name: Deploy QA

on:
  push:
    branches:
      - dev

env:
  REGISTRY_URL: ${{ vars.REGISTRY_URL }}
  IMAGE_NAME: ${{ vars.IMAGE_NAME }}
  APP_ENV: qa

jobs:
  build-and-push:
    name: Build and Push
    runs-on: ubuntu-latest
    outputs:
      image_tag: ${{ steps.meta.outputs.image_tag }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Gitea Registry
        run: |
          set -euo pipefail
          echo "${{ secrets.TOKEN }}" | docker login $REGISTRY_URL -u ${{ gitea.actor }} --password-stdin

      - name: Build and push
        id: meta
        run: |
          set -euo pipefail
          SHA_TAG="${{ gitea.sha }}"
          QA_TAG="qa-latest"
          BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")

          docker buildx build \
            --push \
            --build-arg APP_VERSION=dev-${SHA_TAG} \
            --build-arg BUILD_DATE=${BUILD_DATE} \
            --build-arg GIT_COMMIT=${SHA_TAG} \
            --build-arg GIT_BRANCH=dev \
            -t ${REGISTRY_URL}/${IMAGE_NAME}:${QA_TAG} \
            -t ${REGISTRY_URL}/${IMAGE_NAME}:sha-${SHA_TAG} \
            .

          echo "image_tag=${QA_TAG}" >> $GITEA_OUTPUT
          echo "::notice::Image pushed: ${REGISTRY_URL}/${IMAGE_NAME}:${QA_TAG}"

  deploy:
    name: Deploy to QA
    runs-on: ubuntu-latest
    needs: build-and-push
    steps:
      - name: Deploy via SSH
        run: |
          set -euo pipefail
          IMAGE_TAG="${{ needs.build-and-push.outputs.image_tag }}"

          eval $(ssh-agent -s)
          echo "${{ secrets.DEPLOY_SSH_KEY }}" | ssh-add -

          mkdir -p ~/.ssh
          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null

          # 1. Pasamos las variables como argumentos en el mismo orden
          ssh ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} bash -s \
            "${{ env.REGISTRY_URL }}" \
            "${{ env.IMAGE_NAME }}" \
            "${IMAGE_TAG}" \
            "${{ gitea.sha }}" \
            "${{ gitea.actor }}" \
            "${{ gitea.run_id }}" \
            "${{ secrets.TOKEN }}" << 'EOF'
            set -euo pipefail
            
            # 2. Las recibimos dentro de la sesión remota
            REGISTRY_URL=$1
            IMAGE_NAME=$2
            IMAGE_TAG=$3
            GIT_SHA=$4
            GITEA_ACTOR=$5
            BUILD_NUMBER=$6
            TOKEN=$7
            
            # Variables locales del script
            GIT_BRANCH="dev"
            BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
            
            echo "Pulling image..."
            echo "$TOKEN" | docker login $REGISTRY_URL -u $GITEA_ACTOR --password-stdin
            docker pull $REGISTRY_URL/$IMAGE_NAME:$IMAGE_TAG
            
            echo "Stopping existing container..."
            docker stop cicd-qa 2>/dev/null || true
            docker rm cicd-qa 2>/dev/null || true
            
            echo "Starting new container..."
            docker run -d --name cicd-qa --restart unless-stopped -p 8081:80 \
              -e APP_ENV=qa \
              -e APP_VERSION=dev-${GIT_SHA} \
              -e GIT_COMMIT=${GIT_SHA} \
              -e GIT_BRANCH=${GIT_BRANCH} \
              -e BUILD_DATE=${BUILD_DATE} \
              -e DEPLOY_TIME=${BUILD_DATE} \
              -e BUILD_NUMBER=${BUILD_NUMBER} \
              $REGISTRY_URL/$IMAGE_NAME:$IMAGE_TAG
              
            echo "Waiting for health check..."
            for i in $(seq 1 12); do
              if curl -sf http://localhost:8081/health > /dev/null 2>&1; then
                echo "::notice::QA deployment healthy"
                exit 0
              fi
              sleep 5
            done
            echo "::error::QA health check failed"
            exit 1
          EOF