name: Deploy Backend and Backoffice Dev

on:
  workflow_dispatch:
  push:
    branches: [dev]

env:
  REGISTRY: pipe.gohorsejobs.com
  IMAGE_NAMESPACE: bohessefm
  DOCKER_HOST: unix:///run/docker.sock
  DOCKER_BUILDKIT: 0

jobs:
  build-and-push:
    runs-on: [self-hosted, linux-amd64]
    defaults:
      run:
        shell: sh

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Docker Login
        run: |
          echo "${{ secrets.FORGEJO_TOKEN }}" | docker login ${{ env.REGISTRY }} \
            -u ${{ env.IMAGE_NAMESPACE }} --password-stdin

      - name: Build & Push Backend
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest ./backend
          
          docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:latest

      - name: Build & Push Backoffice
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest ./backoffice
          
          docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
          docker push --quiet ${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:latest

  deploy:
    needs: build-and-push
    runs-on: [self-hosted, linux-amd64]
    steps:
      - name: Install Deploy Tools
        # Baixa o kubectl oficial para evitar erro de pacote no Alpine
        run: |
          apk add --no-cache curl ca-certificates
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl /usr/local/bin/

      - name: Checkout code
        uses: actions/checkout@v4

      - name: Configure Kubeconfig
        # Cria o arquivo de acesso usando o Secret que você configurou no Forgejo
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBE_CONFIG }}" > ~/.kube/config
          chmod 600 ~/.kube/config

      - name: Sync Registry Secret
        # Garante que o segredo de pull da imagem exista no namespace de destino
        run: |
          kubectl create namespace gohorsejobsdev --dry-run=client -o yaml | kubectl apply -f -
          
          kubectl get secret forgejo-registry-secret --namespace=forgejo -o yaml | \
          sed 's/namespace: forgejo/namespace: gohorsejobsdev/' | \
          kubectl apply -f - || echo "Aviso: Falha ao sincronizar secret, prosseguindo..."

      - name: Deploy to K3s
        run: |
          # Aplica os arquivos YAML da pasta k8s/dev
          kubectl apply -f k8s/dev/ -n gohorsejobsdev

          # Atualiza os deployments para as imagens buildadas neste commit específico
          kubectl -n gohorsejobsdev set image deployment/gohorse-backend-dev \
            backend=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/gohorsejobs:${{ github.sha }}
          
          kubectl -n gohorsejobsdev set image deployment/gohorse-backoffice-dev \
            backoffice=${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/backoffice:${{ github.sha }}
          
          # Aguarda a conclusão para garantir que o serviço subiu
          kubectl -n gohorsejobsdev rollout status deployment/gohorse-backend-dev --timeout=120s