name: Production Deployment

on:
  push:
    branches:
      - main
      - refactored

jobs:
  build:
    name: Build and Push Docker Image
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: git.nciphered.com
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Push Image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            git.nciphered.com/${{ github.repository }}:latest
            git.nciphered.com/${{ github.repository }}:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  deploy-droplet:
    name: Deploy to DigitalOcean Droplet
    needs: build
    runs-on: ubuntu-latest
    if: ${{ secrets.DEPLOY_TARGET == 'droplet' }}
    steps:
      - name: Executing remote SSH commands to deploy
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.DROPLET_HOST }}
          username: ${{ secrets.DROPLET_USER }}
          key: ${{ secrets.DROPLET_SSH_KEY }}
          script: |
            # Authenticate with Gitea registry on Droplet
            docker login -u "${{ github.actor }}" -p "${{ secrets.GITHUB_TOKEN }}" git.nciphered.com
            
            # Pull latest image
            docker pull git.nciphered.com/${{ github.repository }}:latest
            
            # Stop existing container
            docker rm -f ${{ secrets.APP_CONTAINER_NAME }} || true
            
            # Run container with user-defined docker flags (e.g., --network, -p)
            docker run -d \
              --name ${{ secrets.APP_CONTAINER_NAME }} \
              ${{ secrets.DOCKER_RUN_FLAGS }} \
              -e DATABASE_URL="${{ secrets.DATABASE_URL_DROPLET }}" \
              -e DATABASE_NAME="${{ secrets.DATABASE_NAME }}" \
              -e JWT_SECRET="${{ secrets.JWT_SECRET }}" \
              -e HOST="0.0.0.0" \
              -e PORT="${{ secrets.APP_PORT }}" \
              --restart unless-stopped \
              git.nciphered.com/${{ github.repository }}:latest


  deploy-cloudrun:
    name: Deploy to Google Cloud Run
    needs: build
    runs-on: ubuntu-latest
    if: ${{ secrets.DEPLOY_TARGET == 'cloudrun' }}
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Authenticate with Google Cloud
        uses: google-github-actions/auth@v2
        with:
          credentials_json: ${{ secrets.GCP_SA_KEY }}

      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v2

      - name: Configure Docker Authentication
        run: |
          gcloud auth configure-docker asia-southeast1-docker.pkg.dev --quiet

      - name: Tag and Push Image to Artifact Registry
        run: |
          # Build/Tag for Google Artifact Registry
          docker tag git.nciphered.com/${{ github.repository }}:latest asia-southeast1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/stick/app:latest
          docker push asia-southeast1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/stick/app:latest

      - name: Deploy to Google Cloud Run
        uses: google-github-actions/deploy-cloudrun@v2
        with:
          service: stick-app
          image: asia-southeast1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/stick/app:latest
          region: asia-southeast1
          env_vars: |
            DATABASE_URL=${{ secrets.DATABASE_URL_CLOUDRUN }}
            DATABASE_NAME=${{ secrets.DATABASE_NAME }}
            JWT_SECRET=${{ secrets.JWT_SECRET }}
            HOST=0.0.0.0
            PORT=3007