---
kind: pipeline
type: docker
name: build-and-deploy

steps:
  ssh-deploy:
    image: google/cloud-sdk:latest
    entrypoint:
      - bash
      - -c
      - >
        set -euo pipefail;

        mkdir -p ~/.ssh;

        gcloud secrets versions access latest --secret=STAGING_KNOWN_HOSTS --project=aptivaai-dev | base64 -d > ~/.ssh/known_hosts;
        chmod 644 ~/.ssh/known_hosts;

        gcloud secrets versions access latest --secret=STAGING_SSH_KEY --project=aptivaai-dev | base64 -d > ~/.ssh/id_ed25519;
        chmod 600 ~/.ssh/id_ed25519;
        echo "🔑 SSH prerequisites installed";

        echo "📦 CI_COMMIT_SHA: ${CI_COMMIT_SHA:-unset}";
        TAG="${CI_COMMIT_SHA:-}";
        if [ -z "$TAG" ]; then echo "❌ CI_COMMIT_SHA is blank. Aborting."; exit 1; fi;
        TAG=$(echo "$TAG" | head -c 8);
        echo "🚀 Deploying tag ${TAG} to staging";

        ssh -o StrictHostKeyChecking=yes -i ~/.ssh/id_ed25519 jcoakley@10.128.0.12 \
        "export IMG_TAG=${TAG}; \
         cd /home/jcoakley/aptiva-staging-app; \
         echo 'IMG_TAG = ${IMG_TAG}'; \
         echo '→ Pulling containers'; \
         docker compose pull; \
         echo '→ Recreating services'; \
         docker compose up -d --force-recreate --remove-orphans; \
         echo '✅ Staging stack refreshed with tag ${IMG_TAG}'"
    secrets:
      - STAGING_SSH_KEY
      - STAGING_KNOWN_HOSTS

environment:
  CI_COMMIT_SHA: ${CI_COMMIT_SHA}

when:
  event:
    - push