name: Deploy

on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4.3.1
        with:
          persist-credentials: false

      - name: Login to Gitea registry
        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.nerdboden.de -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin

      - name: Build and push API image
        run: |
          docker build --platform linux/amd64 \
            -t gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest \
            -f backend/Dockerfile.prod ./backend
          docker push gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest

      - name: Build and push frontend image
        run: |
          docker build --platform linux/amd64 \
            -t gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest \
            -f frontend/Dockerfile.prod ./frontend
          docker push gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest

      - name: Deploy to Unraid
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          SSH_CMD="ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@192.168.1.10"
          SCP_CMD="scp -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key"
          DEPLOY_DIR="/mnt/user/appdata/nuzlocke-tracker"

          $SCP_CMD docker-compose.prod.yml "root@192.168.1.10:${DEPLOY_DIR}/docker-compose.yml"
          $SCP_CMD backup.sh "root@192.168.1.10:${DEPLOY_DIR}/backup.sh"
          $SSH_CMD "chmod +x '${DEPLOY_DIR}/backup.sh'"
          $SSH_CMD "cd '${DEPLOY_DIR}' && docker compose pull && docker compose up -d"