# Deploy: build image, push to registry, trigger Portainer stack redeploy.
# Runs on push/tag/manual to main only, after ci workflow succeeds.
when:
    - branch: main
      event: [push, tag, manual]
    - event: deployment
      evaluate: 'CI_PIPELINE_DEPLOY_TARGET == "production"'

depends_on:
    - ci

steps:
    - name: Docker image build
      image: docker:latest
      environment:
          REGISTRY_REPO: git.mifi.dev/mifi-holdings/armandine
          DOCKER_API_VERSION: '1.43'
          DOCKER_BUILDKIT: '1'
      volumes:
          - /var/run/docker.sock:/var/run/docker.sock
      commands:
          - set -e
          - echo "=== Building Docker image (BuildKit) ==="
          - 'echo "Commit SHA: ${CI_COMMIT_SHA:0:8}"'
          - 'echo "Registry repo: $REGISTRY_REPO"'
          - |
              build() {
                docker build \
                  --progress=plain \
                  --tag $REGISTRY_REPO:${CI_COMMIT_SHA} \
                  --tag $REGISTRY_REPO:latest \
                  --label "git.commit=${CI_COMMIT_SHA}" \
                  --label "git.branch=${CI_COMMIT_BRANCH}" \
                  .
              }
              for attempt in 1 2 3; do
                echo "Build attempt $attempt/3"
                if build; then
                  echo "✓ Docker image built successfully"
                  exit 0
                fi
                echo "Build attempt $attempt failed, retrying in 30s..."
                sleep 30
              done
              echo "All build attempts failed"
              exit 1

    - name: Send Docker Image Build Status Notification (success)
      image: curlimages/curl
      environment:
          MATTERMOST_BOT_ACCESS_TOKEN:
              from_secret: mattermost_bot_access_token
          MATTERMOST_CHANNEL_ID:
              from_secret: mattermost_pushes_channel_id
          MATTERMOST_POST_API_URL:
              from_secret: mattermost_post_api_url
      commands:
          - |
              BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Docker image build success 🎉"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER")
              curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" "$MATTERMOST_POST_API_URL"
      depends_on:
          - Docker image build
      when:
          - status: [success]

    - name: Send Docker Image Build Status Notification (failure)
      image: curlimages/curl
      environment:
          MATTERMOST_BOT_ACCESS_TOKEN:
              from_secret: mattermost_bot_access_token
          MATTERMOST_CHANNEL_ID:
              from_secret: mattermost_pushes_channel_id
          MATTERMOST_POST_API_URL:
              from_secret: mattermost_post_api_url
      commands:
          - |
              BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Docker image build failure 💩"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER")
              curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" "$MATTERMOST_POST_API_URL"
      depends_on:
          - Docker image build
      when:
          - status: [failure]

    - name: Push to registry
      image: docker:latest
      environment:
          DOCKER_API_VERSION: '1.43'
          REGISTRY_URL: git.mifi.dev
          REGISTRY_REPO: git.mifi.dev/mifi-holdings/armandine
          REGISTRY_USERNAME:
              from_secret: gitea_registry_username
          REGISTRY_PASSWORD:
              from_secret: gitea_package_token
      volumes:
          - /var/run/docker.sock:/var/run/docker.sock
      commands:
          - set -e
          - echo "=== Pushing to registry ==="
          - 'echo "Registry: $REGISTRY_URL"'
          - 'echo "Repository: $REGISTRY_REPO"'
          - |
              echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" \
                -u "$REGISTRY_USERNAME" \
                --password-stdin
          - docker push $REGISTRY_REPO:${CI_COMMIT_SHA}
          - docker push $REGISTRY_REPO:latest
          - echo "✓ Images pushed successfully"
      depends_on:
          - Docker image build

    - name: Send Push to Registry Status Notification (success)
      image: curlimages/curl
      environment:
          MATTERMOST_BOT_ACCESS_TOKEN:
              from_secret: mattermost_bot_access_token
          MATTERMOST_CHANNEL_ID:
              from_secret: mattermost_pushes_channel_id
          MATTERMOST_POST_API_URL:
              from_secret: mattermost_post_api_url
      commands:
          - |
              BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Push to registry success 🎉"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER")
              curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" "$MATTERMOST_POST_API_URL"
      depends_on:
          - Push to registry
      when:
          - status: [success]

    - name: Send Push to Registry Status Notification (failure)
      image: curlimages/curl
      environment:
          MATTERMOST_BOT_ACCESS_TOKEN:
              from_secret: mattermost_bot_access_token
          MATTERMOST_CHANNEL_ID:
              from_secret: mattermost_pushes_channel_id
          MATTERMOST_POST_API_URL:
              from_secret: mattermost_post_api_url
      commands:
          - |
              BODY=$(printf '{"channel_id":"%s","message":"[%s - Build #%s] Push to registry failure 💩"}' "$MATTERMOST_CHANNEL_ID" "$CI_REPO" "$CI_PIPELINE_NUMBER")
              curl -sS -X POST -H "Content-Type: application/json" -d "$BODY" -H "Authorization: Bearer $MATTERMOST_BOT_ACCESS_TOKEN" "$MATTERMOST_POST_API_URL"
      depends_on:
          - Push to registry
      when:
          - status: [failure]