name: Deploy (Dev)

on:
  repository_dispatch:
    types:
      - dev-build-success
  workflow_dispatch:

env:
  BINARY_NAME: server
  DEV_HOST: ${{ secrets.DEV_HOST }}
  DEV_USER: ${{ secrets.DEV_USER }}
  DEPLOY_BINARY_PATH: /opt/control-center/server
  DEPLOY_FRONTEND_PATH: /usr/share/nginx/html
  SERVICE_NAME: control-center-server
  FRONTEND_SERVICE: nginx

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Download Go binary
        uses: actions/download-artifact@v4
        with:
          name: go-backend-binary

      - name: Download frontend dist
        uses: actions/download-artifact@v4
        with:
          name: frontend-dist
          path: dist

      - name: Make binary executable
        run: chmod +x ${{ env.BINARY_NAME }}

      - name: Generate deploy script
        run: |
          cat > deploy.sh <<'SCRIPT'
          #!/usr/bin/env bash
          set -euo pipefail

          BINARY="${1}"
          FRONTEND_DIST="${2:-dist}"
          BINARY_PATH="${3:-/opt/control-center/server}"
          FRONTEND_PATH="${4:-/usr/share/nginx/html}"
          BINARY_SERVICE="${5:-control-center-server}"
          FRONTEND_SERVICE="${6:-nginx}"

          TIMESTAMP=$(date +%Y%m%d%H%M%S)
          BACKUP="${BINARY_PATH}.${TIMESTAMP}.bak"

          echo "=== deploy backend ==="

          if [ -f "$BINARY_PATH" ]; then
            echo "backing up current binary"
            cp "$BINARY_PATH" "$BACKUP"
          fi

          echo "installing new binary"
          cp "$BINARY" "$BINARY_PATH"
          chmod +x "$BINARY_PATH"

          echo "restarting service"
          systemctl reload-or-restart "$BINARY_SERVICE" || systemctl restart "$BINARY_SERVICE"

          sleep 3

          if ! systemctl is-active --quiet "$BINARY_SERVICE"; then
            echo "FAILED: $BINARY_SERVICE did not start — rolling back"
            if [ -f "$BACKUP" ]; then
              cp "$BACKUP" "$BINARY_PATH"
              systemctl restart "$BINARY_SERVICE"
            fi
            exit 1
          fi

          echo "backend deploy ok — keeping last 3 backups"
          ls -t "${BINARY_PATH}."*.bak 2>/dev/null | tail -n +4 | xargs -r rm -f

          echo "=== deploy frontend ==="
          if [ -d "$FRONTEND_DIST" ] && [ -n "$(ls -A "$FRONTEND_DIST" 2>/dev/null)" ]; then
            rsync -a --delete "$FRONTEND_DIST/" "$FRONTEND_PATH/"
            systemctl reload "$FRONTEND_SERVICE" 2>/dev/null ||:
            echo "frontend deploy ok"
          fi

          echo "=== deploy complete ==="
          SCRIPT
          chmod +x deploy.sh

      - name: Copy artifacts to dev server
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ env.DEV_HOST }}
          username: ${{ env.DEV_USER }}
          key: ${{ secrets.DEV_SSH_KEY }}
          source: "${{ env.BINARY_NAME }},deploy.sh,dist"
          target: "/tmp/control-center-deploy"

      - name: Execute deploy on dev server
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ env.DEV_HOST }}
          username: ${{ env.DEV_USER }}
          key: ${{ secrets.DEV_SSH_KEY }}
          script: |
            set -euo pipefail
            cd /tmp/control-center-deploy
            sudo ./deploy.sh \
              "${{ env.BINARY_NAME }}" \
              "dist" \
              "${{ env.DEPLOY_BINARY_PATH }}" \
              "${{ env.DEPLOY_FRONTEND_PATH }}" \
              "${{ env.SERVICE_NAME }}" \
              "${{ env.FRONTEND_SERVICE }}"
            rm -rf /tmp/control-center-deploy

      - name: Notify on failure
        if: failure()
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ env.DEV_HOST }}
          username: ${{ env.DEV_USER }}
          key: ${{ secrets.DEV_SSH_KEY }}
          script: |
            echo "deploy failed — commit ${{ github.sha }}" > /tmp/control-center-deploy-failure.log