name: Build & Deploy unom website
run-name: ${{ gitea.actor }} is deploying unom/website

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4.2.2

      - name: Set up Docker Buildx
        env:
          BUILDER: builder-unom-website
        run: |
          cat > /tmp/buildkitd.toml <<'EOF'
          [registry."docker.io"]
            mirrors = ["192.168.1.52:5000"]
          [registry."192.168.1.52:5000"]
            http = true
            insecure = true
          EOF
          docker buildx rm "$BUILDER" 2>/dev/null || true
          docker buildx create --name "$BUILDER" --use --bootstrap \
            --driver docker-container \
            --config /tmp/buildkitd.toml

      - name: Log in to Gitea registry
        env:
          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
        run: |
          printf '%s' "$REGISTRY_TOKEN" | docker login git.unom.io -u "$REGISTRY_USER" --password-stdin

      - name: Stage .npmrc with @unom registry auth
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
        run: |
          cat > /tmp/.npmrc <<EOF
          @unom:registry=https://git.unom.io/api/packages/unom/npm/
          //git.unom.io/api/packages/unom/npm/:_authToken=${REGISTRY_TOKEN}
          EOF

      - name: Build & push
        env:
          BUILDER: builder-unom-website
          IMAGE: git.unom.io/${{ gitea.repository }}
          SHA: ${{ gitea.sha }}
        run: |
          docker buildx build \
            --builder "$BUILDER" \
            --push \
            --file ./Dockerfile \
            --tag "$IMAGE:latest" \
            --tag "$IMAGE:$SHA" \
            --secret id=npmrc,src=/tmp/.npmrc \
            --cache-from "type=registry,ref=$IMAGE:cache" \
            --cache-to "type=registry,ref=$IMAGE:cache,mode=min" \
            .

      - name: Tear down builder
        if: always()
        env:
          BUILDER: builder-unom-website
        run: |
          docker buildx rm "$BUILDER" 2>/dev/null || true

  deploy:
    runs-on: ubuntu-24.04
    needs: build
    steps:
      - name: Pull and start web
        uses: appleboy/ssh-action@v1.2.5
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USER }}
          port: ${{ secrets.DEPLOY_PORT }}
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          script: |
            docker login git.unom.io -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }}
            cd ~/unom-website
            git fetch origin main
            git reset --hard origin/main
            docker compose -f compose.production.yml pull web
            docker compose -f compose.production.yml up -d --no-build web