name: Deploy

on:
  push:
    branches: [main]

env:
  SERVER_IP: ${{ secrets.SERVER_IP }}
  SSH_USER: drb

jobs:
  deploy:
    name: Deploy to VM
    runs-on: ubuntu-latest

    steps:
      - name: Write SSH key
        run: |
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > /tmp/deploy_key
          chmod 600 /tmp/deploy_key

      - name: Deploy
        run: |
          ssh -o StrictHostKeyChecking=no -i /tmp/deploy_key \
            ${{ env.SSH_USER }}@${{ env.SERVER_IP }} << 'ENDSSH'
          set -e
          cd /opt/drb

          # Pull latest code
          git pull origin main

          # Rebuild and restart changed services
          docker compose up -d --build --remove-orphans

          # Reload Caddy if Caddyfile changed
          sudo systemctl reload caddy

          # Clean up old images
          docker image prune -f
          ENDSSH

      - name: Verify health
        run: |
          sleep 15
          curl -f https://api.${{ secrets.DRB_DOMAIN }}/health || \
            (echo "Health check failed" && exit 1)