name: Build and Deploy MoneyMaker

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build-and-deploy:
    runs-on: debian-host

    env:
      PATH: /usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/bin:/snap/bin
      DOCKER_HOST: unix:///var/run/docker.sock
      BUILDX_CONFIG: /tmp/buildx

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: System info
      run: |
        uname -a
        whoami

    - name: Set up Docker Context for Buildx
      id: buildx-context
      run: |
        export DOCKER_HOST=tcp://docker:2376/
        export DOCKER_TLS_VERIFY=0
        docker context rm builders || true
        docker context create builders

    - name: Verify Docker
      run: docker --version

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3
      env:
        PATH: /usr/bin:/usr/local/bin:/bin:/sbin:/usr/sbin

    - name: Log in to Harbor Registry
      run: |
        echo "${{ secrets.HARBOR_ROBOT_TOKEN }}" | docker login registry.i80.dk -u "robot\$gitserver" --password-stdin
      env:
        PATH: /usr/bin:/usr/local/bin:/bin:/sbin:/usr/sbin

    - name: Build and push Docker image
      uses: docker/build-push-action@v5
      env:
        PATH: /usr/bin:/usr/local/bin:/bin:/sbin:/usr/sbin
      with:
        context: .
        file: ./Dockerfile
        push: true
        tags: |
          registry.i80.dk/gitea/mmd:latest
          registry.i80.dk/gitea/mmd:${{ github.sha }}
        build-args: |
          BUILD_VERSION=${{ github.ref_name }}-${{ github.sha }}
          GIT_COMMIT=${{ github.sha }}
          BUILD_TIME=${{ github.event.head_commit.timestamp }}

    - name: Substitute secrets into Nomad job
      run: |
        sed \
          -e "s|__DATABASE_URL__|${{ secrets.DATABASE_URL }}|g" \
          -e "s|__ANTHROPIC_API_KEY__|${{ secrets.ANTHROPIC_API_KEY }}|g" \
          -e "s|__SAXO_APP_KEY__|${{ secrets.SAXO_APP_KEY }}|g" \
          -e "s|__SAXO_APP_SECRET_1__|${{ secrets.SAXO_APP_SECRET_1 }}|g" \
          mmd.nomad > mmd_deploy.nomad
      env:
        PATH: /usr/bin:/usr/local/bin:/bin:/sbin:/usr/sbin

    - name: Validate Nomad job
      run: |
        echo "Validating Nomad job specification..."
        nomad job validate mmd_deploy.nomad
      env:
        NOMAD_ADDR: "https://nomad.i80.dk:4646"

    - name: Deploy to Nomad
      run: |
        echo "Deploying to Nomad cluster..."
        nomad job run mmd_deploy.nomad
      env:
        NOMAD_ADDR: "https://nomad.i80.dk:4646"

    - name: Wait for deployment
      run: |
        echo "Checking deployment status..."
        sleep 15
        nomad job status moneymaker
        echo "=== Allocations ==="
        nomad job allocs moneymaker
      env:
        NOMAD_ADDR: "https://nomad.i80.dk:4646"

    - name: Health check
      run: |
        echo "Waiting for Traefik routing..."
        sleep 30
        curl -f https://mmd.i80.dk/health || echo "Not yet available via Traefik — check Nomad UI"
      env:
        PATH: /usr/bin:/usr/local/bin:/bin:/sbin:/usr/sbin

    - name: Deployment summary
      run: |
        echo "Deployment complete!"
        echo "  Dashboard : https://mmd.i80.dk"
        echo "  Health    : https://mmd.i80.dk/health"
        echo "  Nomad UI  : https://nomad.i80.dk:4646"