 actions/setup-node，避免重复下载 Node
      - name: Setup Yarn
        run: |
          corepack enable
          corepack prepare yarn@1.22.22 --activate
          echo "node -v: $(node -v); yarn -v: $(yarn -v)"
          echo "yarn config get registry: $(yarn config get registry)"

      - name: Cache Yarn
        uses: actions/cache@v4
        with:
          path: ~/.cache/yarn
          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: Install
        run: yarn install --frozen-lockfile

      - name: Prettier check
        run: yarn format:check

      - name: ESLint
        run: yarn lint

      - name: Build
        run: yarn build

      # 仅需 SSH 客户端；直连 deb.debian.org 在国内 Runner 上常极慢，换镜像并限制超时
      - name: Install OpenSSH client
        if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
        run: |
          set -e
          export DEBIAN_FRONTEND=noninteractive
          shopt -s nullglob
          for f in /etc/apt/sources.list /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list.d/*.sources /etc/apt/sources.list.d/*.list; do
            [ -f "$f" ] || continue
            sed -i \
              -e 's/deb.debian.org/mirrors.aliyun.com/g' \
              -e 's/security.debian.org/mirrors.aliyun.com/g' \
              "$f"
          done
          apt-get -o Acquire::http::Timeout=30 -o Acquire::https::Timeout=30 -o Acquire::Retries=2 update
          apt-get install -y --no-install-recommends openssh-client

      - name: Deploy to Nginx (tar over SSH)
        if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          DEPLOY_HOST: ${{ vars.DEPLOY_HOST }}
          DEPLOY_USER: ${{ vars.DEPLOY_USER }}
          DEPLOY_PATH: ${{ vars.DEPLOY_PATH }}
        run: |
          set -e
          : "${DEPLOY_PATH:?DEPLOY_PATH is not set}"
          REMOTE_ROOT="${DEPLOY_PATH}/chat.alboped.com"
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_deploy
          chmod 600 ~/.ssh/id_deploy
          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts
          SSH=(ssh -i ~/.ssh/id_deploy -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes)
          # 清空发布目录再解压，效果类似 rsync --delete；远端只需 tar，无需 rsync
          "${SSH[@]}" "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p '${REMOTE_ROOT}' && find '${REMOTE_ROOT}' -mindepth 1 -delete"
          tar czf - -C dist . | "${SSH[@]}" "${DEPLOY_USER}@${DEPLOY_HOST}" "tar xzf - -C '${REMOTE_ROOT}'"