version: 1.0

workflow:
  name: Deploy to Production
  on:
    push:
      branches:
        - main

jobs:
  build-and-deploy:
    name: Build and Deploy
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Login to Docker Registry
        uses: docker/login-action@v2
        with:
          registry: registry.liquidrinu.com
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and Push Backend
        uses: docker/build-push-action@v4
        with:
          context: ./backend
          push: true
          tags: registry.liquidrinu.com/fusero-backend:latest
          cache-from: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache
          cache-to: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache,mode=max

      - name: Build and Push Frontend
        uses: docker/build-push-action@v4
        with:
          context: ./frontend
          push: true
          tags: registry.liquidrinu.com/fusero-frontend:latest
          cache-from: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache
          cache-to: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache,mode=max

      - name: Install kubectl
        uses: azure/setup-kubectl@v3
        with:
          version: "latest"

      - name: Setup kubeconfig
        run: |
          mkdir -p $HOME/.kube
          echo "${{ secrets.KUBE_CONFIG }}" | base64 -d > $HOME/.kube/config
          chmod 600 $HOME/.kube/config

      - name: Create secrets file
        run: |
          cat > ./chart/secrets.prod.yaml << EOF
          backend:
            env:
              POSTGRES_PASSWORD: "${{ secrets.POSTGRES_PASSWORD }}"
              DEFAULT_ADMIN_PASSWORD: "${{ secrets.DEFAULT_ADMIN_PASSWORD }}"
              ENCRYPTION_KEY: "${{ secrets.ENCRYPTION_KEY }}"
              JWT_SECRET: "${{ secrets.JWT_SECRET }}"
              CHATGPT_API_KEY: "${{ secrets.CHATGPT_API_KEY }}"
              CANVAS_API_KEY: "${{ secrets.CANVAS_API_KEY }}"
          EOF

      - name: Deploy to Kubernetes
        run: |
          helm upgrade --install fusero ./chart \
            --namespace fusero-prod \
            --create-namespace \
            --values ./chart/values.prod.yaml \
            --values ./chart/secrets.prod.yaml \
            --set backend.image.repository=registry.liquidrinu.com/fusero-backend \
            --set frontend.image.repository=registry.liquidrinu.com/fusero-frontend

      - name: Verify Deployment
        run: |
          kubectl rollout status deployment/fusero-backend -n fusero-prod
          kubectl rollout status deployment/fusero-frontend -n fusero-prod