name: Docker Public

on:
  push:
    branches: [main]
    paths:
      - 'src/food-market.public/**'
      - 'deploy/docker-compose.yml'
      - '.forgejo/workflows/docker-public.yml'
  workflow_dispatch:

env:
  LOCAL_REGISTRY: 127.0.0.1:5001
  # Текущие production-домены (миграция со stage zat.kz, см. коммит 79406e3).
  # Публичный сайт = test.food-market.kz, админка/API = admin.food-market.kz.
  # Без актуальных значений CI собирал бандл с zat.kz и каждый push
  # перетирал латест-image, ломая prod (см. коммит 2a026c5).
  PUBLIC_SITE_URL: https://test.food-market.kz
  PUBLIC_APP_URL: https://admin.food-market.kz

jobs:
  build:
    name: Build + push Public
    runs-on: [self-hosted, linux]
    steps:
      - uses: actions/checkout@v4

      - name: Build + push
        env:
          SHA: ${{ github.sha }}
          DOCKER_BUILDKIT: '1'
        run: |
          docker build \
            --build-arg PUBLIC_SITE_URL=$PUBLIC_SITE_URL \
            --build-arg PUBLIC_APP_URL=$PUBLIC_APP_URL \
            -f src/food-market.public/Dockerfile \
            -t $LOCAL_REGISTRY/food-market-public:$SHA \
            -t $LOCAL_REGISTRY/food-market-public:latest \
            src/food-market.public
          docker push $LOCAL_REGISTRY/food-market-public:$SHA
          docker push $LOCAL_REGISTRY/food-market-public:latest

  deploy:
    name: Deploy Public on stage
    needs: build
    runs-on: [self-hosted, linux]
    steps:
      - uses: actions/checkout@v4

      - name: Update compose + .env
        env:
          PGPASS: ${{ secrets.STAGE_POSTGRES_PASSWORD }}
        run: |
          cat > /home/nns/food-market-stage/deploy/.env <<ENV
          REGISTRY=127.0.0.1:5001
          API_TAG=latest
          WEB_TAG=latest
          PUBLIC_TAG=latest
          POSTGRES_PASSWORD=$PGPASS
          ENV
          cp deploy/docker-compose.yml /home/nns/food-market-stage/deploy/docker-compose.yml

      - name: Pull + recreate public only
        working-directory: /home/nns/food-market-stage/deploy
        run: |
          docker compose pull public
          docker compose up -d --no-deps public

      - name: Smoke
        run: |
          for i in 1 2 3 4 5 6; do
            sleep 4
            if curl -fsS http://127.0.0.1:8082/ -o /dev/null; then
              echo "Public OK"
              exit 0
            fi
          done
          echo "Public smoke failed"
          exit 1

      - name: Notify Telegram on success
        if: success()
        env:
          BOT: ${{ secrets.TELEGRAM_BOT_TOKEN }}
          CHAT: ${{ secrets.TELEGRAM_CHAT_ID }}
          SHA: ${{ github.sha }}
        run: |
          curl -sS -X POST "https://api.telegram.org/bot$BOT/sendMessage" \
            --data-urlencode "chat_id=$CHAT" \
            --data-urlencode "text=✅ stage public deployed — ${SHA:0:7} → https://test.food-market.kz" \
            > /dev/null

      - name: Notify Telegram on failure
        if: failure()
        env:
          BOT: ${{ secrets.TELEGRAM_BOT_TOKEN }}
          CHAT: ${{ secrets.TELEGRAM_CHAT_ID }}
          SHA: ${{ github.sha }}
        run: |
          curl -sS -X POST "https://api.telegram.org/bot$BOT/sendMessage" \
            --data-urlencode "chat_id=$CHAT" \
            --data-urlencode "text=❌ stage public deploy FAILED — ${SHA:0:7}" \
            > /dev/null