name: Deploy Development

on:
  push:
    branches:
      - dev
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest

    steps:
      - name: Checkout code
        shell: sh
        run: |
          git clone $GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git /workspace/repo
          cd /workspace/repo
          git checkout $GITHUB_REF_NAME
          git pull origin $GITHUB_REF_NAME

      - name: Build Docker Image
        shell: sh
        run: |
          cd /workspace/repo
          docker build -t merchbay_admin:dev .
          docker save merchbay_admin:dev | gzip > merchbay_admin_dev.tar.gz

      # 🔍 TEMP DEBUG (remove after verification)
      - name: Debug secrets (safe)
        shell: sh
        run: |
          echo "== Secrets presence check =="
          [ -z "${DEPLOY_SSH_KEY}" ] && echo "❌ DEPLOY_SSH_KEY EMPTY" && exit 1
          [ -z "${DEPLOY_USER}" ] && echo "❌ DEPLOY_USER EMPTY" && exit 1
          [ -z "${DEPLOY_HOST}" ] && echo "❌ DEPLOY_HOST EMPTY" && exit 1
          echo "✅ Secrets OK"
        env:
          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}

      - name: Setup SSH
        shell: sh
        run: |
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          echo "${DEPLOY_SSH_KEY}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

          ssh-keyscan -H ${DEPLOY_HOST} >> ~/.ssh/known_hosts
        env:
          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}

      - name: SSH sanity check
        shell: sh
        run: |
          ssh -i ~/.ssh/id_ed25519 ${DEPLOY_USER}@${DEPLOY_HOST} "whoami"
        env:
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}

      # 🚀 DEPLOY
      - name: Deploy to Server
        shell: sh
        env:
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          cd /workspace/repo

          scp -i ~/.ssh/id_ed25519 \
            merchbay_admin_dev.tar.gz docker-compose.yml \
            ${DEPLOY_USER}@${DEPLOY_HOST}:/tmp/

          ssh -i ~/.ssh/id_ed25519 ${DEPLOY_USER}@${DEPLOY_HOST} << 'EOF'
            set -e

            DEPLOY_DIR="/home/deploy/apps/merchbay_admin_dev"

            mkdir -p "$DEPLOY_DIR"
            cd /tmp

            docker load < merchbay_admin_dev.tar.gz
            cp docker-compose.yml "$DEPLOY_DIR/"

            cd "$DEPLOY_DIR"

            docker compose down || true
            docker image prune -f

            docker network inspect traefik-public >/dev/null 2>&1 || \
              docker network create traefik-public

            export DOMAIN=dev-admin.merchbay.app
            export APP_URL=https://dev-admin.merchbay.app

            docker compose up -d

            sleep 10
            docker compose exec -T app php artisan migrate --force
            docker compose exec -T app php artisan config:cache
            docker compose exec -T app php artisan route:cache
            docker compose exec -T app php artisan view:cache

            rm -f /tmp/merchbay_admin_dev.tar.gz /tmp/docker-compose.yml

            echo "✅ Development deployment completed"
          EOF

      - name: Health Check
        shell: sh
        run: |
          sleep 10
          curl -f https://dev-admin.merchbay.app