name: Build and Deploy

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build-push-deploy:
    runs-on: [self-hosted, haskelseed]
    timeout-minutes: 120

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build OCI image
        shell: bash -l {0}
        run: |
          nix build .#docker \
            --accept-flake-config \
            --option lazy-trees false \
            --log-format bar-with-logs

      - name: Push image to Gitea registry
        shell: bash -l {0}
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
        run: |
          SHA=$(git rev-parse --short HEAD)
          skopeo copy docker-archive:result \
            "docker://92.205.130.254:32166/coulomb/inter-hub:${SHA}" \
            --dest-creds "tegwick:${GITEA_TOKEN}" \
            --dest-tls-verify=false
          # Also tag as latest
          skopeo copy docker-archive:result \
            "docker://92.205.130.254:32166/coulomb/inter-hub:latest" \
            --dest-creds "tegwick:${GITEA_TOKEN}" \
            --dest-tls-verify=false
          echo "Pushed inter-hub:${SHA} and inter-hub:latest"

      - name: Deploy to Railiance01
        shell: bash -l {0}
        env:
          KUBECONFIG: ${{ secrets.RAILIANCE01_KUBECONFIG }}
        run: |
          SHA=$(git rev-parse --short HEAD)
          helm upgrade --install inter-hub deploy/helm/inter-hub \
            --namespace inter-hub --create-namespace \
            --set image.tag="${SHA}" \
            --wait --timeout 5m

      - name: Smoke test
        run: |
          # Give the new pod time to start
          sleep 15
          curl -sf --retry 5 --retry-delay 5 https://hub.coulomb.social/ \
            | grep -q "Inter-Hub" && echo "Landing page OK"
          curl -sf https://hub.coulomb.social/api/v2/hubs \
            -o /dev/null -w "%{http_code}" | grep -q "401" && echo "API auth gate OK"