name: Build, Push & Deploy

on:
  push:
    branches:
      - main
  workflow_dispatch:   # ook handmatig te triggeren via de Gitea UI

env:
  REGISTRY: ${{ vars.GITEA_REGISTRY }}          # bv. gitea.jouwdomein.be
  IMAGE:    ${{ vars.GITEA_REGISTRY }}/${{ gitea.repository }}  # bv. gitea.../org/leerdoelen-tracker

jobs:
  build-and-push:
    name: Build & Push image
    runs-on: ubuntu-latest   # pas aan als je runner een andere label heeft

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      # Genereer image tags:
      #   latest              — altijd de meest recente main build
      #   sha-<commit hash>   — voor traceerbaarheid / rollback
      - name: Genereer image tags
        id: meta
        run: |
          SHA_SHORT=$(echo "${{ gitea.sha }}" | cut -c1-8)
          echo "tag_latest=${{ env.IMAGE }}:latest" >> $GITHUB_OUTPUT
          echo "tag_sha=${{ env.IMAGE }}:sha-${SHA_SHORT}"   >> $GITHUB_OUTPUT
          echo "sha_short=${SHA_SHORT}" >> $GITHUB_OUTPUT

      - name: Inloggen op Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.GITEA_REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build en push backend image
        uses: docker/build-push-action@v5
        with:
          context:   ./backend
          file:      ./backend/Dockerfile
          push:      true
          tags: |
            ${{ steps.meta.outputs.tag_latest }}
            ${{ steps.meta.outputs.tag_sha }}
          # Layer cache via de registry — versnelt herhaalde builds sterk
          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
          cache-to:   type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max
          labels: |
            org.opencontainers.image.revision=${{ gitea.sha }}
            org.opencontainers.image.created=${{ gitea.event.head_commit.timestamp }}

      - name: Samenvatting
        run: |
          echo "## ✅ Build geslaagd" >> $GITEA_STEP_SUMMARY
          echo "| | |" >> $GITEA_STEP_SUMMARY
          echo "|---|---|" >> $GITEA_STEP_SUMMARY
          echo "| **Commit** | \`${{ steps.meta.outputs.sha_short }}\` |" >> $GITEA_STEP_SUMMARY
          echo "| **Image** | \`${{ steps.meta.outputs.tag_latest }}\` |" >> $GITEA_STEP_SUMMARY

  deploy:
    name: Deploy naar VPS
    needs: build-and-push
    runs-on: ubuntu-latest

    steps:
      - name: SSH deploy
        uses: appleboy/ssh-action@v1
        with:
          host:     ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USER }}
          key:      ${{ secrets.DEPLOY_SSH_KEY }}
          port:     ${{ secrets.DEPLOY_PORT || 22 }}
          script: |
            set -e
            cd ${{ secrets.DEPLOY_PATH }}

            # Inloggen op registry vanop de VPS
            echo "${{ secrets.REGISTRY_TOKEN }}" | \
              docker login ${{ vars.GITEA_REGISTRY }} \
              -u "${{ secrets.REGISTRY_USER }}" --password-stdin

            # Nieuwste image pullen
            docker compose pull backend

            # Herstarten met zero-downtime strategie:
            # nieuwe container omhoog, dan pas oude stoppen
            docker compose up -d --no-deps --remove-orphans backend

            # Verwijder ongebruikte images om schijfruimte te sparen
            docker image prune -f

            echo "Deploy klaar op $(date '+%Y-%m-%d %H:%M:%S')"