name: Build and Deploy

on:
  push:
    branches:
      - main

jobs:
  # ===================================================================
  # JOB 1: CONSTRUIR Y SUBIR LAS IMÁGENES (FUNCIONA PERFECTAMENTE)
  # ===================================================================
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Create Kaniko config file
        run: echo '{"auths":{"${{ secrets.REGISTRY_URL }}":{"username":"${{ secrets.REGISTRY_USER }}","password":"${{ secrets.ACTIONS_PAT }}"}}}' > ${{ gitea.workspace }}/config.json

      - name: Build and Push Backend & Frontend
        run: |
          docker run --rm -v ${{ gitea.workspace }}:/workspace -v ${{ gitea.workspace }}/config.json:/kaniko/.docker/config.json gcr.io/kaniko-project/executor:v1.9.0 --context=/workspace --dockerfile=/workspace/Backend/GestionIntegral.Api/Dockerfile --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-backend:latest --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-backend:${{ gitea.sha_short }} --insecure
          docker run --rm -v ${{ gitea.workspace }}:/workspace -v ${{ gitea.workspace }}/config.json:/kaniko/.docker/config.json gcr.io/kaniko-project/executor:v1.9.0 --context=/workspace --dockerfile=/workspace/Frontend/Dockerfile --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-frontend:latest --destination=${{ secrets.REGISTRY_URL }}/${{ gitea.actor }}/${{ toLower(gitea.repository_name) }}-frontend:${{ gitea.sha_short }} --insecure

  # ===================================================================
  # JOB 2: DESPLEGAR LA APLICACIÓN (LA SOLUCIÓN FINAL Y ROBUSTA)
  # ===================================================================
  deploy:
    runs-on: ubuntu-latest
    needs: build-and-push
    
    steps:
      - name: Deploy to Production via SSH
        run: |
          # Preparamos el cliente SSH como antes
          apt-get update && apt-get install -y openssh-client
          mkdir -p ~/.ssh
          echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
          
          # Creamos el script de despliegue como una única cadena
          # Usamos '&&' para encadenar comandos y asegurar que falle si algo sale mal
          DEPLOY_SCRIPT="
            set -e; \
            echo '--- CONECTADO AL SERVIDOR DE PRODUCCIÓN ---'; \
            cd /opt/gestion-integral; \
            export DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}'; \
            export JWT_KEY='${{ secrets.JWT_KEY_SECRET }}'; \
            echo '${{ secrets.ACTIONS_PAT }}' | docker login ${{ secrets.REGISTRY_URL }} -u '${{ secrets.REGISTRY_USER }}' --password-stdin; \
            docker compose pull; \
            docker compose up -d; \
            docker image prune -af; \
            echo '--- ¡¡DESPLIEGUE COMPLETADO Y VERIFICADO!! ---'; \
          "
          
          # Ejecutamos el script remoto
          ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} "$DEPLOY_SCRIPT"