name: Deploy KubeViz

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: [linux]
    env:
      IMAGE_REPO: localhost/kubeviz
      IMAGE_TAG: prod
      SERVICE_NAME: kubeviz.service
    steps:
      - name: Checkout (git, no Node runtime required)
        env:
          CI_REPO_TOKEN: ${{ secrets.CI_REPO_TOKEN }}
        run: |
          set -euo pipefail
          export GIT_TERMINAL_PROMPT=0

          server_url="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}"
          repo="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}"
          sha="${GITHUB_SHA:-${GITEA_SHA:-}}"
          actor="${GITHUB_ACTOR:-${GITEA_ACTOR:-gitea-actions}}"
          workspace="${GITHUB_WORKSPACE:-$PWD/.workspace}"
          token="${CI_REPO_TOKEN:-${GITHUB_TOKEN:-${GITEA_TOKEN:-}}}"

          if [ -z "${server_url}" ] || [ -z "${repo}" ] || [ -z "${sha}" ]; then
            echo "Missing CI context (server/repository/sha)."
            echo "server_url='${server_url}' repo='${repo}' sha='${sha}'"
            exit 1
          fi

          if [ -z "${token}" ]; then
            echo "No token available for git clone."
            echo "Set secret CI_REPO_TOKEN with read access to ${repo}."
            exit 1
          fi

          proto="$(printf '%s' "${server_url}" | sed -E 's#(https?://).*#\1#')"
          host="$(printf '%s' "${server_url}" | sed -E 's#https?://##')"
          repo_url="${proto}${actor}:${token}@${host}/${repo}.git"

          rm -rf "${workspace}"
          mkdir -p "${workspace}"
          git clone --depth 1 --no-tags "${repo_url}" "${workspace}"
          cd "${workspace}"
          git fetch --depth 1 origin "${sha}"
          git checkout --detach "${sha}"

      - name: Build and deploy via Podman + Quadlet service
        run: |
          chmod +x scripts/deploy-with-podman.sh
          scripts/deploy-with-podman.sh