name: CI/CD

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  # ── 1. 빌드 + 정적 분석 + 테스트 ───────────────────────────────────────────
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # tolchain은 GitHub에 위치 — vars.TOLCHAIN_GITHUB_REPO 에 "owner/tolchain" 형태로 설정
      - name: Checkout tolchain from GitHub
        uses: actions/checkout@v4
        with:
          repository: ${{ vars.TOLCHAIN_GITHUB_REPO }}
          path: ../tolchain

      - uses: actions/setup-go@v5
        with:
          go-version: '1.25'
          cache: true

      - name: Vet
        run: go vet ./...

      - name: Build
        run: go build ./...

      - name: Test (with coverage)
        run: go test ./... -coverprofile=coverage.out -coverpkg=./...

      - name: Coverage report
        run: go tool cover -func=coverage.out | tail -1

      - name: Upload coverage artifact
        uses: actions/upload-artifact@v4
        with:
          name: coverage
          path: coverage.out

  # ── 2. Docker 빌드 & Gitea 레지스트리 푸시 (main 머지 시만) ───────────────
  docker:
    needs: test
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout a301_server
        uses: actions/checkout@v4
        with:
          path: a301_server

      # tolchain 없이는 Dockerfile이 빌드되지 않으므로 같은 레벨에 체크아웃
      - name: Checkout tolchain from GitHub
        uses: actions/checkout@v4
        with:
          repository: ${{ vars.TOLCHAIN_GITHUB_REPO }}
          path: tolchain

      - uses: docker/setup-buildx-action@v3

      - uses: docker/login-action@v3
        with:
          registry: git.tolelom.xyz
          username: ${{ github.actor }}
          password: ${{ secrets.GITEA_TOKEN }}

      - uses: docker/build-push-action@v5
        with:
          context: .
          file: ./a301_server/Dockerfile
          push: true
          tags: git.tolelom.xyz/${{ github.repository_owner }}/a301-server:latest
          platforms: linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max

  # ── 3. 서버 배포 ──────────────────────────────────────────────────────────
  deploy:
    needs: docker
    runs-on: ubuntu-latest
    steps:
      - uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.SERVER_HOST }}
          username: ${{ secrets.SERVER_USER }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
            export PATH=$PATH:/usr/local/bin:/opt/homebrew/bin:$HOME/.docker/bin
            cd ~/server
            docker compose pull api
            docker compose up -d api