name: Build and Deploy Container

env:
  TARGET_HOST: www.valtrix.systems
  TARGET_USER: traefik
  APP_DIR: /home/traefik/valtrix-website
  CONTAINER_NAME: valtrix-website
  QUADLET_FILE: valtrix-website.container
  SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
  SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}

on:
  push:
    branches:
      - main
      - develop

jobs:
  build_and_deploy:
    runs-on: linux
    steps:
      - name: Setup SSH for git/scp/rsync
        shell: bash
        run: |
          install -m 700 -d ~/.ssh
          printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          printf "%s\n" "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts || true
          chmod 644 ~/.ssh/known_hosts
          # Ensure host keys are present to avoid interactive prompts
          (ssh-keygen -F "$TARGET_HOST" >/dev/null || ssh-keyscan -H "$TARGET_HOST" >> ~/.ssh/known_hosts) || true
          (ssh-keygen -F gitea.smb-corp.de >/dev/null || ssh-keyscan -H gitea.smb-corp.de >> ~/.ssh/known_hosts) || true
          git config --global url."ssh://git@gitea.smb-corp.de".insteadOf "https://gitea.smb-corp.de"

      - name: Checkout repository
        run: git clone git@gitea.smb-corp.de:${{ gitea.repository }} .
      - name: Deploy via SSH (only required files)
        shell: bash
        run: |
          # Ensure target dir exists
          ssh $TARGET_USER@$TARGET_HOST "mkdir -p $APP_DIR"

          # If rsync available both locally and remotely, use it with include/exclude for minimal sync
          if command -v rsync >/dev/null 2>&1 && ssh $TARGET_USER@$TARGET_HOST 'command -v rsync >/dev/null 2>&1'; then
            rsync -az --delete \
              --prune-empty-dirs \
              --include '/astro.config.mjs' \
              --include '/package.json' \
              --include '/package-lock.json' \
              --include '/postcss.config.js' \
              --include '/tailwind.config.js' \
              --include '/server.mjs' \
              --include '/Containerfile' \
              --include '/public/***' \
              --include '/src/***' \
              --exclude '/.git/***' \
              --exclude '/.gitea/***' \
              --exclude '/deploy/***' \
              --exclude '/node_modules/***' \
              --exclude '/dist/***' \
              --exclude '*' \
              ./ $TARGET_USER@$TARGET_HOST:$APP_DIR/
          else
            echo "rsync not available, using tar-over-ssh fallback with minimal set"
            tar -czf - \
              astro.config.mjs \
              package.json \
              package-lock.json \
              postcss.config.js \
              tailwind.config.js \
              server.mjs \
              Containerfile \
              public \
              src \
              | ssh $TARGET_USER@$TARGET_HOST "tar -xzf - -C $APP_DIR"
          fi

      - name: Build container on target host
        run: |
          ssh $TARGET_USER@$TARGET_HOST '
            cd $APP_DIR
            podman build -t $CONTAINER_NAME:latest .
          '

      - name: Backup Quadlet file
        run: |
          ssh $TARGET_USER@$TARGET_HOST '
            test -f ~/.config/containers/systemd/$CONTAINER_NAME.container && \
            cp ~/.config/containers/systemd/$CONTAINER_NAME.container ~/.config/containers/systemd/$CONTAINER_NAME.container.bak || true
          '

      - name: Replace Quadlet file
        run: |
          scp ./$QUADLET_FILE $TARGET_USER@$TARGET_HOST:~/.config/containers/systemd/
          ssh $TARGET_USER@$TARGET_HOST '
            systemctl --user daemon-reload
            systemctl --user restart $CONTAINER_NAME.service
          '