name: Deploy to Production
on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    name: Build and Deploy
    runs-on: general
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Login to Docker Registry
        uses: docker/login-action@v2
        with:
          registry: registry.liquidrinu.com
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and Push Backend
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: registry.liquidrinu.com/fusero-backend:latest
          cache-from: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache
          cache-to: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache,mode=max

      - name: Create .env file
        run: |
          echo "VITE_API_BASE_URL=/api" > ./frontend/.env
          # This only affects the CI/CD build, not your local dev .env

      - name: Build and Push Frontend
        uses: docker/build-push-action@v4
        with:
          context: ./frontend
          file: ./frontend/Dockerfile.dev
          push: true
          tags: registry.liquidrinu.com/fusero-frontend:latest
          cache-from: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache
          cache-to: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache,mode=max

      - name: Install kubectl
        uses: azure/setup-kubectl@v3
        with:
          version: "latest"

      - name: Setup kubeconfig
        run: |
          mkdir -p $HOME/.kube
          echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > $HOME/.kube/config
          chmod 600 $HOME/.kube/config

      - name: Create secrets file
        run: |
          cat > ./chart/secrets.prod.yaml << EOF
          backend:
            env:
              POSTGRES_PASSWORD: "${{ secrets.POSTGRES_PASSWORD }}"
              DEFAULT_ADMIN_PASSWORD: "${{ secrets.DEFAULT_ADMIN_PASSWORD }}"
              ENCRYPTION_KEY: "${{ secrets.ENCRYPTION_KEY }}"
              JWT_SECRET: "${{ secrets.JWT_SECRET }}"
              CHATGPT_API_KEY: "${{ secrets.CHATGPT_API_KEY }}"
              CANVAS_API_KEY: "${{ secrets.CANVAS_API_KEY }}"
          EOF

      - name: Delete old migration/seed job
        run: |
          kubectl delete job fusero-backend-db-init -n fusero-prod || true

      - name: Install Helm
        run: |
          curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

      - name: Generate values.prod.yaml from template
        run: cp chart/values.prod.template.yaml chart/values.prod.yaml

      - name: Deploy to Kubernetes
        run: |
          helm upgrade --install fusero ./chart \
            --namespace fusero-prod \
            --create-namespace \
            --values ./chart/values.prod.yaml \
            --values ./chart/secrets.prod.yaml \
            --set backend.image=registry.liquidrinu.com/fusero-backend:latest \
            --set frontend.image=registry.liquidrinu.com/fusero-frontend:latest

      - name: Wait for migration/seed job
        run: |
          kubectl wait --for=condition=complete --timeout=300s job/fusero-backend-db-init -n fusero-prod
          JOB_STATUS=$(kubectl get job fusero-backend-db-init -n fusero-prod -o jsonpath='{.status.succeeded}')
          if [ "$JOB_STATUS" != "1" ]; then
            echo "Migration/seed job failed!" >&2
            kubectl logs job/fusero-backend-db-init -n fusero-prod
            exit 1
          fi

      - name: Verify Deployment
        run: |
          kubectl rollout status deployment/fusero-backend -n fusero-prod
          kubectl rollout status deployment/fusero-frontend -n fusero-prod