name: Deploy (Dev)

on:
  repository_dispatch:
    types:
      - dev-build-success
  workflow_dispatch:

env:
  BINARY_NAME: openclaw
  DEV_HOST: ${{ secrets.DEV_HOST }}
  DEV_USER: ${{ secrets.DEV_USER }}
  DEPLOY_PATH: /opt/openclaw/openclaw

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Download build artifact
        uses: actions/download-artifact@v4
        with:
          name: ${{ env.BINARY_NAME }}

      - name: Ensure binary is executable
        run: chmod +x ${{ env.BINARY_NAME }}

      - name: Write deploy script
        run: |
          cat > deploy.sh <<'SCRIPT'
          #!/usr/bin/env bash
          set -euo pipefail
          BINARY="${1:-openclaw}"
          DEPLOY_PATH="${2:-/opt/openclaw/openclaw}"
          SERVICE="${3:-openclaw}"
          TIMESTAMP=$(date +%Y%m%d%H%M%S)
          BACKUP="${DEPLOY_PATH}.${TIMESTAMP}.bak"

          echo "::backup:: copying current binary"
          if [ -f "$DEPLOY_PATH" ]; then
            cp "$DEPLOY_PATH" "$BACKUP"
          fi

          echo "::deploy:: installing new binary"
          cp "$BINARY" "$DEPLOY_PATH"
          chmod +x "$DEPLOY_PATH"

          echo "::restart:: reloading service"
          systemctl reload-or-restart "$SERVICE" || systemctl restart "$SERVICE"

          echo "::health:: waiting for service"
          sleep 3
          if systemctl is-active --quiet "$SERVICE"; then
            echo "deploy ok — ${SERVICE} is active"
          else
            echo "::rollback:: service failed, restoring backup"
            if [ -f "$BACKUP" ]; then
              cp "$BACKUP" "$DEPLOY_PATH"
              systemctl restart "$SERVICE"
            fi
            echo "rolled back to previous binary"
            exit 1
          fi

          echo "::cleanup:: removing old backups (keeping last 3)"
          ls -t "${DEPLOY_PATH}."*.bak 2>/dev/null | tail -n +4 | xargs -r rm -f
          SCRIPT
          chmod +x deploy.sh

      - name: Deploy to dev server
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ env.DEV_HOST }}
          username: ${{ env.DEV_USER }}
          key: ${{ secrets.DEV_SSH_KEY }}
          source: "${{ env.BINARY_NAME }},deploy.sh"
          target: "/tmp/openclaw-deploy"

      - name: Execute deploy on dev server
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ env.DEV_HOST }}
          username: ${{ env.DEV_USER }}
          key: ${{ secrets.DEV_SSH_KEY }}
          script: |
            set -euo pipefail
            cd /tmp/openclaw-deploy
            sudo ./deploy.sh "${{ env.BINARY_NAME }}" "${{ env.DEPLOY_PATH }}" "openclaw"
            rm -rf /tmp/openclaw-deploy

      - name: Notify on failure
        if: failure()
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ env.DEV_HOST }}
          username: ${{ env.DEV_USER }}
          key: ${{ secrets.DEV_SSH_KEY }}
          script: |
            echo "deploy failed for commit ${{ github.sha }} on ${{ github.repository }}" > /tmp/openclaw-deploy-failure.txt