name: Deploy Marketing-Site

on:
  push:
    branches:
      - main
  workflow_dispatch:

concurrency:
  group: deploy-marketing
  cancel-in-progress: false

jobs:
  test:
    name: Lint + Smoke-Tests
    runs-on: docker
    container:
      image: node:22-bookworm
    steps:
      - uses: actions/checkout@v4

      - name: pnpm aktivieren
        run: |
          corepack enable
          corepack prepare pnpm@latest --activate

      - name: Dependencies
        run: pnpm install --frozen-lockfile

      - name: Production-Build
        run: pnpm build

      - name: Playwright-Browser
        run: pnpm exec playwright install --with-deps chromium

      - name: Smoke-Tests gegen Production-Build
        run: pnpm exec playwright test
        env:
          CI: '1'

      - name: Build-Artefakt aufheben
        uses: actions/upload-artifact@v3
        with:
          name: dist
          path: dist/
          retention-days: 3

  deploy:
    name: Deploy auf Marketing-VPS
    runs-on: docker
    container:
      image: alpine:3.20
    needs: test
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4

      - name: Tools installieren
        run: |
          apk add --no-cache rsync openssh-client

      - name: Build-Artefakt holen
        uses: actions/download-artifact@v3
        with:
          name: dist
          path: dist/

      - name: SSH-Key setzen
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.MARKETING_SSH_KEY }}" > ~/.ssh/marketing
          chmod 600 ~/.ssh/marketing
          ssh-keyscan -H "${{ secrets.MARKETING_HOST }}" >> ~/.ssh/known_hosts

      - name: Rsync zu Marketing-VPS
        run: |
          rsync -avz --delete \
            -e "ssh -i ~/.ssh/marketing -o StrictHostKeyChecking=yes" \
            dist/ \
            "${{ secrets.MARKETING_USER }}@${{ secrets.MARKETING_HOST }}:slimcore.io/"

      - name: Deploy-Verifikation
        run: |
          # Caddy braucht keine Reload — file_server liest live aus dem Verzeichnis
          # Stattdessen: HTTPS-Check, dass die neue Version live ist
          sleep 3
          STATUS=$(wget -qO- --server-response https://slimcore.io/ 2>&1 | awk '/HTTP\//{print $2}' | head -1)
          if [ "$STATUS" != "200" ]; then
            echo "Production-Site liefert HTTP $STATUS, erwartet 200"
            exit 1
          fi
          echo "✓ slimcore.io antwortet mit 200"

  notify:
    name: Deploy-Notification
    runs-on: docker
    container:
      image: alpine:3.20
    needs: deploy
    if: always()
    steps:
      - name: Status-Mail an Pascal
        if: ${{ secrets.BREVO_API_KEY != '' }}
        run: |
          apk add --no-cache curl
          STATUS="${{ needs.deploy.result }}"
          SUBJECT="[slimcore.io] Deploy ${STATUS}"
          BODY="Deploy von ${{ github.sha }} auf slimcore.io: ${STATUS}\n\nCommit: ${{ github.event.head_commit.message }}\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
          curl -X POST https://api.brevo.com/v3/smtp/email \
            -H "api-key: ${{ secrets.BREVO_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d "{
              \"sender\": {\"email\": \"deploy@digiformer.net\", \"name\": \"Forgejo Deploy\"},
              \"to\": [{\"email\": \"pascal.oelmann@digiformer.net\"}],
              \"subject\": \"$SUBJECT\",
              \"textContent\": \"$BODY\"
            }"