name: Build and Deploy

on:
  push:
    branches: [main, decoupling]

env:
  REGISTRY: registry.rose-ash.com:5000
  IMAGE: federation
  REPO_DIR: /root/rose-ash/federation
  COOP_DIR: /root/coop

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install tools
        run: |
          apt-get update && apt-get install -y --no-install-recommends openssh-client

      - name: Set up SSH
        env:
          SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true

      - name: Pull latest code on server
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd ${{ env.REPO_DIR }}
            git fetch origin ${{ github.ref_name }}
            git reset --hard origin/${{ github.ref_name }}
            git submodule update --init --recursive
            # Clean ALL sibling dirs (including stale self-copies from previous runs)
            for sibling in blog market cart events federation; do
              rm -rf \$sibling
            done
            # Copy non-self sibling models for cross-domain imports
            for sibling in blog market cart events federation; do
              [ \"\$sibling\" = \"${{ env.IMAGE }}\" ] && continue
              repo=/root/rose-ash/\$sibling
              if [ -d \$repo/.git ]; then
                git -C \$repo fetch origin ${{ github.ref_name }} 2>/dev/null || true
                mkdir -p \$sibling
                git -C \$repo archive origin/${{ github.ref_name }} -- __init__.py models/ 2>/dev/null | tar -x -C \$sibling/ || true
              fi
            done
          "

      - name: Build and push image
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd ${{ env.REPO_DIR }}
            docker build --build-arg CACHEBUST=\$(date +%s) \
              -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest \
              -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }} .
            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
          "

      - name: Deploy stack
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd ${{ env.COOP_DIR }}
            source .env
            docker stack deploy -c docker-compose.yml coop
            echo 'Waiting for services to update...'
            sleep 10
            docker stack services coop
          "