name: Build and Deploy

on:
  push:
    branches: [main]
  workflow_dispatch:

env:
  SERVICE_NAME: moneycapp-tink-demo
  IMAGE: registry.i80.dk/gitea/tink-demo

jobs:
  deploy:
    runs-on: debian-host

    env:
      PATH: /usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/bin:/snap/bin
      NOMAD_ADDR: "https://nomad.i80.dk:4646"

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Log in to Docker Registry
        run: |
          echo "${{ secrets.HARBOR_ROBOT_TOKEN }}" | docker login registry.i80.dk -u "robot\$gitserver" --password-stdin

      - name: Build and push image
        run: |
          SHA=$(echo "$GITHUB_SHA" | cut -c1-8)
          docker build -t ${IMAGE}:${SHA} -t ${IMAGE}:latest .
          docker push ${IMAGE}:${SHA}
          docker push ${IMAGE}:latest
          echo "IMAGE_TAG=${SHA}" >> $GITHUB_ENV

      - name: Validate Nomad job
        run: sed "s|:latest|:${IMAGE_TAG}|g" ${SERVICE_NAME}.nomad | nomad job validate -

      - name: Deploy to Nomad
        run: sed "s|:latest|:${IMAGE_TAG}|g" ${SERVICE_NAME}.nomad | nomad job run -

      - name: Health check
        run: |
          sleep 15
          curl -sf https://tink-demo.i80.dk/ || echo "Not yet reachable via Traefik"