name: "Deploy to Homelab"

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - name: Check out repository
      uses: actions/checkout@v3

    # See documentation: https://github.com/tailscale/github-action?tab=readme-ov-file
    - name: Connect to Tailscale
      uses: tailscale/github-action@v4
      with:
        oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
        oauth-secret: ${{ secrets.TS_OAUTH_CLIENT_SECRET }}
        tags: tag:ci


    - name: Set up SSH key
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519
        ssh-keyscan ${{ vars.HOST }} >> ~/.ssh/known_hosts

    - name: Remove directory from server
      run: |
        ssh -i ~/.ssh/id_ed25519 ${{ vars.USERNAME }}@${{ vars.HOST }} << 'EOF'
          rm -rf ~/${{ vars.DIRECTORY_NAME }}
        EOF

    # Avoid needing to set up SSH access to GitHub for this user
    - name: Transfer repository files to server
      run: |
        scp -i ~/.ssh/id_ed25519 -r ./* ${{ vars.USERNAME }}@${{ vars.HOST }}:~/${{ vars.DIRECTORY_NAME }}

    - name: Deploy on server with Docker
      run: |
        ssh -i ~/.ssh/id_ed25519 ${{ vars.USERNAME }}@${{ vars.HOST }} << 'EOF'
          cd ~/${{ vars.DIRECTORY_NAME }}
          export TRUST_PROXY=true
          export COOKIE_SECURE=true
          export JWT_SECRET=${{ secrets.JWT_SECRET }}
          docker compose -f docker-compose.yml down
          docker compose -f docker-compose.yml up -d --build
        EOF