# .gitea/workflows/flow.yml
# =============================================================
# serso — generic CI/CD flow
# Copy into any app repo as .gitea/workflows/flow.yml
# Adjust the env block (STACK_NAME, SERVICE_NAME, APP_DOMAIN) per app
# =============================================================

name: Build & Deploy

on:
  push:
    branches:
      - main
  workflow_dispatch:

env:
  # ─── Registry ─────────────────────────────────────────────
  REGISTRY: git.dev.serso.org
  IMAGE: ${{ github.repository }}          # → owner/reponame

  # ─── Per-app knobs (edit these) ───────────────────────────
  STACK_NAME: testwebsite                        # Swarm stack name
  SERVICE_NAME: testwebsite_web                  # {stack}_{service}
  APP_DOMAIN: testwebsite.dev.serso.org          # used only for logging

jobs:

  # ============================================================
  # 1. Build image + push to Gitea registry
  # ============================================================
  build:
    runs-on: ubuntu-latest
    outputs:
      image_tag: ${{ steps.meta.outputs.tag }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Compute tag
        id: meta
        run: echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT

      - name: Log in to Gitea registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
            docker login ${{ env.REGISTRY }} \
              --username "${{ secrets.REGISTRY_USER }}" \
              --password-stdin

      - name: Build image
        run: |
          docker build \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.meta.outputs.tag }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest \
            .

      - name: Push image
        run: |
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.meta.outputs.tag }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest

  # ============================================================
  # 2. Deploy to Swarm (rolling update)
  # ============================================================
  deploy:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Prepare SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null

      - name: Rolling deploy on Swarm
        run: |
          ssh -i ~/.ssh/deploy_key \
            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
            "docker service update \
              --image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \
              --with-registry-auth \
              --update-order start-first \
              --update-failure-action rollback \
              ${{ env.SERVICE_NAME }}"

      - name: Deployed 🎉
        run: |
          echo "App deployed at https://${{ env.APP_DOMAIN }}"
          echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }}"