name: Build and deploy Backend

on:
  push:
    branches:
      - main

jobs:
  build:
    runs-on: build-host
    env:
      SERVICE_NAME: backend
      IMAGE_SHA: gitea.dsrptlab.com/mapflow/backend:${{ github.sha }}
      IMAGE_LATEST: gitea.dsrptlab.com/mapflow/backend:latest
      DOKPLOY_DEPLOY_WEBHOOK: http://sin.dsrptlab.com:3000/api/deploy/x3IYnQHykbR__LYwh0LPH
    steps:
      - uses: actions/checkout@v4

      - name: Configure Gitea registry auth
        run: |
          set -euo pipefail
          mkdir -p ~/.docker
          auth="$(printf '%s:%s' "${{ secrets.REGISTRY_USERNAME }}" "${{ secrets.REGISTRY_TOKEN }}" | base64 | tr -d '\n')"
          printf '{"auths":{"gitea.dsrptlab.com":{"auth":"%s"}}}\n' "$auth" > ~/.docker/config.json

      - name: Build and push image
        run: |
          set -euo pipefail
          builder="builder"
          if ! docker buildx inspect "$builder" >/dev/null 2>&1; then
            docker buildx create --name "$builder" --driver docker-container --buildkitd-config /etc/buildkit/buildkitd.toml
          fi
          docker buildx use "$builder"
          docker buildx inspect --bootstrap
          docker buildx build --push --provenance=false --tag "$IMAGE_SHA" --tag "$IMAGE_LATEST" .

      - name: Skip stale deployment
        run: |
          set -euo pipefail
          latest_sha="$(git ls-remote origin refs/heads/main | awk '{print $1}')"
          if [ "$latest_sha" = "${GITHUB_SHA}" ]; then
            touch .deploy-current
          else
            echo "A newer main commit exists: $latest_sha. Skipping deploy for ${GITHUB_SHA}."
          fi

      - name: Trigger Dokploy webhook
        run: |
          set -euo pipefail
          [ -f .deploy-current ] || exit 0
          payload=$(cat <<JSON
          {"ref":"refs/heads/main","after":"$GITHUB_SHA","commits":[{"id":"$GITHUB_SHA","message":"$SERVICE_NAME #${GITHUB_RUN_NUMBER:-0} ${GITHUB_SHA:0:7}"}]}
          JSON
          )
          response_file="$(mktemp)"
          status_code="$(curl -sS -o "$response_file" -w "%{http_code}" -X POST "$DOKPLOY_DEPLOY_WEBHOOK" \
            -H "x-gitea-event: push" \
            -H "Content-Type: application/json" \
            -d "$payload")"
          cat "$response_file"
          [ "$status_code" = "200" ]

      - name: Prune shared BuildKit cache
        run: |
          set -euo pipefail
          docker buildx prune --builder builder --all --max-used-space 40gb -f