name: Deploy static site to devfarm

# Reusable workflow: installs, builds, and deploys dist output to the
# devsites share so Caddy serves it at <site>.dev.clubbabyseal.com.
#
# Usage in a caller workflow:
#   jobs:
#     deploy:
#       uses: ringmaster/actions/.gitea/workflows/deploy-static.yml@main
#       secrets: inherit
#       with:
#         site: myapp          # → https://myapp.dev.clubbabyseal.com
#         build-command: npm run build
#
# Required secret (user-level in Gitea → Settings → Actions → Secrets):
#   DEPLOY_SSH_KEY — private half of the gitea-ci-deploy key pair.
#   Public key must be in /boot/config/ssh/authorized_keys on the NAS.

on:
  workflow_call:
    inputs:
      site:
        description: >
          Subdomain / folder name under /mnt/user/devsites/. The built output
          lands in /mnt/user/devsites/<site>/dist/ and is served at
          https://<site>.dev.clubbabyseal.com by Caddy.
        required: true
        type: string
      install-command:
        description: Dependency install command. Set to empty string to skip.
        required: false
        default: npm ci
        type: string
      build-command:
        description: Command that produces the dist/ output.
        required: false
        default: npm run build
        type: string
      dist-dir:
        description: Build output directory (relative to working-directory).
        required: false
        default: dist
        type: string
      working-directory:
        description: Directory to run install and build in.
        required: false
        default: .
        type: string
    secrets:
      DEPLOY_SSH_KEY:
        required: true
        description: SSH private key for the gitea-ci-deploy key pair.

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Install dependencies
        if: inputs.install-command != ''
        working-directory: ${{ inputs.working-directory }}
        run: ${{ inputs.install-command }}

      - name: Build
        working-directory: ${{ inputs.working-directory }}
        run: ${{ inputs.build-command }}

      - name: Deploy to devfarm
        env:
          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
        run: |
          SITE="${{ inputs.site }}"
          SRC="${{ inputs.working-directory }}/${{ inputs.dist-dir }}"
          TARGET="/mnt/user/devsites/${SITE}/dist"
          NAS="192.168.2.117"

          if ! echo "$SITE" | grep -qE '^[a-z0-9-]+$'; then
            echo "ERROR: site name must match [a-z0-9-]+"
            exit 1
          fi

          mkdir -p ~/.ssh
          echo "$DEPLOY_SSH_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          ssh-keyscan -H "$NAS" >> ~/.ssh/known_hosts 2>/dev/null

          ssh -i ~/.ssh/deploy_key "root@${NAS}" "mkdir -p '${TARGET}'"
          tar -C "${SRC}" -czf - . \
            | ssh -i ~/.ssh/deploy_key "root@${NAS}" \
                "rm -rf '${TARGET:?}'/* 2>/dev/null; tar -C '${TARGET}' -xzf -"
          rm -f ~/.ssh/deploy_key

          echo "Deployed $SRC → $TARGET"
          echo "Live at: https://${SITE}.dev.clubbabyseal.com"