# Generated by kforge — do not edit manually.
# Re-generate: kforge gitea-actions > .gitea/workflows/deploy.yml
#
# Required Gitea org secrets:
#   DOCKER_USERNAME, DOCKER_PASSWORD, KFORGE_NODE_IP
#   CLOUDFLARE_API_TOKEN, CF_ZONE_ID_* (per zone)
#   SOPS_AGE_KEY
# Required Gitea repo secrets:
#   KUBE_HOST, KUBE_TOKEN, KUBE_CERTIFICATE

name: Build and Deploy

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:

      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 22

      - name: Create short commit hash
        run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV

      - name: Login to registry
        uses: docker/login-action@v2
        with:
          password: ${{ secrets.DOCKER_PASSWORD }}
          registry: registry.natelubitz.com
          username: ${{ secrets.DOCKER_USERNAME }}

      - name: Build and push image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: Dockerfile
          platforms: linux/amd64
          provenance: false
          push: true
          sbom: false
          tags: |
            registry.natelubitz.com/nate-lubitz/www:latest
            registry.natelubitz.com/nate-lubitz/www:${{ env.SHORT_SHA }}

      - name: Install kforge
        run: |
          KFORGE_VERSION="latest"
          curl -fsSL "https://kforge/releases/download/${KFORGE_VERSION}/kforge-linux-amd64" -o /usr/local/bin/kforge
          chmod +x /usr/local/bin/kforge

      - name: Validate kforge config (Production)
        run: kforge validate
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          KFORGE_NODE_IP: ${{ secrets.KFORGE_NODE_IP }}
          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}

      - name: Apply cluster secrets (Production)
        run: kforge secrets apply --env production
        env:
          KUBE_CERTIFICATE: ${{ secrets.KUBE_CERTIFICATE }}
          KUBE_HOST: ${{ secrets.KUBE_HOST }}
          KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}

      - name: Generate manifests (Production)
        run: kforge generate --env production --output .kforge-out --set image_tag=${{ env.SHORT_SHA }}
        env:
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          KFORGE_NODE_IP: ${{ secrets.KFORGE_NODE_IP }}
          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}

      - name: Apply manifests (Production)
        uses: actions-hub/kubectl@master
        with:
          args: apply -f .kforge-out/production-core.yaml -n production --insecure-skip-tls-verify
        env:
          KUBE_CERTIFICATE: ${{ secrets.KUBE_CERTIFICATE }}
          KUBE_HOST: ${{ secrets.KUBE_HOST }}
          KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}

      - name: Rollout restart (Production)
        uses: actions-hub/kubectl@master
        with:
          args: rollout restart deployment/prod-nate-lubitz-www -n production --insecure-skip-tls-verify
        env:
          KUBE_CERTIFICATE: ${{ secrets.KUBE_CERTIFICATE }}
          KUBE_HOST: ${{ secrets.KUBE_HOST }}
          KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}