name: Build And Deploy Main

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on:
      - ubuntu-latest
    env:
      PROJECT_DIR: /home/act_runner/temp/tspt
      GIT_REPO_URL: https://git.mayo.llc/yangli/worldshine-redesign.git
      GIT_USERNAME: ${{ secrets.GITEA_USERNAME }}
      GIT_PASSWORD: ${{ secrets.GITEA_PASSWORD }}
      REMOTE_HOST: 34.232.175.208
      REMOTE_USER: rocky
      SSH_KEY: /home/act_runner/ssh-certs/charlie_ws.pem
      REMOTE_APP_ROOT: /www/wwwroot/worldshine1
      REMOTE_VIEWS_DIR: /www/wwwroot/worldshine1/app/views
      EXCLUDE_PATTERN: (^|/)\.DS_Store$|(^|/)_MACOSX(/|$)
      BEFORE_SHA: ${{ github.event.before }}
      AFTER_SHA: ${{ github.sha }}
    steps:
      - name: Ensure project checkout exists
        run: |
          set -e
          mkdir -p "$PROJECT_DIR"
          cd "$PROJECT_DIR"

          if [ ! -d ".git" ]; then
            if [ -n "$(ls -A . 2>/dev/null)" ]; then
              echo "Project dir exists but is not a git repo and not empty: $PROJECT_DIR"
              exit 1
            fi

            if [ -z "$GIT_USERNAME" ] || [ -z "$GIT_PASSWORD" ]; then
              echo "Missing GITEA_USERNAME/GITEA_PASSWORD secrets."
              exit 1
            fi

            export GIT_TERMINAL_PROMPT=0
            ASKPASS_FILE="$(mktemp)"
            printf '%s\n' '#!/usr/bin/env sh' 'case "$1" in' '  *Username*) echo "$GIT_USERNAME" ;;' '  *Password*) echo "$GIT_PASSWORD" ;;' '  *) echo "" ;;' 'esac' > "$ASKPASS_FILE"
            chmod 700 "$ASKPASS_FILE"
            GIT_ASKPASS="$ASKPASS_FILE" git clone "$GIT_REPO_URL" .
            rm -f "$ASKPASS_FILE"
          fi

      - name: Pull latest main
        run: |
          set -e
          cd "$PROJECT_DIR"
          if [ -z "$GIT_USERNAME" ] || [ -z "$GIT_PASSWORD" ]; then
            echo "Missing GITEA_USERNAME/GITEA_PASSWORD secrets."
            exit 1
          fi
          export GIT_TERMINAL_PROMPT=0
          ASKPASS_FILE="$(mktemp)"
          printf '%s\n' '#!/usr/bin/env sh' 'case "$1" in' '  *Username*) echo "$GIT_USERNAME" ;;' '  *Password*) echo "$GIT_PASSWORD" ;;' '  *) echo "" ;;' 'esac' > "$ASKPASS_FILE"
          chmod 700 "$ASKPASS_FILE"
          GIT_ASKPASS="$ASKPASS_FILE" git fetch origin main
          git checkout main
          GIT_ASKPASS="$ASKPASS_FILE" git pull origin main
          rm -f "$ASKPASS_FILE"

      - name: Build client
        run: |
          set -e
          cd "$PROJECT_DIR/client"
          npm install
          npm run build

      - name: Replace local app views from client dist
        run: |
          set -e
          cd "$PROJECT_DIR"
          mkdir -p app/views
          rm -rf app/views/*
          rsync -a --delete --exclude ".DS_Store" --exclude "_MACOSX" client/dist/ app/views/

      - name: Deploy views to remote server
        run: |
          set -e
          cd "$PROJECT_DIR"
          SSH_CMD="ssh -i $SSH_KEY -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
          RSYNC_RSH="ssh -i $SSH_KEY -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
          $SSH_CMD "$REMOTE_USER@$REMOTE_HOST" "mkdir -p \"$REMOTE_VIEWS_DIR\""
          rsync -az --delete --exclude ".DS_Store" --exclude "_MACOSX" -e "$RSYNC_RSH" app/views/ "$REMOTE_USER@$REMOTE_HOST:$REMOTE_VIEWS_DIR/"

      - name: Deploy changed backend files only
        run: |
          set -e
          cd "$PROJECT_DIR"
          SSH_CMD="ssh -i $SSH_KEY -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
          RSYNC_RSH="ssh -i $SSH_KEY -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
          CHANGE_PATHS=(app/controllers app/middlewares app/models app/routes app/scheduler app/services)

          if [ -n "$BEFORE_SHA" ] && [ "$BEFORE_SHA" != "0000000000000000000000000000000000000000" ]; then
            CHANGED_FILES=$(git diff --name-only "$BEFORE_SHA" "$AFTER_SHA" -- "${CHANGE_PATHS[@]}" | rg -v "$EXCLUDE_PATTERN" || true)
            DELETED_FILES=$(git diff --name-only --diff-filter=D "$BEFORE_SHA" "$AFTER_SHA" -- "${CHANGE_PATHS[@]}" | rg -v "$EXCLUDE_PATTERN" || true)
          else
            CHANGED_FILES=$(git show --name-only --pretty="" "$AFTER_SHA" -- "${CHANGE_PATHS[@]}" | rg -v "$EXCLUDE_PATTERN" || true)
            DELETED_FILES=""
          fi

          if [ -z "$CHANGED_FILES" ]; then
            echo "No backend file changes detected in target folders."
          else
            while IFS= read -r file; do
              [ -z "$file" ] && continue
              [ -f "$file" ] || continue
              remote_file="$REMOTE_APP_ROOT/$file"
              remote_dir=$(dirname "$remote_file")
              $SSH_CMD "$REMOTE_USER@$REMOTE_HOST" "mkdir -p \"$remote_dir\""
              rsync -az --exclude ".DS_Store" --exclude "_MACOSX" -e "$RSYNC_RSH" "$file" "$REMOTE_USER@$REMOTE_HOST:$remote_file"
              echo "Deployed: $file"
            done <<< "$CHANGED_FILES"
          fi

          if [ -n "$DELETED_FILES" ]; then
            while IFS= read -r file; do
              [ -z "$file" ] && continue
              remote_file="$REMOTE_APP_ROOT/$file"
              $SSH_CMD "$REMOTE_USER@$REMOTE_HOST" "rm -f \"$remote_file\""
              echo "Deleted on remote: $file"
            done <<< "$DELETED_FILES"
          fi