name: Build and Deploy Production

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.CONTAINER_REGISTRY }}
          username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }}
          password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_NAME }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

  deploy:
    needs: build
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest
    environment:
      name: staging
      url: https://staging.portal.servala.com/

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Deploy to OpenShift
        uses: docker://quay.io/appuio/oc:v4.16
        with:
          entrypoint: /bin/bash
          args: |
            -c "oc login --token=${OPENSHIFT_TOKEN} --server=${OPENSHIFT_URL} && \
              oc -n ${NAMESPACE} apply --overwrite -k deployment/kustomize/overlays/staging && \
              oc -n ${NAMESPACE} rollout restart deployment/servala"
        env:
          NAMESPACE: ${{ vars.NAMESPACE_PORTAL_STAGING }}
          KUBECONFIG: /tmp/kube_config
          OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN_STAGING }}
          OPENSHIFT_URL: ${{ secrets.OPENSHIFT_URL }}