name: Deploy QA

on:
  push:
    branches:
      - dev

env:
  REGISTRY_URL: ${{ vars.REGISTRY_URL }}
  IMAGE_NAME: ${{ vars.IMAGE_NAME }}
  APP_ENV: qa

jobs:
  build-and-push:
    name: Build and Push
    runs-on: ubuntu-latest
    outputs:
      image_tag: ${{ steps.meta.outputs.image_tag }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Gitea Registry
        run: |
          set -euo pipefail
          echo "${{ secrets.TOKEN }}" | docker login $REGISTRY_URL -u ${{ gitea.actor }} --password-stdin

      - name: Build and push
        id: meta
        run: |
          set -euo pipefail
          SHA_TAG="${{ gitea.sha }}"
          QA_TAG="qa-latest"
          BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")

          docker buildx build \
            --push \
            --build-arg APP_VERSION=dev-${SHA_TAG} \
            --build-arg BUILD_DATE=${BUILD_DATE} \
            --build-arg GIT_COMMIT=${SHA_TAG} \
            --build-arg GIT_BRANCH=dev \
            -t ${REGISTRY_URL}/${IMAGE_NAME}:${QA_TAG} \
            -t ${REGISTRY_URL}/${IMAGE_NAME}:sha-${SHA_TAG} \
            .

          echo "image_tag=${QA_TAG}" >> $GITEA_OUTPUT
          echo "::notice::Image pushed: ${REGISTRY_URL}/${IMAGE_NAME}:${QA_TAG}"

  deploy:
    name: Deploy to QA
    runs-on: ubuntu-latest
    needs: build-and-push
    steps:
      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1.2.5
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          passphrase: ${{ secrets.DEPLOY_PASSPHRASE }}
          script: |
            set -euo pipefail

            echo "Pulling image..."
            echo "${{ secrets.TOKEN }}" | docker login ${{ env.REGISTRY_URL }} -u ${{ gitea.actor }} --password-stdin
            docker pull ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ needs.build-and-push.outputs.image_tag }}

            echo "Stopping existing container..."
            docker stop cicd-qa 2>/dev/null || true
            docker rm cicd-qa 2>/dev/null || true

            echo "Starting new container..."
            docker run -d \
              --name cicd-qa \
              --restart unless-stopped \
              -p 8081:80 \
              -e APP_ENV=qa \
              -e APP_VERSION=dev-${{ gitea.sha }} \
              -e GIT_COMMIT=${{ gitea.sha }} \
              -e GIT_BRANCH=dev \
              -e BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
              -e DEPLOY_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
              -e BUILD_NUMBER=${{ gitea.run_id }} \
              ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:${{ needs.build-and-push.outputs.image_tag }}

            echo "Waiting for health check..."
            for i in $(seq 1 12); do
              if curl -sf http://localhost:8081/health > /dev/null 2>&1; then
                echo "::notice::QA deployment healthy"
                exit 0
              fi
              sleep 5
            done

            echo "::error::QA health check failed"
            exit 1