name: Deploy

on:
  # allow manual dispatch
  workflow_dispatch:
  # run on PRs
  push:
    branches:
      - master

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          submodules: true

      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: 17

      - name: Set up Node
        uses: actions/setup-node@v2
        with:
          node-version: '16'

      - name: Set up pnpm
        uses: pnpm/action-setup@v2.1.0
        with:
          version: 7

      - name: Cache Maven Deps
        uses: actions/cache@v2
        with:
          path: $GITHUB_WORKSPACE/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Build backend
        run: mvn --batch-mode --errors --fail-at-end --show-version --no-transfer-progress -Dmaven.repo.local=$GITHUB_WORKSPACE/.m2/repository install

      - name: Cache pnpm
        uses: actions/cache@v2
        with:
          path: "~/.pnpm-store"
          key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
          restore-keys: |
            ${{ runner.os }}-pnpm-

      - name: Install frontend deps
        env:
          CI: true
        run: (cd frontend && pnpm install --frozen-lockfile && cd server && pnpm install --frozen-lockfile)

      - name: Lint frontend
        env:
          CI: true
        run: (cd frontend && pnpm lint:eslint)

      # - name: Sync forth and back with crowdin
      #   uses: crowdin/github-action@1.4.0
      #   with:
      #     upload_sources: true
      #     download_translations: true
      #     push_translations: false
      #     create_pull_request: false
      #     skip_untranslated_strings: true
      #     config: 'crowdin.yml'
      #     crowdin_branch_name: master
      #   env:
      #     CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

      - name: Build frontend
        env:
          CI: true
          # keep these in sync with compose!
          BACKEND_HOST: "http://hangar_backend:8080"
          AUTH_HOST: "https://hangar-auth.benndorf.dev"
          PUBLIC_HOST: "https://hangar.benndorf.dev"
          DEBUG: "hangar:*"
        run: (cd frontend && pnpm build && cd server && pnpm build)

      - name: SSH
        uses: webfactory/ssh-agent@v0.5.2
        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
        with:
          ssh-private-key: ${{ secrets.DOCKER_HOST_SSH_KEY }}

      # I am not convinced that this is actually faster...
      # - name: Cache Docker Layers
      #   uses: satackey/action-docker-layer-caching@v0.0.11
      #   continue-on-error: true

      - name: Docker
        env:
          POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}
          SSO_API_KEY: ${{ secrets.SSO_API_KEY }}
          TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
        run: |
          echo ${{ secrets.DOCKER_HOST_SSH_SIG }} > ~/.ssh/known_hosts
          cd docker/deployment
          echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin
          docker-compose build
          docker-compose push
          DOCKER_HOST="${{ secrets.DOCKER_HOST }}" docker stack deploy --with-registry-auth --compose-file=docker-compose.yml hangar