name: Deploy (registry)

on:
  workflow_dispatch:

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.HARBOR_ENDPOINT }}
          username: ${{ vars.HARBOR_ROBOT_ACCOUNT }}
          password: ${{ secrets.HARBOR_ROBOT_KEY }}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            ${{ vars.HARBOR_ENDPOINT }}/${{ vars.IMAGE_NAME }}:latest
            ${{ vars.HARBOR_ENDPOINT }}/${{ vars.IMAGE_NAME }}:${{ github.sha }}

      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ vars.SSH_HOST }}
          username: ${{ vars.SSH_USER }}
          key: ${{ secrets.SSH_KEY }}
          port: ${{ vars.SSH_PORT }}
          script: |
            cd ${{ secrets.DEPLOY_PATH }}
            cat << 'ENVEOF' > .env
            ${{ secrets.DEPLOY_ENV_FILE }}
            ENVEOF

            # Export variables from .env file
            set -a
            source .env
            set +a

            docker compose --env-file .env pull
            docker compose --env-file .env up -d