kind: pipeline
type: docker
name: build-and-deploy

workspace:
  base: /woodpecker
  path: src

clone:
  depth: 50

steps:
# ── 1. Build & push images ──────────────────────────────
- name: build-and-push
  image: docker:24.0-cli
  privileged: true
  volumes:
    - name: docker-sock
      path: /var/run/docker.sock
  environment:
    REG: us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo
  commands:
    - |
      set -eu
      TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
      docker buildx create --use --name woodpecker || true
      for svc in server1 server2 server3 nginx; do
        docker buildx build -f Dockerfile.${svc} \
          -t ${REG}/${svc}:${TAG} --push .
      done
  when:
    event: [push, manual]
    branch: [master]

# ── 2. Deploy to staging via SSH ────────────────────────
- name: deploy-staging
  image: alpine:latest
  settings:
    STAGING_SSH_KEY:
      from_secret: STAGING_SSH_KEY
    STAGING_KNOWN_HOSTS:
      from_secret: STAGING_KNOWN_HOSTS
  commands:
    - |
      set -eu
      apk add --no-cache openssh bash

      mkdir -p ~/.ssh
      echo "$STAGING_KNOWN_HOSTS" > ~/.ssh/known_hosts
      echo "$STAGING_SSH_KEY" > ~/.ssh/id_ed25519
      chmod 600 ~/.ssh/id_ed25519

      TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
      ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes jcoakley@10.128.0.12 <<EOF
        cd /opt/aptiva-staging-app
        IMG_TAG=$TAG docker compose pull
        IMG_TAG=$TAG docker compose up -d --force-recreate --remove-orphans
      EOF
  when:
    event: [push, manual]
    branch: [master]