name: Build and Deploy UMBRA

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: https://github.com/actions/checkout@v4
        with:
          token: ${{ secrets.REGISTRY_TOKEN }}

      - name: Login to Gitea Container Registry
        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ vars.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin

      - name: Build and push backend
        run: |
          docker build --pull \
                       -t ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-backend:main-latest \
                       -t ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-backend:${{ github.sha }} \
                       ./backend
          docker push ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-backend:main-latest
          docker push ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-backend:${{ github.sha }}

      - name: Build and push frontend
        run: |
          docker build --pull \
                       -t ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-frontend:main-latest \
                       -t ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-frontend:${{ github.sha }} \
                       ./frontend
          docker push ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-frontend:main-latest
          docker push ${{ vars.REGISTRY_HOST }}/rohskiddo/umbra-frontend:${{ github.sha }}

      - name: Deploy
        run: |
          # Spawn a short-lived container that mounts the host deploy path
          # and runs compose commands against the host Docker daemon.
          # DEPLOY_PATH is a Gitea variable — update it when moving hosts.
          docker run --rm \
            --network host \
            --security-opt label:disable \
            -v /var/run/docker.sock:/var/run/docker.sock \
            -v ${{ vars.DEPLOY_PATH }}:/deploy \
            -w /deploy \
            docker:27-cli sh -c "
              docker compose pull backend frontend &&
              docker compose up -d --remove-orphans
            "

      - name: Health check
        run: |
          echo "Waiting for services to start..."
          sleep 30
          curl -f http://localhost/health || exit 1

      - name: Prune old images
        if: success()
        run: docker image prune -f

      - name: Notify success
        if: success()
        run: |
          curl -s \
            -H "Title: UMBRA Deploy Success" \
            -H "Tags: white_check_mark" \
            --data-binary @- https://ntfy.ghost6.xyz/claude <<'NTFY_EOF'
          Build ${{ github.sha }} deployed successfully to umbra.ghost6.xyz.
          Triggered by push to main.
          NTFY_EOF

      - name: Notify failure
        if: failure()
        run: |
          curl -s \
            -H "Title: UMBRA Deploy FAILED" \
            -H "Tags: fire" \
            -H "Priority: high" \
            --data-binary @- https://ntfy.ghost6.xyz/claude <<'NTFY_EOF'
          Deploy failed for commit ${{ github.sha }}.
          Check Gitea Actions logs at git.sentinelforest.xyz.
          NTFY_EOF