name: Deploy

on:
  push:
    branches: [main]
  release:
    types: [published]

concurrency:
  group: deploy-${{ github.ref }}
  cancel-in-progress: true

env:
  NODE_VERSION: "20"

jobs:
  detect-environment:
    name: Detect Environment
    runs-on: ubuntu-latest
    outputs:
      environment: ${{ steps.detect.outputs.environment }}
    steps:
      - name: Detect deployment target
        id: detect
        run: |
          if [ "${{ github.event_name }}" = "release" ]; then
            echo "environment=production" >> $GITHUB_OUTPUT
          else
            echo "environment=staging" >> $GITHUB_OUTPUT
          fi

  build-and-push:
    name: Build and Push Docker Images
    runs-on: ubuntu-latest
    needs: detect-environment
    environment: ${{ needs.detect-environment.outputs.environment }}
    strategy:
      matrix:
        include:
          - name: api
            dockerfile: packages/api/Dockerfile
          - name: darkwatch
            dockerfile: services/darkwatch/Dockerfile
          - name: spamshield
            dockerfile: services/spamshield/Dockerfile
          - name: voiceprint
            dockerfile: services/voiceprint/Dockerfile
    steps:
      - uses: actions/checkout@v4
      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Calculate image tag
        id: tag
        run: |
          if [ "${{ needs.detect-environment.outputs.environment }}" = "production" ]; then
            echo "tag=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
          else
            echo "tag=staging-${{ github.sha }}" >> $GITHUB_OUTPUT
          fi
      - name: Build and push ${{ matrix.name }}
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ${{ matrix.dockerfile }}
          push: true
          tags: ghcr.io/${{ github.repository_owner }}/shieldai-${{ matrix.name }}:${{ steps.tag.outputs.tag }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  deploy:
    name: Deploy to ${{ needs.detect-environment.outputs.environment }}
    runs-on: ubuntu-latest
    needs: [detect-environment, build-and-push]
    environment: ${{ needs.detect-environment.outputs.environment }}
    steps:
      - uses: actions/checkout@v4
      - name: Calculate deployment tag
        id: tag
        run: |
          if [ "${{ needs.detect-environment.outputs.environment }}" = "production" ]; then
            echo "tag=${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
          else
            echo "tag=staging-${{ github.sha }}" >> $GITHUB_OUTPUT
          fi
      - name: Deploy via Docker Compose
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USER }}
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          script: |
            cd /opt/shieldai
            export DOCKER_TAG="${{ steps.tag.outputs.tag }}"
            export ENVIRONMENT="${{ needs.detect-environment.outputs.environment }}"
            docker compose pull
            docker compose up -d
            docker image prune -f