name: Build and Push Container Image, Deploy to Host

on:
  push:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: write

concurrency:
  group: docker-build
  cancel-in-progress: false

env:
  CONTAINER_TAG: reg.liteyuki.org/liteyuki/new-domain-redir:latest

jobs:
  build-and-push-and-deploy:
    runs-on: liteyukios-latest
    steps:
      - name: Checkout code
        uses: https://git.liteyuki.org/actions/checkout@v4

      - name: Set up Docker TLS
        run: |
          mkdir -p /certs
          echo "${{ secrets.DOCKER_TLS_CA }}" > /certs/ca.pem
          echo "${{ secrets.DOCKER_TLS_CERT }}" > /certs/cert.pem  
          echo "${{ secrets.DOCKER_TLS_KEY }}" > /certs/key.pem
          chmod 600 /certs/key.pem
          echo "Docker TLS setup complete."
          

      - name: Log in to Liteyuki Harbor
        uses: docker/login-action@v3
        with:
          registry: reg.liteyuki.org
          username: ${{ secrets.LCR_USERNAME }}
          password: ${{ secrets.LCR_PASSWORD }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Build and push container image
        run: |
          docker build -t ${{ env.CONTAINER_TAG }} .
          docker push ${{ env.CONTAINER_TAG }}


      - name: Update container image on host
        run: |
          docker compose -f ./docker-compose.yaml up -d --force-recreate --pull always