name: ci-cd-nas
on:
  push:
    branches: [main]

jobs:
  # Runs on the DEV PC runner (label `builder`): Docker Desktop + .NET SDK.
  # DS220+ (Celeron J4025 / 2GB RAM) cannot build these images, so all the heavy
  # work (test, dotnet publish, ng build) happens here, then images are pushed
  # to the Gitea registry on the NAS.
  build-push:
    # Label is registered on the dev PC as `windows:host`; runs-on matches the
    # label NAME (before the colon). `:host` means it runs directly on the PC,
    # using its installed Docker Desktop + .NET SDK (no container).
    runs-on: windows
    defaults:
      run:
        # Windows PowerShell (always present). NOTE: do NOT use `shell: bash`
        # here — act_runner in Windows host mode mislocates the generated .sh
        # script ("No such file or directory"). PowerShell avoids that bug.
        shell: powershell
    env:
      REGISTRY: git.golife.love/chrischen
    steps:
      - uses: actions/checkout@v4

      - name: Test API
        run: dotnet test API/ROLAC.API.Tests/ROLAC.API.Tests.csproj -c Release

      - name: Registry login
        run: '"${{ secrets.REGISTRY_TOKEN }}" | docker login git.golife.love -u "${{ secrets.REGISTRY_USER }}" --password-stdin'

      - name: Build images
        run: |
          docker build -t "$env:REGISTRY/rolac-api:latest" -t "$env:REGISTRY/rolac-api:${{ github.sha }}" ./API
          if ($LASTEXITCODE -ne 0) { exit 1 }
          docker build -t "$env:REGISTRY/rolac-app:latest" -t "$env:REGISTRY/rolac-app:${{ github.sha }}" ./APP
          if ($LASTEXITCODE -ne 0) { exit 1 }

      - name: Push images
        run: |
          docker push --all-tags "$env:REGISTRY/rolac-api"
          if ($LASTEXITCODE -ne 0) { exit 1 }
          docker push --all-tags "$env:REGISTRY/rolac-app"
          if ($LASTEXITCODE -ne 0) { exit 1 }

  # Runs on the NAS runner (label `nas`): host Docker socket mounted and
  # /volume1/docker/rolac bind-mounted at the same path. Deploy ONLY — it just
  # pulls the freshly-built images and (re)starts the stack. No building here.
  deploy:
    needs: build-push
    runs-on: nas
    defaults:
      run:
        shell: sh
    env:
      DEPLOY_DIR: /volume1/docker/rolac
    steps:
      - uses: actions/checkout@v4

      - name: Registry login
        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.golife.love -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Sync compose + nginx to deploy dir
        run: |
          mkdir -p "$DEPLOY_DIR/nginx/conf.d" "$DEPLOY_DIR/data/api-storage"
          cp deploy/nas/docker-compose.yml      "$DEPLOY_DIR/docker-compose.yml"
          cp deploy/nas/nginx/conf.d/rolac.conf "$DEPLOY_DIR/nginx/conf.d/rolac.conf"

      - name: Deploy
        run: |
          cd "$DEPLOY_DIR"
          export TAG=${{ github.sha }}
          docker compose pull
          docker compose up -d
          sleep 5
          curl -fsS http://localhost:8080/api/health