name: Deploy Production

on:
  workflow_dispatch:

jobs:
  deploy_production:
    name: Deploy to Production
    runs-on: ubuntu-latest
    environment:
      name: production
      url: https://api-finance.ai-assistant-bot.xyz

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install SSH and rsync
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends openssh-client rsync

      - name: Configure SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

      - name: Ensure remote directory exists
        run: |
          ssh -o StrictHostKeyChecking=yes "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" \
          "mkdir -p /opt/apps/api-finance"

      - name: Sync repository to server
        run: |
          rsync -az --delete \
            --exclude='.git' \
            --exclude='.env' \
            --exclude='.env.*' \
            --exclude='node_modules' \
            --exclude='coverage' \
            --exclude='dist' \
            ./ "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:/opt/apps/api-finance/"

      - name: Rebuild and restart Docker Compose
        run: |
          ssh -o StrictHostKeyChecking=yes "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" "
            set -e
            cd /opt/apps/api-finance
            docker compose -f docker-compose.server.yml pull
            docker compose -f docker-compose.server.yml up -d --build
            docker image prune -f
          "

      - name: Optional: Check service health
        run: |
          ssh -o StrictHostKeyChecking=yes "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" "
            set -e
            curl --fail --silent --show-error https://api-finance.ai-assistant-bot.xyz/ || exit 1
          "