name: Deploy to Production

run-name: Deploy to Production - ${{ github.ref_name }}

on:
  workflow_dispatch:
    inputs:
      image_tag:
        description: 'Image tag to deploy (leave empty for latest)'
        required: false
        default: 'latest'
      branch:
        description: 'Branch to deploy from'
        required: false
        default: 'main'
      auto_deploy:
        description: 'Auto-deploy after successful build'
        type: boolean
        required: false
        default: false
  workflow_run:
    workflows: ["Build Docker Image"]
    types:
      - completed
    branches: [main, develop]

env:
  REGISTRY: registry.michaelschiemer.de
  IMAGE_NAME: framework
  DEPLOYMENT_HOST: 94.16.110.151

jobs:
  deploy:
    name: Deploy to Production Server
    runs-on: ubuntu-latest
    environment:
      name: production
      url: https://michaelschiemer.de
    # Only run if triggered manually OR if build workflow succeeded
    if: |
      github.event_name == 'workflow_dispatch' ||
      (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
    steps:
      - name: Checkout deployment scripts
        run: |
          REF_NAME="${{ github.ref_name || inputs.branch || 'main' }}"
          REPO="${{ github.repository }}"
          
          if [ -n "${{ secrets.CI_TOKEN }}" ]; then
            git clone --depth 1 --branch "$REF_NAME" \
              "https://${{ secrets.CI_TOKEN }}@git.michaelschiemer.de/${REPO}.git" \
              /workspace/repo
          else
            git clone --depth 1 --branch "$REF_NAME" \
              "https://git.michaelschiemer.de/${REPO}.git" \
              /workspace/repo || \
            git clone --depth 1 \
              "https://git.michaelschiemer.de/${REPO}.git" \
              /workspace/repo
          fi
          
          cd /workspace/repo

      - name: Determine image tag
        id: image_tag
        shell: bash
        run: |
          # Priority:
          # 1. Manual input (workflow_dispatch)
          # 2. From workflow_run (build workflow outputs)
          # 3. Latest
          
          if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.image_tag }}" ]; then
            IMAGE_TAG="${{ inputs.image_tag }}"
            echo "Using manually specified tag: $IMAGE_TAG"
          elif [ "${{ github.event_name }}" = "workflow_run" ]; then
            # Try to get from build workflow run
            BUILD_RUN_ID="${{ github.event.workflow_run.id }}"
            echo "Build workflow run ID: $BUILD_RUN_ID"
            # Note: Getting outputs from workflow_run might need API call
            # For now, use latest if triggered by workflow_run
            IMAGE_TAG="latest"
            echo "Using latest tag (from workflow_run trigger)"
          else
            IMAGE_TAG="latest"
            echo "Using latest tag (default)"
          fi
          
          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT
          echo "📦 Deploying image tag: $IMAGE_TAG"

      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/production
          chmod 600 ~/.ssh/production
          ssh-keyscan -H ${{ env.DEPLOYMENT_HOST }} >> ~/.ssh/known_hosts

      - name: Deploy via SSH
        run: |
          set -e
          
          DEPLOYMENT_HOST="${{ env.DEPLOYMENT_HOST }}"
          REGISTRY="${{ env.REGISTRY }}"
          IMAGE_NAME="${{ env.IMAGE_NAME }}"
          IMAGE_TAG="${{ steps.image_tag.outputs.IMAGE_TAG }}"
          
          FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}"
          STACK_PATH="~/deployment/stacks/application"
          
          echo "🚀 Starting deployment..."
          echo "   Image: ${FULL_IMAGE}"
          echo "   Tag: ${IMAGE_TAG}"
          echo "   Host: ${DEPLOYMENT_HOST}"
          echo "   Stack: ${STACK_PATH}"
          
          ssh -i ~/.ssh/production \
              -o StrictHostKeyChecking=no \
              -o UserKnownHostsFile=/dev/null \
              deploy@${DEPLOYMENT_HOST} <<EOF
            set -e
            
            cd ${STACK_PATH}
            
            echo "🔐 Logging in to Docker registry..."
            echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${REGISTRY} \
              -u "${{ secrets.REGISTRY_USER }}" \
              --password-stdin || echo "⚠️  Registry login failed, continuing..."
            
            echo "📥 Pulling image ${FULL_IMAGE}..."
            docker pull ${FULL_IMAGE} || {
              echo "❌ Failed to pull image ${FULL_IMAGE}"
              exit 1
            }
            
            echo "📝 Updating docker-compose.yml..."
            sed -i "s|image:.*/${IMAGE_NAME}:.*|image: ${FULL_IMAGE}|g" docker-compose.yml
            sed -i "s|image:.*/${IMAGE_NAME}@.*|image: ${FULL_IMAGE}|g" docker-compose.yml
            
            echo "✅ Updated docker-compose.yml:"
            grep "image:" docker-compose.yml | head -5
            
            echo "🔄 Restarting services..."
            docker compose up -d --pull always --force-recreate || {
              echo "❌ Failed to restart services"
              exit 1
            }
            
            echo "⏳ Waiting for services to start..."
            sleep 10
            
            echo "📊 Container status:"
            docker compose ps
            
            echo "✅ Deployment completed!"
          EOF

      - name: Wait for deployment to stabilize
        run: sleep 30

      - name: Health check
        id: health
        run: |
          for i in {1..10}; do
            if curl -f -k https://michaelschiemer.de/health; then
              echo "✅ Health check passed"
              exit 0
            fi
            echo "⏳ Waiting for service... (attempt $i/10)"
            sleep 10
          done
          echo "❌ Health check failed"
          exit 1

      - name: Rollback on failure
        if: failure() && steps.health.outcome == 'failure'
        run: |
          echo "⚠️  Deployment failed - manual rollback may be required"
          echo "💡 To rollback manually, SSH to the server and run:"
          echo "   cd ~/deployment/stacks/application"
          echo "   docker compose down"
          echo "   git checkout docker-compose.yml"
          echo "   docker compose up -d"

      - name: Notify deployment success
        if: success()
        run: |
          echo "🚀 Deployment successful!"
          echo "Image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.image_tag.outputs.IMAGE_TAG }}"

      - name: Notify deployment failure
        if: failure()
        run: |
          echo "❌ Deployment failed"
          # TODO: Add Slack/Email notification