name: Deploy KCG

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # ═══ Frontend ═══
      - name: Configure npm registry
        run: |
          echo "registry=https://nexus.gc-si.dev/repository/npm-public/" > frontend/.npmrc
          echo "//nexus.gc-si.dev/repository/npm-public/:_auth=${{ secrets.NEXUS_NPM_AUTH }}" >> frontend/.npmrc

      - name: Build frontend
        working-directory: frontend
        env:
          VITE_GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
        run: |
          npm ci
          npx vite build

      - name: Deploy frontend
        run: |
          rm -rf /deploy/kcg/*
          cp -r frontend/dist/* /deploy/kcg/
          echo "Frontend deployed at $(date '+%Y-%m-%d %H:%M:%S')"

      # ═══ Backend ═══
      - name: Install JDK 21 + Maven
        run: |
          apt-get update -qq
          apt-get install -y -qq wget apt-transport-https gpg maven > /dev/null 2>&1
          wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor -o /usr/share/keyrings/adoptium.gpg
          echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main" > /etc/apt/sources.list.d/adoptium.list
          apt-get update -qq
          apt-get install -y -qq temurin-21-jdk > /dev/null 2>&1
          echo "JAVA_HOME=/usr/lib/jvm/temurin-21-jdk-amd64" >> $GITHUB_ENV
          echo "/usr/lib/jvm/temurin-21-jdk-amd64/bin" >> $GITHUB_PATH
          /usr/lib/jvm/temurin-21-jdk-amd64/bin/java -version
          mvn --version

      - name: Build backend
        working-directory: backend
        run: mvn -B clean package -DskipTests

      - name: Deploy backend
        env:
          GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
          JWT_SECRET: ${{ secrets.JWT_SECRET }}
          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
        run: |
          DEPLOY_DIR=/deploy/kcg-backend
          mkdir -p $DEPLOY_DIR/backup

          # JAR 백업 (최근 5개 유지)
          if [ -f $DEPLOY_DIR/kcg.jar ]; then
            cp $DEPLOY_DIR/kcg.jar $DEPLOY_DIR/backup/kcg-$(date +%Y%m%d%H%M%S).jar
            ls -t $DEPLOY_DIR/backup/*.jar | tail -n +6 | xargs -r rm
          fi

          # Secrets → 환경변수 파일 (빈 값은 제외)
          : > $DEPLOY_DIR/.env
          [ -n "$GOOGLE_CLIENT_ID" ] && echo "GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}" >> $DEPLOY_DIR/.env
          [ -n "$JWT_SECRET" ] && echo "JWT_SECRET=${JWT_SECRET}" >> $DEPLOY_DIR/.env
          [ -n "$DB_PASSWORD" ] && echo "DB_PASSWORD=${DB_PASSWORD}" >> $DEPLOY_DIR/.env

          # JAR 내부에 application-prod.yml이 있으면 외부 파일 제거
          if unzip -l backend/target/kcg.jar | grep -q 'application-prod.yml$'; then
            rm -f $DEPLOY_DIR/application-prod.yml
            echo "JAR 내부 application-prod.yml 감지 → 외부 파일 제거"
          fi

          # systemd 서비스 파일 배포 (watcher가 반영)
          cp deploy/kcg-backend.service $DEPLOY_DIR/kcg-backend.service
          cp deploy/kcg-backend-watcher.service $DEPLOY_DIR/kcg-backend-watcher.service
          cp deploy/kcg-backend-watcher.path $DEPLOY_DIR/kcg-backend-watcher.path

          # JAR 교체 + 재시작 트리거
          cp backend/target/kcg.jar $DEPLOY_DIR/kcg.jar
          date '+%s' > $DEPLOY_DIR/.deploy-trigger
          echo "Backend deployed at $(date '+%Y-%m-%d %H:%M:%S')"