name: CI

on:
  push:
  pull_request:

jobs:
  ci:
    runs-on: docker
    container:
      image: oven/bun:1
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install dependencies
        run: bun install --frozen-lockfile --ignore-scripts

      - name: Lint
        run: bun run lint

      - name: Test
        run: |
          bun test || EXIT=$?
          # Exit 99 = all tests passed but module-level errors (bun mock isolation)
          if [ "${EXIT:-0}" = "99" ]; then echo "⚠ Exit 99: tests passed, mock isolation warnings"; exit 0; fi
          exit ${EXIT:-0}

      - name: Build
        run: bun run build

  deploy:
    needs: ci
    if: gitea.ref == 'refs/heads/Develop' && gitea.event_name == 'push'
    runs-on: dind
    steps:
      - name: Clone repository
        run: |
          apk add --no-cache git curl docker-cli docker-cli-buildx
          git clone https://${{ secrets.GITEA_TOKEN }}@gitea.jeanlucmakiola.de/${{ gitea.repository }}.git repo
          cd repo
          git checkout Develop

      - name: Build and push Docker image
        working-directory: repo
        run: |
          REGISTRY="gitea.jeanlucmakiola.de"
          IMAGE="${REGISTRY}/${{ gitea.repository_owner }}/gearbox"
          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "$REGISTRY" -u "${{ gitea.repository_owner }}" --password-stdin
          docker buildx build \
            --cache-from type=registry,ref=${IMAGE}:buildcache \
            --cache-to type=registry,ref=${IMAGE}:buildcache \
            -t "${IMAGE}:develop" \
            --push .

      - name: Trigger Coolify deploy
        env:
          COOLIFY_TOKEN: ${{ secrets.COOLIFY_TOKEN }}
          COOLIFY_WEBHOOK: ${{ vars.COOLIFY_WEBHOOK }}
        run: |
          TOKEN=$(printf '%s' "${COOLIFY_TOKEN}" | tr -d '[:space:]')
          RESPONSE=$(curl -s -w '\n%{http_code}' -X GET "${COOLIFY_WEBHOOK}" \
            -H "Authorization: Bearer ${TOKEN}")
          STATUS=$(echo "$RESPONSE" | tail -1)
          BODY=$(echo "$RESPONSE" | sed '$d')
          echo "Coolify deploy: HTTP ${STATUS}"
          if [ "$STATUS" -ge 400 ]; then
            echo "::error::Coolify deploy failed with HTTP ${STATUS} - ${BODY}"
            exit 1
          fi

  e2e:
    if: false  # E2E tests need rewrite: auth moved from local login to OIDC (Logto). Tests still expect username/password flow.
    needs: ci
    runs-on: docker
    container:
      image: mcr.microsoft.com/playwright:v1.59.1-noble
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: gearbox
          POSTGRES_PASSWORD: gearbox
          POSTGRES_DB: gearbox
        options: >-
          --health-cmd "pg_isready -U gearbox"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    env:
      DATABASE_URL: postgresql://gearbox:gearbox@postgres:5432/gearbox
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Bun
        run: |
          apt-get update && apt-get install -y unzip
          curl -fsSL https://bun.sh/install | bash
          echo "$HOME/.bun/bin" >> $GITHUB_PATH

      - name: Install dependencies
        run: |
          export PATH="$HOME/.bun/bin:$PATH"
          bun install --frozen-lockfile --ignore-scripts

      - name: Build client
        run: |
          export PATH="$HOME/.bun/bin:$PATH"
          bun run build

      - name: Run E2E tests
        run: |
          export PATH="$HOME/.bun/bin:$PATH"
          CI=true bun run test:e2e