name: Deploy Astro Frontend

on:
  push:
    branches:
      - main
  workflow_dispatch:

concurrency:
  group: deploy-davegilligan-new
  cancel-in-progress: true

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Check out repository
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: npm
          cache-dependency-path: package-lock.json

      - name: Install dependencies
        run: npm ci

      - name: Build Astro site
        run: npm run build

      - name: Load deployment SSH key
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Trust deployment host
        env:
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          SSH_PORT: ${{ secrets.SSH_PORT }}
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p "${SSH_PORT:-22}" -H "${REMOTE_HOST}" >> ~/.ssh/known_hosts

      - name: Package site
        run: tar -czf "site-${GITHUB_SHA}.tar.gz" -C dist .

      - name: Upload site package
        env:
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          SSH_PORT: ${{ secrets.SSH_PORT }}
        run: |
          scp -P "${SSH_PORT:-22}" "site-${GITHUB_SHA}.tar.gz" \
            "${REMOTE_USER}@${REMOTE_HOST}:/tmp/site-${GITHUB_SHA}.tar.gz"

      - name: Back up current live site
        env:
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          REMOTE_PATH: ${{ secrets.REMOTE_PATH }}
          SSH_PORT: ${{ secrets.SSH_PORT }}
        run: |
          PUBLIC_HTML="${REMOTE_PATH:-/home/davegilligan/public_html}"
          ssh -p "${SSH_PORT:-22}" "${REMOTE_USER}@${REMOTE_HOST}" \
            "PUBLIC_HTML='${PUBLIC_HTML}' bash -s" <<'EOF'
            set -e
            HOME_DIR="$(dirname "$PUBLIC_HTML")"
            BACKUP_DIR="$HOME_DIR/backups"
            mkdir -p "$BACKUP_DIR"
            STAMP="$(date +%Y%m%d_%H%M%S)"
            tar -czf "$BACKUP_DIR/public_html-astro_${STAMP}.tar.gz" \
              -C "$HOME_DIR" "$(basename "$PUBLIC_HTML")"
          EOF

      - name: Deploy static frontend safely
        env:
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          REMOTE_PATH: ${{ secrets.REMOTE_PATH }}
          SSH_PORT: ${{ secrets.SSH_PORT }}
        run: |
          PUBLIC_HTML="${REMOTE_PATH:-/home/davegilligan/public_html}"
          DEPLOY_SHA="${GITHUB_SHA}"
          ssh -p "${SSH_PORT:-22}" "${REMOTE_USER}@${REMOTE_HOST}" \
            "PUBLIC_HTML='${PUBLIC_HTML}' DEPLOY_SHA='${DEPLOY_SHA}' bash -s" <<'EOF'
            set -e
            ARCHIVE="/tmp/site-${DEPLOY_SHA}.tar.gz"
            STAGE_DIR="$(mktemp -d /tmp/dg-astro-XXXXXX)"

            tar -xzf "$ARCHIVE" -C "$STAGE_DIR"

            rsync -a --delete \
              --filter='P /api/***' \
              --filter='P /admin/***' \
              --filter='P /uploads/***' \
              --filter='P /matomo/***' \
              --filter='P /live/***' \
              --filter='P /frontend/***' \
              --filter='P /db/***' \
              --filter='P /vendor/***' \
              --filter='P /.git/***' \
              --filter='P /.claude/***' \
              --filter='P /.well-known/***' \
              --filter='P /config.php' \
              --filter='P /composer.json' \
              --filter='P /composer.lock' \
              --filter='P /.cpanel.yml' \
              "$STAGE_DIR"/ "$PUBLIC_HTML"/

            rm -rf "$STAGE_DIR" "$ARCHIVE"
          EOF