name: Server Deploy

on:
    push:
        branches:
            - main
        paths:
            - "server/**"
            - "web/**"
            - "proto/**"

jobs:
    deploy:
        runs-on: ubuntu-docker
        container: node:26
        steps:
            - name: Checkout
              uses: actions/checkout@v4

            - name: Log in to registry
              run: |
                  echo "${{ secrets.REGISTRY_PASSWORD }}" | \
                    docker login ${{ vars.GITEA_HOST }} \
                      -u "${{ secrets.REGISTRY_USER }}" --password-stdin

            - name: Build and push server image
              run: |
                  IMAGE="${{ vars.GITEA_HOST }}/${{ github.repository_owner }}/keymanager/server:latest"
                  docker build -t "$IMAGE" -f server/Dockerfile server/
                  docker push "$IMAGE"

            - name: Build and push web image
              run: |
                  IMAGE="${{ vars.GITEA_HOST }}/${{ github.repository_owner }}/keymanager/web:latest"
                  docker build \
                    --build-arg NEXT_PUBLIC_API_URL="https://${{ vars.GITEA_HOST }}" \
                    -t "$IMAGE" \
                    -f web/Dockerfile web/
                  docker push "$IMAGE"

            - name: Deploy via SSH
              uses: https://github.com/appleboy/ssh-action@v1
              with:
                  host: ${{ secrets.DEPLOY_HOST }}
                  username: ${{ secrets.DEPLOY_USER }}
                  key: ${{ secrets.DEPLOY_SSH_KEY }}
                  script: |
                      cd /opt/keymanager
                      docker compose pull
                      docker compose up -d --remove-orphans
                      docker image prune -f