name: Build, Test and Deploy

on:
  push:
    branches: [main, int, dev]

concurrency:
  group: print-calculator-${{ gitea.ref }}
  cancel-in-progress: true

jobs:
  test-backend:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      # Evito actions/setup-python (spesso fragile su act_runner)
      - name: Install Python deps + run tests
        shell: bash
        run: |
          apt-get update
          apt-get install -y --no-install-recommends python3 python3-pip
          python3 -m pip install --upgrade pip
          python3 -m pip install -r backend/requirements.txt
          python3 -m pip install pytest httpx
          export PYTHONPATH="${PYTHONPATH}:$(pwd)/backend"
          pytest backend/tests

  build-and-push:
    needs: test-backend
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set TAG + OWNER lowercase
        shell: bash
        run: |
          if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
            echo "TAG=prod" >> "$GITHUB_ENV"
          elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
            echo "TAG=int" >> "$GITHUB_ENV"
          else
            echo "TAG=dev" >> "$GITHUB_ENV"
          fi

          echo "OWNER_LOWER=$(echo '${{ gitea.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"

      - name: Ensure docker CLI exists
        shell: bash
        run: |
          if ! command -v docker >/dev/null 2>&1; then
            apt-get update
            apt-get install -y --no-install-recommends docker.io
          fi
          docker version

      - name: Login to Gitea Registry
        shell: bash
        run: |
          set -euo pipefail
          printf '%s' "${{ secrets.REGISTRY_TOKEN }}" | docker login "${{ secrets.REGISTRY_URL }}" \
            -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Build & Push Backend
        shell: bash
        run: |
          BACKEND_IMAGE="${{ secrets.REGISTRY_URL }}/${{ env.OWNER_LOWER }}/print-calculator-backend:${{ env.TAG }}"
          docker build -t "$BACKEND_IMAGE" ./backend
          docker push "$BACKEND_IMAGE"

      - name: Build & Push Frontend
        shell: bash
        run: |
          FRONTEND_IMAGE="${{ secrets.REGISTRY_URL }}/${{ env.OWNER_LOWER }}/print-calculator-frontend:${{ env.TAG }}"
          docker build -t "$FRONTEND_IMAGE" ./frontend
          docker push "$FRONTEND_IMAGE"

  deploy:
    needs: build-and-push
    runs-on: ubuntu-latest
    steps:
      - name: Set ENV
        shell: bash
        run: |
          if [[ "${{ gitea.ref }}" == "refs/heads/main" ]]; then
            echo "ENV=prod" >> "$GITHUB_ENV"
          elif [[ "${{ gitea.ref }}" == "refs/heads/int" ]]; then
            echo "ENV=int" >> "$GITHUB_ENV"
          else
            echo "ENV=dev" >> "$GITHUB_ENV"
          fi

      - name: Trigger deploy on Unraid (forced command key)
        shell: bash
        run: |
          set -euo pipefail

          # Assicura ssh client
          apt-get update
          apt-get install -y --no-install-recommends openssh-client

          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          # Scrive la chiave privata (multi-line) dal secret
          printf '%s' "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

          # Aggiunge l'host key (evita prompt interattivi)
          ssh-keyscan -H "${{ secrets.SERVER_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null

          # Invia SOLO "prod/int/dev" come comando (finisce in SSH_ORIGINAL_COMMAND sul server)
          ssh -i ~/.ssh/id_ed25519 -o BatchMode=yes "${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}" "${{ env.ENV }}"