name: Build and Deploy Gateway

on:
  push:
    branches: [master]
  workflow_dispatch:

env:
  DEPLOY_PATH: /opt/vpn-proxy
  BASE_IMAGE: vpn-proxy-runtime-base:bookworm-slim
  RUNTIME_BASE_SOURCE_IMAGE: mirror.gcr.io/library/debian:bookworm-slim
  SINGBOX_VERSION: 1.12.13

jobs:
  build-and-push:
    runs-on: ubuntu-22.04
    steps:
      - name: Clone repository
        env:
          GIT_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
        run: |
          set -euo pipefail
          SERVER_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          rm -rf repo
          git clone --depth 2 "http://${{ gitea.actor }}:${GIT_TOKEN}@${SERVER_HOST}/${{ gitea.repository }}.git" repo
          cd repo
          git checkout ${{ gitea.sha }}

      - name: Build and push gateway image
        run: |
          set -euo pipefail
          cd repo

          npm ci --no-audit --no-fund
          npm run build

          REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}/gateway"

          echo "Build runner: $(hostname)"
          echo "Base image: ${{ env.BASE_IMAGE }}"
          echo "Docker context: $(docker context show 2>/dev/null || true)"
          docker info 2>/dev/null | sed -n '/HTTP Proxy:/p;/HTTPS Proxy:/p;/Name:/p'

          if ! docker image inspect "${{ env.BASE_IMAGE }}" >/dev/null 2>&1; then
            echo "Runtime base image ${{ env.BASE_IMAGE }} is missing; building it now."
            BASE_IMAGE="${{ env.RUNTIME_BASE_SOURCE_IMAGE }}" \
            RUNTIME_BASE_IMAGE="${{ env.BASE_IMAGE }}" \
            SINGBOX_VERSION="${{ env.SINGBOX_VERSION }}" \
            ./scripts/build-runtime-base.sh
          fi

          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "$REGISTRY_HOST" -u "${{ gitea.actor }}" --password-stdin
          DOCKER_BUILDKIT=1 docker build \
            --network host \
            --pull=false \
            --build-arg BASE_IMAGE="${{ env.BASE_IMAGE }}" \
            --build-arg SINGBOX_VERSION="${{ env.SINGBOX_VERSION }}" \
            --build-arg INSTALL_RUNTIME_DEPS=false \
            --build-arg INSTALL_SINGBOX=false \
            -t "${IMAGE}:latest" \
            -t "${IMAGE}:${{ gitea.sha }}" \
            .
          docker push "${IMAGE}:latest"
          docker push "${IMAGE}:${{ gitea.sha }}"

  deploy:
    runs-on: lxc-113
    needs: build-and-push
    steps:
      - name: Clone repository
        env:
          GIT_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
        run: |
          set -euo pipefail
          SERVER_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          rm -rf repo
          git clone --depth 2 "http://${{ gitea.actor }}:${GIT_TOKEN}@${SERVER_HOST}/${{ gitea.repository }}.git" repo
          cd repo
          git checkout ${{ gitea.sha }}

      - name: Pull and deploy gateway image
        run: |
          set -euo pipefail
          cd repo

          REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}/gateway"

          echo "Deploy runner: $(hostname)"
          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "$REGISTRY_HOST" -u "${{ gitea.actor }}" --password-stdin
          DEPLOY_PATH="${{ env.DEPLOY_PATH }}" GATEWAY_IMAGE="${IMAGE}:${{ gitea.sha }}" bash scripts/deploy-gateway.sh