name: Frontend deploy
on:
  push:
    branches:
      - master
  workflow_dispatch:

jobs:
  deploy-frontend:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      
      - name: Import Secrets
        id: import-secrets
        uses: hashicorp/vault-action@v3.4.0
        with:
          url: https://vault.d3m0k1d.ru
          token: ${{ secrets.VAULT }}
          secrets: |
            secrets/site/prod/data/gitea TOKEN | GITEA_TOKEN ;
            secrets/site/prod/data/server SSH_KEY | SSH_KEY ;
            secrets/site/prod/data/server USER | SERVER_USER ;
            secrets/site/prod/data/server HOST | SERVER_HOST ;
            secrets/site/prod/data/server PORT | SERVER_PORT
      
      - name: Login to registry
        run: echo "${{ steps.import-secrets.outputs.GITEA_TOKEN }}" | docker login gitea.d3m0k1d.ru -u d3m0k1d --password-stdin

      - name: Build and push
        run: |
          docker build -t gitea.d3m0k1d.ru/d3m0k1d/frontend:latest ./frontend
          docker push gitea.d3m0k1d.ru/d3m0k1d/frontend:latest
      
      - name: Deploy at server
        uses: appleboy/ssh-action@v1.2.0
        with:
          host: ${{ steps.import-secrets.outputs.SERVER_HOST }}
          port: ${{ steps.import-secrets.outputs.SERVER_PORT }}
          username: ${{ steps.import-secrets.outputs.SERVER_USER }}
          key: ${{ steps.import-secrets.outputs.SSH_KEY }}
          script: |
            docker login -u d3m0k1d -p ${{ steps.import-secrets.outputs.GITEA_TOKEN }} gitea.d3m0k1d.ru
            docker pull gitea.d3m0k1d.ru/d3m0k1d/frontend:latest
            docker rm -f d3m0k1d-frontend || true
            docker run --name d3m0k1d-frontend -d -p 80:80 --restart unless-stopped --network d3m0k1d-network gitea.d3m0k1d.ru/d3m0k1d/frontend:latest