name: Build and Deploy

on:
  push:
    branches: [main]

env:
  REGISTRY: registry.rose-ash.com:5000
  ARTDAG_DIR: /root/art-dag-mono

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install tools
        run: |
          apt-get update && apt-get install -y --no-install-recommends openssh-client

      - name: Set up SSH
        env:
          SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true

      - name: Build and deploy
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd ${{ env.ARTDAG_DIR }}

            OLD_HEAD=\$(git rev-parse HEAD 2>/dev/null || echo none)

            git fetch origin main
            git reset --hard origin/main

            NEW_HEAD=\$(git rev-parse HEAD)

            # Change detection
            BUILD_L1=false
            BUILD_L2=false
            if [ \"\$OLD_HEAD\" = \"none\" ] || [ \"\$OLD_HEAD\" = \"\$NEW_HEAD\" ]; then
              BUILD_L1=true
              BUILD_L2=true
            else
              CHANGED=\$(git diff --name-only \$OLD_HEAD \$NEW_HEAD)
              # common/ or core/ change -> rebuild both
              if echo \"\$CHANGED\" | grep -qE '^(common|core)/'; then
                BUILD_L1=true
                BUILD_L2=true
              fi
              if echo \"\$CHANGED\" | grep -q '^l1/'; then
                BUILD_L1=true
              fi
              if echo \"\$CHANGED\" | grep -q '^l2/'; then
                BUILD_L2=true
              fi
              if echo \"\$CHANGED\" | grep -q '^client/'; then
                BUILD_L1=true
              fi
            fi

            # Build L1
            if [ \"\$BUILD_L1\" = true ]; then
              echo 'Building L1...'
              docker build \
                --build-arg CACHEBUST=\$(date +%s) \
                -f l1/Dockerfile \
                -t ${{ env.REGISTRY }}/celery-l1-server:latest \
                -t ${{ env.REGISTRY }}/celery-l1-server:${{ github.sha }} \
                .
              docker push ${{ env.REGISTRY }}/celery-l1-server:latest
              docker push ${{ env.REGISTRY }}/celery-l1-server:${{ github.sha }}
            else
              echo 'Skipping L1 (no changes)'
            fi

            # Build L2
            if [ \"\$BUILD_L2\" = true ]; then
              echo 'Building L2...'
              docker build \
                --build-arg CACHEBUST=\$(date +%s) \
                -f l2/Dockerfile \
                -t ${{ env.REGISTRY }}/l2-server:latest \
                -t ${{ env.REGISTRY }}/l2-server:${{ github.sha }} \
                .
              docker push ${{ env.REGISTRY }}/l2-server:latest
              docker push ${{ env.REGISTRY }}/l2-server:${{ github.sha }}
            else
              echo 'Skipping L2 (no changes)'
            fi

            # Deploy stacks (--resolve-image always forces re-pull of :latest)
            if [ \"\$BUILD_L1\" = true ]; then
              cd l1 && source .env && docker stack deploy --resolve-image always -c docker-compose.yml celery && cd ..
              echo 'L1 stack deployed'
            fi
            if [ \"\$BUILD_L2\" = true ]; then
              cd l2 && source .env && docker stack deploy --resolve-image always -c docker-compose.yml activitypub && cd ..
              echo 'L2 stack deployed'
            fi

            sleep 10
            echo '=== L1 Services ==='
            docker stack services celery
            echo '=== L2 Services ==='
            docker stack services activitypub
          "