name: ci-cd-nas
on:
  push:
    branches: [main]

jobs:
  # Runs on the DEV PC runner (label `builder`): Docker Desktop + .NET SDK.
  # DS220+ (Celeron J4025 / 2GB RAM) cannot build these images, so all the heavy
  # work (test, dotnet publish, ng build) happens here, then images are pushed
  # to the Gitea registry on the NAS.
  build-push:
    # Label is registered on the dev PC as `windows:host`; runs-on matches the
    # label NAME (before the colon). `:host` means it runs directly on the PC,
    # using its installed Docker Desktop + .NET SDK (no container).
    runs-on: windows
    defaults:
      run:
        # Git Bash (bundled with Git for Windows) — needed for `$REGISTRY` and
        # the heredoc-style multi-line steps below.
        shell: bash
    env:
      REGISTRY: git.golife.love/chrischen
    steps:
      - uses: actions/checkout@v4

      - name: Test API
        run: dotnet test API/ROLAC.API.Tests/ROLAC.API.Tests.csproj -c Release

      - name: Registry login
        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.golife.love -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Build images
        run: |
          docker build -t "$REGISTRY/rolac-api:latest" -t "$REGISTRY/rolac-api:${{ github.sha }}" ./API
          docker build -t "$REGISTRY/rolac-app:latest" -t "$REGISTRY/rolac-app:${{ github.sha }}" ./APP

      - name: Push images
        run: |
          docker push --all-tags "$REGISTRY/rolac-api"
          docker push --all-tags "$REGISTRY/rolac-app"

  # Runs on the NAS runner (label `nas`): host Docker socket mounted and
  # /volume1/docker/rolac bind-mounted at the same path. Deploy ONLY — it just
  # pulls the freshly-built images and (re)starts the stack. No building here.
  deploy:
    needs: build-push
    runs-on: nas
    defaults:
      run:
        shell: sh
    env:
      DEPLOY_DIR: /volume1/docker/rolac
    steps:
      - uses: actions/checkout@v4

      - name: Registry login
        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.golife.love -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Sync compose + nginx to deploy dir
        run: |
          mkdir -p "$DEPLOY_DIR/nginx/conf.d" "$DEPLOY_DIR/data/api-storage"
          cp deploy/nas/docker-compose.yml      "$DEPLOY_DIR/docker-compose.yml"
          cp deploy/nas/nginx/conf.d/rolac.conf "$DEPLOY_DIR/nginx/conf.d/rolac.conf"

      - name: Deploy
        run: |
          cd "$DEPLOY_DIR"
          export TAG=${{ github.sha }}
          docker compose pull
          docker compose up -d
          sleep 5
          curl -fsS http://localhost:8080/api/health