# Woodpecker CI/CD Pipeline for mifi Ventures Landing Site
# Deploys static site to Linode VPS via Docker
# Documentation: https://woodpecker-ci.org/docs

# Trigger: Push to main branch or tag creation
when:
  branch: main
  event: [push, tag]

steps:
  # ============================================
  # Stage 1: Build Docker Image
  # ============================================
  - name: build
    image: docker:latest
    environment:
      REGISTRY_REPO: ${REGISTRY_REPO}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - set -e  # Exit on error
      - echo "=== Building Docker image ==="
      - echo "Commit SHA: ${CI_COMMIT_SHA:0:8}"
      - echo "Registry repo: $REGISTRY_REPO"
      - |
        docker build \
          --tag $REGISTRY_REPO:${CI_COMMIT_SHA} \
          --tag $REGISTRY_REPO:latest \
          --label "git.commit=${CI_COMMIT_SHA}" \
          --label "git.branch=${CI_COMMIT_BRANCH}" \
          .
      - echo "✓ Docker image built successfully"

  # ============================================
  # Stage 2: Push to Registry
  # ============================================
  - name: push
    image: docker:latest
    environment:
      REGISTRY_URL: ${REGISTRY_URL}
      REGISTRY_REPO: ${REGISTRY_REPO}
      REGISTRY_USERNAME: ${REGISTRY_USERNAME}
      REGISTRY_PASSWORD:
        from_secret: registry_password
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    commands:
      - set -e  # Exit on error
      - echo "=== Pushing to registry ==="
      - echo "Registry: $REGISTRY_URL"
      - echo "Repository: $REGISTRY_REPO"
      - |
        echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" \
          -u "$REGISTRY_USERNAME" \
          --password-stdin
      - docker push $REGISTRY_REPO:${CI_COMMIT_SHA}
      - docker push $REGISTRY_REPO:latest
      - echo "✓ Images pushed successfully"
    depends_on:
      - build

  # ============================================
  # Stage 3: Deploy to Linode VPS
  # ============================================
  - name: deploy
    image: appleboy/drone-ssh
    settings:
      host:
        from_secret: deploy_host
      username:
        from_secret: deploy_username
      key:
        from_secret: deploy_ssh_key
      port:
        from_secret: deploy_port
      command_timeout: 5m
      envs:
        - REGISTRY_URL
        - REGISTRY_REPO
        - REGISTRY_USERNAME
        - REGISTRY_PASSWORD
        - CONTAINER_NAME
        - APP_PORT
      script:
        - set -e
        - set -o pipefail
        - echo "=== Deploying to Linode VPS ==="
        - echo "Container: $CONTAINER_NAME"
        - echo "Port: $APP_PORT"
        - |
          # Login to registry
          echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY_URL" \
            -u "$REGISTRY_USERNAME" \
            --password-stdin
        - |
          # Pull latest image
          echo "Pulling image: $REGISTRY_REPO:latest"
          docker pull $REGISTRY_REPO:latest
        - |
          # Stop and remove existing container
          echo "Stopping existing container..."
          docker stop $CONTAINER_NAME 2>/dev/null || echo "Container not running"
          docker rm $CONTAINER_NAME 2>/dev/null || echo "Container not found"
        - |
          # Start new container
          echo "Starting new container..."
          docker run -d \
            --name $CONTAINER_NAME \
            --restart unless-stopped \
            -p $APP_PORT:80 \
            --label "deployment.date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
            --label "deployment.commit=${CI_COMMIT_SHA}" \
            $REGISTRY_REPO:latest
        - |
          # Wait for container to be healthy
          echo "Waiting for container health check..."
          sleep 5
          if ! docker ps | grep -q $CONTAINER_NAME; then
            echo "❌ Container failed to start!"
            docker logs $CONTAINER_NAME
            exit 1
          fi
        - |
          # Verify container is responding
          echo "Verifying container health..."
          if ! docker exec $CONTAINER_NAME wget -q --spider http://localhost/; then
            echo "❌ Container health check failed!"
            docker logs $CONTAINER_NAME
            exit 1
          fi
        - |
          # Cleanup old images
          echo "Cleaning up old images..."
          docker image prune -af --filter "until=72h" || true
        - echo "✓ Deployment complete!"
    environment:
      REGISTRY_URL: ${REGISTRY_URL}
      REGISTRY_REPO: ${REGISTRY_REPO}
      REGISTRY_USERNAME: ${REGISTRY_USERNAME}
      REGISTRY_PASSWORD:
        from_secret: registry_password
      CONTAINER_NAME: ${CONTAINER_NAME}
      APP_PORT: ${APP_PORT}
    depends_on:
      - push

# ============================================
# Configuration Reference
# ============================================
# 
# Required Secrets (set in Woodpecker UI):
#   - registry_password: Docker registry password/token
#   - deploy_host: Linode VPS hostname or IP
#   - deploy_username: SSH username (e.g., root, deploy)
#   - deploy_ssh_key: Private SSH key (multi-line)
#   - deploy_port: SSH port (default: 22)
#
# Required Environment Variables:
#   - REGISTRY_URL: Docker registry URL (e.g., registry.example.com)
#   - REGISTRY_REPO: Full image path (e.g., registry.example.com/mifi-ventures-landing)
#   - REGISTRY_USERNAME: Registry username
#   - CONTAINER_NAME: Docker container name (e.g., mifi-ventures-landing)
#   - APP_PORT: Host port to expose (e.g., 8080)
#
# Example .env for local testing:
#   REGISTRY_URL=registry.example.com
#   REGISTRY_REPO=registry.example.com/mifi-ventures-landing
#   REGISTRY_USERNAME=myuser
#   CONTAINER_NAME=mifi-ventures-landing
#   APP_PORT=8080