name: Development | CD

on:
  push:
    branches:
      - feature/ci-cd 

concurrency:
  group: ${{ github.workflow }}

env:
  DEJO_NODE_AWS_REGION: us-east-1
  AWS_ECR_REPOSITORY: dev-dejo/dejo-node
  KUBE_NAMESPACE: dejo-node
  KUBE_DEPLOY_NAME: api-app
  DISABLE_DISCORD_NOTIFY: true 
  DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}

jobs:
  build_and_push:
    name: Docker | Build and Push
    runs-on: [self-hosted]
    steps:
      - name: Checkout Branch
        uses: actions/checkout@v2

      - name: Discord | Notify Início
        if: ${{ always() && env.DISABLE_DISCORD_NOTIFY != 'true' }}
        run: |
          curl -X POST -H "Content-Type: application/json" \
            -d '{"content": ":arrow_forward: Iniciando deploy no ambiente development..."}' \
            "${DISCORD_WEBHOOK}"

      - name: Commit Short Hash
        id: vars
        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Copy Env
        run: cp infrastructure/.env.example infrastructure/.env

      - name: Cache Docker layers
        uses: actions/cache@v4
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-multi-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-multi-buildx

      - name: Docker Login to AWS ECR
        uses: docker/login-action@v2
        with:
          registry: ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}
          username: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }}
          password: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }}

      - name: Build and Push Backend
        uses: docker/build-push-action@v5
        with:
          context: . 
          builder: ${{ steps.buildx.outputs.name }}
          file: ./Dockerfile
          push: true
          tags: |
            ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:latest
            ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:${{ env.sha_short }}
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new

      - name: Moving Cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

  kustomize_apply:
    name: Kubernetes | Kustomize Apply
    runs-on: [self-hosted]
    needs: build_and_push
    steps:
      - name: Checkout Branch
        uses: actions/checkout@v2

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }}
          aws-secret-access-key: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }}
          aws-region: ${{ env.DEJO_NODE_AWS_REGION }}

      - name: Debug | Mostrar estrutura após checkout
        run: |
          echo "PWD = $(pwd)"
          ls -R .

      - name: Kubernetes | Apply Kustomize
        env:
          KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }}
          KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }}
        run: |
          # Decodifica e grava o kubeconfig
          echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig
          export KUBECONFIG=$PWD/kubeconfig

          # Aplica todos os manifests gerados pelo Kustomize
          kubectl apply -k infrastructure/kubernetes/dev -n "${KUBE_NAMESPACE}"

  deploy_backend:
    name: 'Kubernetes | Deploy App'
    needs: kustomize_apply
    runs-on: [self-hosted]
    steps:
      - name: Checkout Branch
        uses: actions/checkout@v2

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.DEJO_NODE_AWS_ACCESS_KEY }}
          aws-secret-access-key: ${{ secrets.DEJO_NODE_AWS_SECRET_KEY }}
          aws-region: ${{ env.DEJO_NODE_AWS_REGION }}

      - name: Commit Short Hash
        id: vars
        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV

      - name: Kubernetes | Deploy API
        env:
          KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }}
          KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }}
          RELEASE_IMAGE: ${{ secrets.DEV_DEJO_AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:${{ env.sha_short }}
        run: |
          # Decodifica e grava o kubeconfig
          echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig
          export KUBECONFIG=$PWD/kubeconfig

          # Atualiza a imagem no Deployment
          kubectl set image deployment/${{ env.KUBE_DEPLOY_NAME }} \
            ${{ env.KUBE_DEPLOY_NAME }}="${RELEASE_IMAGE}" --record -n "${KUBE_NAMESPACE}"

      - name: Run | Verify Kubernetes deployment
        env:
          KUBE_CONFIG_DATA: ${{ secrets.DEJO_NODE_KUBE_CONFIG_DATA_DEV }}
          KUBE_NAMESPACE: ${{ env.KUBE_NAMESPACE }}
        run: |
          # Decodifica e grava o kubeconfig
          echo "${KUBE_CONFIG_DATA}" | base64 -d > kubeconfig
          export KUBECONFIG=$PWD/kubeconfig

          # Aguardar rollout
          kubectl rollout status deployment/${{ env.KUBE_DEPLOY_NAME }} -n "${KUBE_NAMESPACE}"

      - name: Discord | Notify Error
        if: ${{ failure() && env.DISABLE_DISCORD_NOTIFY != 'true' }}
        run: |
          curl -X POST -H "Content-Type: application/json" \
            -d '{"content": ":x: Erro durante o deploy! Veja detalhes nos logs do pipeline."}' \
            "${DISCORD_WEBHOOK}"
          exit 1

      - name: Discord | Notify Success
        if: ${{ success() && env.DISABLE_DISCORD_NOTIFY != 'true' }}
        run: |
          curl -X POST -H "Content-Type: application/json" \
            -d '{"content": ":white_check_mark: Deploy concluído com sucesso! :rocket:"}' \
            "${DISCORD_WEBHOOK}"