name: deploy

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm

      - name: Install
        run: npm ci

      - name: Build
        env:
          SITE_URL: ${{ secrets.SITE_URL }}
          PUBLIC_NEWSLETTER_ACTION: ${{ secrets.PUBLIC_NEWSLETTER_ACTION }}
          PUBLIC_NEWSLETTER_EMAIL_FIELD: ${{ secrets.PUBLIC_NEWSLETTER_EMAIL_FIELD }}
          PUBLIC_NEWSLETTER_TITLE: ${{ secrets.PUBLIC_NEWSLETTER_TITLE }}
          PUBLIC_NEWSLETTER_DESCRIPTION: ${{ secrets.PUBLIC_NEWSLETTER_DESCRIPTION }}
        run: npm run build

      - name: Write deploy key
        if: ${{ secrets.DEPLOY_SSH_KEY != '' }}
        env:
          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
        run: |
          mkdir -p ~/.ssh
          python3 - <<'PY'
          import os
          from pathlib import Path
          key = os.environ['DEPLOY_SSH_KEY']
          p = Path.home() / '.ssh' / 'deploy_key'
          p.write_text(key, encoding='utf-8')
          PY
          chmod 600 ~/.ssh/deploy_key

      - name: Add known_hosts
        if: ${{ secrets.DEPLOY_SSH_KEY != '' }}
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p "${{ secrets.DEPLOY_SSH_PORT }}" -H "${{ secrets.DEPLOY_SSH_HOST }}" >> ~/.ssh/known_hosts

      - name: Deploy via tar over SSH
        if: ${{ secrets.DEPLOY_SSH_KEY != '' }}
        run: |
          tar -C dist -czf - . | \
            ssh -i ~/.ssh/deploy_key -p "${{ secrets.DEPLOY_SSH_PORT }}" "${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }}" \
              "bash -lc 'set -euo pipefail; tmp=\"${{ secrets.DEPLOY_PATH }}.tmp\"; rm -rf \"$tmp\"; mkdir -p \"$tmp\"; tar -xzf - -C \"$tmp\"; rm -rf \"${{ secrets.DEPLOY_PATH }}\"; mv \"$tmp\" \"${{ secrets.DEPLOY_PATH }}\"'"