name: Build & Deploy

on:
  push:
    branches: [main]

env:
  REGISTRY: git.arthurbarre.fr
  IMAGE_FRONT: ordinarthur/wetalk
  IMAGE_API: ordinarthur/wetalk-api
  NAMESPACE: wetalk

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Login to Gitea Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ordinarthur
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and push frontend
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_FRONT }}:latest
            ${{ env.REGISTRY }}/${{ env.IMAGE_FRONT }}:${{ github.sha }}
          build-args: |
            VITE_SUPABASE_URL=${{ secrets.VITE_SUPABASE_URL }}
            VITE_SUPABASE_ANON_KEY=${{ secrets.VITE_SUPABASE_ANON_KEY }}
            VITE_API_URL=

      - name: Build and push API
        uses: docker/build-push-action@v5
        with:
          context: ./api
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_API }}:latest
            ${{ env.REGISTRY }}/${{ env.IMAGE_API }}:${{ github.sha }}

      - name: Install kubectl
        run: |
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl /usr/local/bin/

      - name: Deploy to K3s
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config

          # Create namespace if needed
          kubectl apply -f k8s/namespace.yml

          # Create registry secret if needed
          kubectl -n $NAMESPACE create secret docker-registry gitea-registry \
            --docker-server=$REGISTRY \
            --docker-username=ordinarthur \
            --docker-password=${{ secrets.REGISTRY_PASSWORD }} \
            --dry-run=client -o yaml | kubectl apply -f -

          # Create API secrets
          kubectl -n $NAMESPACE create secret generic wetalk-api-secrets \
            --from-literal=SPOTIFY_CLIENT_ID=${{ secrets.SPOTIFY_CLIENT_ID }} \
            --from-literal=SPOTIFY_CLIENT_SECRET=${{ secrets.SPOTIFY_CLIENT_SECRET }} \
            --from-literal=YOUTUBE_API_KEY=${{ secrets.YOUTUBE_API_KEY }} \
            --dry-run=client -o yaml | kubectl apply -f -

          # Apply manifests
          kubectl apply -f k8s/service.yml
          kubectl apply -f k8s/deployment.yml

          # Force rollout with new images
          kubectl -n $NAMESPACE set image deployment/wetalk \
            wetalk=$REGISTRY/$IMAGE_FRONT:${{ github.sha }} \
            wetalk-api=$REGISTRY/$IMAGE_API:${{ github.sha }}

          # Wait for rollout
          kubectl -n $NAMESPACE rollout status deployment/wetalk --timeout=120s