name: Build & Deploy to K3s

on:
  push:
    branches: [main]

env:
  REGISTRY: git.arthurbarre.fr
  SSR_IMAGE: git.arthurbarre.fr/ordinarthur/rebours-ssr
  API_IMAGE: git.arthurbarre.fr/ordinarthur/rebours-api
  REGISTRY_USER: ordinarthur

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Login to Gitea Container Registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
            docker login ${{ env.REGISTRY }} -u ${{ env.REGISTRY_USER }} --password-stdin

      - name: Build SSR image
        run: |
          docker build \
            -f Dockerfile.ssr \
            -t ${{ env.SSR_IMAGE }}:${{ github.sha }} \
            -t ${{ env.SSR_IMAGE }}:latest \
            .

      - name: Build API image
        run: |
          docker build \
            -f Dockerfile.api \
            -t ${{ env.API_IMAGE }}:${{ github.sha }} \
            -t ${{ env.API_IMAGE }}:latest \
            .

      - name: Push SSR image
        run: |
          docker push ${{ env.SSR_IMAGE }}:${{ github.sha }}
          docker push ${{ env.SSR_IMAGE }}:latest

      - name: Push API image
        run: |
          docker push ${{ env.API_IMAGE }}:${{ github.sha }}
          docker push ${{ env.API_IMAGE }}:latest

      - name: Install kubectl
        run: |
          curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl /usr/local/bin/kubectl

      - name: Configure kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config

      - name: Apply namespace and shared resources
        run: |
          kubectl apply -f k8s/namespace.yml
          kubectl apply -f k8s/configmap.yml
          kubectl apply -f k8s/service.yml

      - name: Create image pull secret
        run: |
          kubectl -n rebours create secret docker-registry gitea-registry-secret \
            --docker-server=${{ env.REGISTRY }} \
            --docker-username=${{ env.REGISTRY_USER }} \
            --docker-password="${{ secrets.REGISTRY_PASSWORD }}" \
            --dry-run=client -o yaml | kubectl apply -f -

      - name: Create app secrets
        run: |
          kubectl -n rebours create secret generic rebours-secrets \
            --from-literal=STRIPE_SECRET_KEY="${{ secrets.STRIPE_SECRET_KEY }}" \
            --from-literal=STRIPE_WEBHOOK_SECRET="${{ secrets.STRIPE_WEBHOOK_SECRET }}" \
            --from-literal=SANITY_API_TOKEN="${{ secrets.SANITY_API_TOKEN }}" \
            --dry-run=client -o yaml | kubectl apply -f -

      - name: Deploy workloads
        run: |
          kubectl apply -f k8s/deployment.yml

          kubectl -n rebours set image deployment/rebours-ssr \
            rebours-ssr=${{ env.SSR_IMAGE }}:${{ github.sha }}
          kubectl -n rebours set image deployment/rebours-api \
            rebours-api=${{ env.API_IMAGE }}:${{ github.sha }}

          kubectl -n rebours rollout status deployment/rebours-api --timeout=120s
          kubectl -n rebours rollout status deployment/rebours-ssr --timeout=180s
          kubectl -n rebours rollout status deployment/rebours-proxy --timeout=60s

      - name: Cleanup old images
        run: |
          docker image prune -f