name: Build and Deploy

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        run: |
          rm -rf /tmp/watch-party
          git clone https://gitea.home.arpa/nik/watch-party /tmp/watch-party

      - name: Write deploy key
        run: |
          echo "${{ secrets.DEPLOY_KEY }}" > /tmp/deploy_key
          chmod 600 /tmp/deploy_key

      - name: Log in to Gitea registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.home.arpa \
            --username ${{ secrets.REGISTRY_USERNAME }} \
            --password-stdin

      - name: Inject CA into buildkit
        run: |
          cat /etc/ssl/certs/homelab-ca.pem | docker exec -i buildx_buildkit_multiarch0 \
            sh -c 'cat >> /etc/ssl/certs/ca-certificates.crt && cat >> /etc/ssl/cert.pem'

      - name: Set up Docker Buildx
        run: |
          docker buildx create --use --name multiarch || docker buildx use multiarch

      - name: Build and push backend
        run: |
          docker buildx build \
            --platform linux/amd64,linux/arm64 \
            -t gitea.home.arpa/nik/watch-party-backend:latest \
            --push \
            /tmp/watch-party/backend

      - name: Build and push frontend
        run: |
          docker buildx build \
            --platform linux/amd64,linux/arm64 \
            -t gitea.home.arpa/nik/watch-party-frontend:latest \
            --push \
            /tmp/watch-party/frontend

      - name: Deploy to Mac Mini
        run: |
          ssh -o StrictHostKeyChecking=no \
            -i /tmp/deploy_key \
            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
            "export PATH=/usr/local/bin:/opt/homebrew/bin:\$PATH && \
             cd ~/repo/watch-party && \
             docker compose pull && \
             docker compose up -d"