name: Deploy

on:
  push:
    branches:
      - dev
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set environment
        id: env
        run: |
          if [ "${{ github.ref_name }}" = "main" ]; then
            echo "COMPOSE_FILE=docker/docker-compose.prod.yml" >> $GITHUB_OUTPUT
            echo "PROJECT_PATH=/volume1/docker/auditshield-prod" >> $GITHUB_OUTPUT
          else
            echo "COMPOSE_FILE=docker/docker-compose.yml" >> $GITHUB_OUTPUT
            echo "PROJECT_PATH=/volume1/docker/auditshield-dev" >> $GITHUB_OUTPUT
          fi

      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          printf '%s' "${{ secrets.NAS_SSH_KEY }}" > ~/.ssh/nas_key
          chmod 600 ~/.ssh/nas_key
          ssh-keyscan -p 22 ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts 2>/dev/null

      - name: Copy files to NAS
        run: |
          ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
            "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}"
          tar --exclude='.git' --exclude='node_modules' --exclude='.env' -czf - . | \
            ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
            "tar -xzf - -C ${{ steps.env.outputs.PROJECT_PATH }}"

      - name: Setup env file
        run: |
          ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
            "cd ${{ steps.env.outputs.PROJECT_PATH }} && cp .env.example .env 2>/dev/null || true"

      - name: Deploy
        run: |
          ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
            "cd ${{ steps.env.outputs.PROJECT_PATH }} && /usr/local/bin/docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans && /usr/local/bin/docker image prune -f"