name: Deploy

on:
  workflow_call:
    inputs:
      environmentName:
        required: true
        type: string

permissions:
  id-token: write
  contents: read

jobs:
  
  validate:
     runs-on: ubuntu-latest
     environment: ${{ inputs.environmentName }}

     steps: 

     - uses: actions/checkout@v3
       name: Checkout code

     - uses: azure/login@v1
       name: Login to Azure
       with:
         client-id: ${{ vars.AZURE_CLIENT_ID }}
         tenant-id: ${{ vars.AZURE_TENANT_ID }}
         subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}

     - if: inputs.environmentName == 'Development'
       uses: azure/arm-deploy@v1
       name: Run preflight validation
       with:
         deploymentName: ${{ github.run_number }}
         resourceGroupName: ${{ vars.AZURE_RESOURCE_GROUP_NAME }}
         template: ./.azure/bicep/main.bicep
         parameters: >
           environmentName=${{ inputs.environmentName }}
           sqlAdministratorUsername=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }}
           sqlAdministratorPassword=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }}
           projectName=${{ vars.PROJECT_NAME }}
         deploymentMode: Validate

     - if: inputs.environmentName != 'Development'
       uses: azure/arm-deploy@v1
       name: Run what-if
       with:
         failOnStdErr: false
         resourceGroupName: ${{ vars.AZURE_RESOURCE_GROUP_NAME }}
         template: ./.azure/bicep/main.bicep
         parameters: >
           environmentName=${{ inputs.environmentName }}
           sqlAdministratorUsername=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }}
           sqlAdministratorPassword=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }}
           projectName=${{ vars.PROJECT_NAME }}
         additionalArguments: --what-if
 
  deploy:
    needs: [ validate ]
    runs-on: ubuntu-latest
    environment: ${{ inputs.environmentName }}

    steps:

    - uses: actions/checkout@v3
      name: Checkout code

    - uses: actions/download-artifact@v3
      name: Download artifacts

    - name: Install .NET
      uses: actions/setup-dotnet@v3

    - uses: azure/login@v1
      name: Login to Azure
      with:
        client-id: ${{ vars.AZURE_CLIENT_ID }}
        tenant-id: ${{ vars.AZURE_TENANT_ID }}
        subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}

    - uses: azure/arm-deploy@v1
      id: deploy
      name: Deploy infrastructure
      with:
        failOnStdErr: false
        deploymentName: ${{ github.run_number }}
        resourceGroupName: ${{ vars.AZURE_RESOURCE_GROUP_NAME }}
        template: ./.azure/bicep/main.bicep
        parameters: >
           environmentName=${{ inputs.environmentName }}
           sqlAdministratorUsername=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }}
           sqlAdministratorPassword=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }}
           projectName=${{ vars.PROJECT_NAME }}

    - name: Initialise database
      run: |
        unzip -o ./efbundle/efbundle.zip
        echo '{ "ConnectionStrings": { "DefaultConnection": "" } }' > appsettings.json
        ./efbundle.exe --connection "Server=${{ steps.deploy.outputs.sqlServerFullyQualifiedDomainName }};Initial Catalog=${{ steps.deploy.outputs.sqlDatabaseName }};Persist Security Info=False;User ID=${{ vars.AZURE_SQL_ADMINISTRATOR_USERNAME }};Password=${{ secrets.AZURE_SQL_ADMINISTRATOR_PASSWORD }};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;" --verbose

    - uses: azure/webapps-deploy@v2
      name: Deploy website
      with:
        app-name: ${{ steps.deploy.outputs.appServiceAppName }}
        package: website/publish.zip