name: deploy-socialize

on:
  push:
    branches:
      - main

jobs:
  image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Docker CLI
        run: apt-get update && apt-get install -y docker.io
      - name: Login to Gitea container registry
        env:
          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
        run: printf '%s' "$REGISTRY_PASSWORD" | docker login git.mapachotes.com -u "$REGISTRY_USER" --password-stdin
      - name: Build images
        run: |
          docker build \
            -t git.mapachotes.com/jbourdon/socialize-api:${{ gitea.sha }} \
            -t git.mapachotes.com/jbourdon/socialize-api:latest \
            -f backend/src/Socialize.Api/Dockerfile .
          docker build \
            --build-arg VITE_API_URL=/ \
            -t git.mapachotes.com/jbourdon/socialize-web:${{ gitea.sha }} \
            -t git.mapachotes.com/jbourdon/socialize-web:latest \
            -f frontend/Dockerfile .
      - name: Push images
        run: |
          docker push git.mapachotes.com/jbourdon/socialize-api:${{ gitea.sha }}
          docker push git.mapachotes.com/jbourdon/socialize-api:latest
          docker push git.mapachotes.com/jbourdon/socialize-web:${{ gitea.sha }}
          docker push git.mapachotes.com/jbourdon/socialize-web:latest

  deploy:
    needs: image
    runs-on: bookworm
    steps:
      - name: Install SSH client
        run: apt-get update && apt-get install -y openssh-client
      - name: Deploy on sobina
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_SSH_PRIVATE_KEY_B64: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY_B64 }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          SOCIALIZE_IMAGE_TAG: ${{ gitea.sha }}
        run: |
          : "${POSTGRES_PASSWORD:?POSTGRES_PASSWORD secret is required}"
          : "${SOCIALIZE_IMAGE_TAG:?SOCIALIZE_IMAGE_TAG is required}"

          mkdir -p ~/.ssh
          printf '%s' "$DEPLOY_SSH_PRIVATE_KEY_B64" | base64 -d > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key

          write_env_value() {
            key="$1"
            value="$2"
            escaped_value="$(printf '%s' "$value" | sed "s/'/'\\\\''/g")"
            printf "%s='%s'\n" "$key" "$escaped_value"
          }

          deploy_env="$(mktemp)"
          {
            write_env_value POSTGRES_USER sa
            write_env_value POSTGRES_PASSWORD "$POSTGRES_PASSWORD"
            write_env_value POSTGRES_DB socialize
            write_env_value ASPNETCORE_ENVIRONMENT Production
            write_env_value SOCIALIZE_IMAGE_TAG "$SOCIALIZE_IMAGE_TAG"
          } > "$deploy_env"

          scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$deploy_env" "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/.env"
          rm -f "$deploy_env"

          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$DEPLOY_USER@$DEPLOY_HOST" \
            'cd /srv/prod/socialize && ./deploy.sh'