name: Deploy Summarizer

on:
  push:
    branches: [main]
    paths:
      - 'summarizer/**'
      - '.github/workflows/deploy-summarizer.yml'
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  IMAGE: ghcr.io/${{ github.repository_owner }}/readitlater-summarizer

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v6

      - uses: docker/login-action@v4
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/build-push-action@v7
        with:
          context: summarizer
          push: true
          tags: ${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ github.sha }}

      - name: Deploy to instance
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.SUMMARIZER_HOST }}
          username: ec2-user
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          proxy_host: ${{ secrets.WEB_HOST }}
          proxy_username: ec2-user
          proxy_key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
            echo '${{ secrets.GITHUB_TOKEN }}' | sudo docker login ghcr.io -u ${{ github.actor }} --password-stdin
            sudo docker pull ${{ env.IMAGE }}:latest
            sudo docker stop summarizer || true
            sudo docker rm summarizer || true
            sudo docker run -d \
              --name summarizer \
              --restart always \
              -p 8000:8000 \
              ${{ env.IMAGE }}:latest