name: Deploy KubeViz

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: [linux]
    env:
      IMAGE_REPO: localhost/kubeviz
      IMAGE_TAG: prod
      SERVICE_NAME: kubeviz.service
      SYSTEMD_SCOPE: user
      INSTALL_QUADLET: "true"
      QUADLET_SRC: deploy/quadlet/kubeviz-traefik.container
      PODMAN_USE_SUDO: "false"
    steps:
      - name: Checkout + Build/Deploy (git, no Node runtime required)
        env:
          CI_REPO_TOKEN: ${{ secrets.CI_REPO_TOKEN }}
        run: |
          set -euo pipefail
          export GIT_TERMINAL_PROMPT=0

          server_url="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}"
          repo="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}"
          sha="${GITHUB_SHA:-${GITEA_SHA:-}}"
          actor="${GITHUB_ACTOR:-${GITEA_ACTOR:-gitea-actions}}"
          workspace="${GITHUB_WORKSPACE:-$PWD/.workspace}"
          token="${CI_REPO_TOKEN:-${GITHUB_TOKEN:-${GITEA_TOKEN:-}}}"

          if [ -z "${server_url}" ] || [ -z "${repo}" ] || [ -z "${sha}" ]; then
            echo "Missing CI context (server/repository/sha)."
            echo "server_url='${server_url}' repo='${repo}' sha='${sha}'"
            exit 1
          fi

          host="$(printf '%s' "${server_url}" | sed -E 's#https?://##')"
          if [ -n "${token}" ]; then
            proto="$(printf '%s' "${server_url}" | sed -E 's#(https?://).*#\1#')"
            repo_url="${proto}${actor}:${token}@${host}/${repo}.git"
            echo "Using token-based checkout."
          elif [ -f "${HOME}/.ssh/id_ed25519" ] || [ -f "${HOME}/.ssh/id_rsa" ]; then
            mkdir -p "${HOME}/.ssh"
            chmod 700 "${HOME}/.ssh"
            if [ ! -f "${HOME}/.ssh/known_hosts" ]; then
              ssh-keyscan -t rsa,ecdsa,ed25519 "${host}" >> "${HOME}/.ssh/known_hosts"
              chmod 600 "${HOME}/.ssh/known_hosts"
            fi
            repo_url="git@${host}:${repo}.git"
            echo "Using SSH deploy-key checkout (${repo_url})."
          else
            echo "No token available and no SSH key found for git clone."
            echo "Either set CI_REPO_TOKEN secret or install deploy key at ${HOME}/.ssh/id_ed25519."
            exit 1
          fi

          if [ "$(pwd)" = "${workspace}" ]; then
            cd /tmp
          fi
          rm -rf "${workspace}"
          mkdir -p "${workspace}"
          git clone --depth 1 --no-tags "${repo_url}" "${workspace}"
          cd "${workspace}"
          git fetch --depth 1 origin "${sha}"
          git checkout --detach "${sha}"
          ls -la
          test -d cmd/server || {
            echo "Expected path cmd/server missing in checkout."
            find . -maxdepth 3 -type d | sed -n '1,120p'
            exit 1
          }
          chmod +x scripts/deploy-with-podman.sh
          scripts/deploy-with-podman.sh