name: CI/CD Pipeline

on:
  push:
    branches: [main]
  workflow_dispatch:

env:
  K3S_HOST: "100.67.198.92"
  K3S_USER: "andres"
  DOMAIN: "academia.ingeniumcodex.com"

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.K3S_SSH_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H ${{ env.K3S_HOST }} >> ~/.ssh/known_hosts 2>/dev/null

      - name: Deploy to K3s
        run: |
          ssh ${{ env.K3S_USER }}@${{ env.K3S_HOST }} 'bash -s' << 'ENDSSH'
            set -e
            cd ~/academia

            echo "=== Pulling latest code ==="
            git fetch origin main
            git reset --hard origin/main

            echo "=== Running tests ==="
            dotnet test tests/Domain.Tests --verbosity minimal
            dotnet test tests/Application.Tests --verbosity minimal

            echo "=== Building Docker images ==="
            sudo docker build -f deploy/docker/Dockerfile.api -t student-api:latest . &
            PID_API=$!
            sudo docker build -f deploy/docker/Dockerfile.frontend -t student-frontend:latest . &
            PID_FE=$!
            wait $PID_API
            wait $PID_FE

            echo "=== Importing to K3s ==="
            sudo sh -c 'docker save student-api:latest | k3s ctr images import -'
            sudo sh -c 'docker save student-frontend:latest | k3s ctr images import -'

            echo "=== Deploying ==="
            sudo kubectl apply -k deploy/k3s/
            sudo kubectl rollout restart deployment/student-api deployment/student-frontend -n academia

            echo "=== Waiting for rollout ==="
            sudo kubectl rollout status deployment/student-api -n academia --timeout=180s
            sudo kubectl rollout status deployment/student-frontend -n academia --timeout=60s

            echo "=== Deploy complete ==="
          ENDSSH

  smoke-tests:
    runs-on: ubuntu-latest
    needs: deploy
    steps:
      - name: Wait and Verify
        run: |
          sleep 15
          echo "Checking health..."
          curl -sf https://${{ env.DOMAIN }}/health | grep -q '"status":"Healthy"'
          echo "Checking frontend..."
          curl -sf https://${{ env.DOMAIN }}/ | grep -q 'Sistema de Estudiantes'
          echo "Checking GraphQL..."
          curl -sf -X POST https://${{ env.DOMAIN }}/graphql \
            -H "Content-Type: application/json" \
            -d '{"query":"{ subjects { id } }"}' | grep -q '"subjects"'
          echo "All checks passed!"

  rollback:
    runs-on: ubuntu-latest
    needs: smoke-tests
    if: failure()
    steps:
      - name: Setup SSH and Rollback
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.K3S_SSH_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H ${{ env.K3S_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
          ssh ${{ env.K3S_USER }}@${{ env.K3S_HOST }} \
            'sudo kubectl rollout undo deployment/student-api deployment/student-frontend -n academia'