name: Build & Deploy Tippspiel

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: self-hosted
    steps:
      - name: Checkout
        run: |
          rm -rf workspace && mkdir workspace
          GIT_TERMINAL_PROMPT=0 git clone \
            --depth 1 \
            --branch main \
            http://x-token:${{ secrets.DEPLOY_TOKEN }}@gitea:3000/mwf975_git/tippspiel.git \
            workspace

      - name: Create build context
        run: |
          cd workspace
          tar cf /tmp/tippspiel-ci.tar \
            --exclude='.git' \
            --exclude='node_modules' \
            --exclude='*.docx' \
            --exclude='prototyp_*.html' \
            .
          echo "Build context size: $(du -sh /tmp/tippspiel-ci.tar | cut -f1)"

      - name: Build Docker Image via Portainer
        run: |
          echo "Starting Docker build on NAS..."
          curl -s -k -X POST \
            "https://192.168.1.60:9444/api/endpoints/2/docker/build?t=wm2026-tippspiel:latest&dockerfile=./Dockerfile" \
            -H "X-API-Key: ${{ secrets.PORTAINER_TOKEN }}" \
            -H "Content-Type: application/x-tar" \
            --data-binary @/tmp/tippspiel-ci.tar \
            --max-time 600 \
            | grep -E '(Successfully built|Successfully tagged|error|Error)' || true
          echo "Build completed."

      - name: Redeploy Stack via Portainer
        run: |
          echo "Redeploying stack wm2026-tippspiel..."
          curl -s -k -X PUT \
            "https://192.168.1.60:9444/api/stacks/115?endpointId=2" \
            -H "X-API-Key: ${{ secrets.PORTAINER_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d '{
              "stackFileContent": "services:\n  tippspiel:\n    image: wm2026-tippspiel:latest\n    container_name: wm2026-tippspiel\n    restart: unless-stopped\n    ports:\n      - \"3301:3001\"\n    environment:\n      - NODE_ENV=development\n      - PORT=3001\n      - DATABASE_URL=postgresql://postgres.ggqsfnlqezgxcfqkytrr:***REMOVED-DB-PW***@aws-0-eu-west-1.pooler.supabase.com:6543/postgres\n      - SUPABASE_URL=https://ggqsfnlqezgxcfqkytrr.supabase.co\n      - SUPABASE_SERVICE_ROLE_KEY=***REMOVED-SUPABASE-JWT***\n      - ANTHROPIC_API_KEY=***REMOVED-ANTHROPIC***\n      - FOOTBALL_API_KEY=***REMOVED-FOOTBALL***\n      - FOOTBALL_API_BASE_URL=https://api.football-data.org/v4\n      - ELEVENLABS_API_KEY=***REMOVED-ELEVENLABS***\n      - CORS_ORIGIN=*\n      - STAFFBASE_PUBLIC_KEY=dev-mode-no-key-needed\n      - STAFFBASE_PLUGIN_ID=\n    healthcheck:\n      test: [\"CMD\", \"wget\", \"-qO-\", \"http://localhost:3001/health\"]\n      interval: 30s\n      timeout: 5s\n      start_period: 10s\n      retries: 3\n    networks:\n      - main-network\n\nnetworks:\n  main-network:\n    external: true",
              "env": [],
              "prune": true,
              "pullImage": false
            }' \
            | python3 -c "import sys,json; d=json.load(sys.stdin); print('Stack redeployed:', d.get('Name'), '| Status:', d.get('Status'))" 2>/dev/null \
            || echo "Stack redeploy triggered."
          echo "Deployment complete!"

      - name: Verify deployment
        run: |
          sleep 15
          STATUS=$(curl -s http://192.168.1.60:3301/health | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('status'))" 2>/dev/null || echo "unreachable")
          echo "Health check: $STATUS"
          if [ "$STATUS" = "ok" ]; then
            echo "✅ Deployment successful! App running at http://192.168.1.60:3301"
          else
            echo "⚠️  Health check inconclusive (container may be restarting)"
          fi

      - name: Cleanup
        if: always()
        run: rm -rf workspace /tmp/tippspiel-ci.tar