name: Deploy Backend and Backoffice Dev

on:
  workflow_dispatch:
  push:
    branches:
      - dev

env:
  REGISTRY: pipe.gohorsejobs.com
  IMAGE_NAMESPACE: bohessefm
  # O DOCKER_HOST aponta para o seu container sidecar 'docker' no mesmo pod
  DOCKER_HOST: tcp://localhost:2375

jobs:
  build-and-push:
    # As labels aqui batem com o que você registrou no seu Deployment
    runs-on:
      - ubuntu-latest
    defaults:
      run:
        shell: sh

    steps:
      # 1. Agora o Checkout funciona direto porque a imagem 'node:20-bookworm' tem Node!
      - name: Checkout code
        uses: actions/checkout@v4

      # 2. Garante que o Daemon do sidecar já acordou
      - name: Wait for Docker
        run: |
          until docker info >/dev/null 2>&1; do echo "Aguardando Docker..."; sleep 1; done

      - name: Docker login
        run: |
          echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} \
            -u ${{ env.IMAGE_NAMESPACE }} --password-stdin

      - name: Build & Push Backend
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest

      - name: Build & Push Backoffice
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest ./backoffice
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest

  deploy-to-k3s:
    needs: build-and-push
    runs-on:
      - ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Deploy to K3s
        run: |
          # O kubectl já funciona porque o ServiceAccount 'forgejo-deployer' é admin
          kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -

          kubectl -n gohorsejobsdev create secret docker-registry forgejo-registry \
            --docker-server=${{ env.REGISTRY }} \
            --docker-username=${{ env.IMAGE_NAMESPACE }} \
            --docker-password="${{ secrets.FORGEJO_TOKEN }}" \
            --dry-run=client -o yaml | kubectl apply -f -

          kubectl -n gohorsejobsdev create secret generic backend-secrets \
            --from-literal=JWT_SECRET="${{ vars.JWT_SECRET }}" \
            --from-literal=AMQP_URL="${{ vars.AMQP_URL }}" \
            --from-literal=DATABASE_URL="${{ vars.DATABASE_URL }}" \
            --dry-run=client -o yaml | kubectl apply -f -

          kubectl apply -f k8s/dev/ -n gohorsejobsdev

          kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev \
            backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          
          kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev \
            backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}

          kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=60s