name: Deploy Web

on:
  push:
    branches: [main]
    paths:
      - 'web/**'
      - '.github/workflows/deploy-web.yml'
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  NGINX_IMAGE: ghcr.io/${{ github.repository_owner }}/readitlater-nginx
  API_IMAGE: ghcr.io/${{ github.repository_owner }}/readitlater-api

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v6

      - uses: docker/login-action@v4
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/build-push-action@v7
        with:
          context: web/nginx
          push: true
          tags: ${{ env.NGINX_IMAGE }}:latest,${{ env.NGINX_IMAGE }}:${{ github.sha }}

      - uses: docker/build-push-action@v7
        with:
          context: web/api
          push: true
          tags: ${{ env.API_IMAGE }}:latest,${{ env.API_IMAGE }}:${{ github.sha }}

      - name: Deploy to instance
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.WEB_HOST }}
          username: ec2-user
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
            sudo chown -R ec2-user:ec2-user /opt/app
            echo "GITHUB_OWNER=${{ github.repository_owner }}" > /opt/app/.env
            echo "DB_HOST=${{ secrets.DB_HOST }}" >> /opt/app/.env
            echo "DB_PORT=5432" >> /opt/app/.env
            echo "DB_NAME=${{ secrets.DB_NAME }}" >> /opt/app/.env
            echo "DB_USER=${{ secrets.DB_USER }}" >> /opt/app/.env
            echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> /opt/app/.env
            echo "SUMMARIZER_URL=http://${{ secrets.SUMMARIZER_HOST }}:8000" >> /opt/app/.env
            echo '${{ secrets.GITHUB_TOKEN }}' | sudo docker login ghcr.io -u ${{ github.actor }} --password-stdin
            sudo docker pull ${{ env.NGINX_IMAGE }}:latest
            sudo docker pull ${{ env.API_IMAGE }}:latest
            cd /opt/app
            cat > docker-compose.yml << 'COMPOSE'
            services:
              nginx:
                image: ghcr.io/${{ github.repository_owner }}/readitlater-nginx:latest
                ports:
                  - "80:80"
                  - "443:443"
                environment:
                  - CERTBOT_EMAIL=pavelyman76@gmail.com
                depends_on:
                  - api
                restart: always
              api:
                image: ghcr.io/${{ github.repository_owner }}/readitlater-api:latest
                env_file: .env
                restart: always
            COMPOSE
            sudo /usr/local/bin/docker-compose down || true
            sudo /usr/local/bin/docker-compose up -d