name: Deploy to NAS (rsync)

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup SSH key
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.NAS_SSH_KEY_ADMIN }}

      - name: Check SSH key loaded
        run: ssh-add -l

      - name: Add NAS host to known_hosts
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p ${{ secrets.NAS_PORT }} ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts

      - name: Test SSH connection
        run: |
          ssh -o StrictHostKeyChecking=no -p ${{ secrets.NAS_PORT }} \
            ${{ secrets.NAS_USER }}@${{ secrets.NAS_HOST }} echo "SSH connection successful"

      - name: Test directory access
        run: |
          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
            "ls -la /volume1/homes/admin/ && whoami && pwd"

      - name: Create target directory if not exists
        run: |
          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
            "mkdir -p /volume1/homes/admin/nginx-infra && ls -la /volume1/homes/admin/nginx-infra"

      - name: Test rsync availability
        run: |
          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
            "which rsync && rsync --version"

      - name: Deploy with file ownership fix
        run: |
          tar czf - --exclude='.git' . | ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
            "mkdir -p /tmp/nginx-infra-deploy && cd /tmp/nginx-infra-deploy && tar xzf - && cp -rf /tmp/nginx-infra-deploy/* /volume1/homes/admin/nginx-infra/ 2>/dev/null || true && rm -rf /tmp/nginx-infra-deploy"

      - name: Check Docker permissions
        run: |
          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
            "ls -la /var/run/docker.sock && id"

      - name: Deploy with fresh Docker Compose
        run: |
          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} << 'EOF'
            cd /volume1/homes/admin/nginx-infra
            
            # 1) Tear down everything so old services & networks go away
            if ! docker ps > /dev/null 2>&1; then
              echo "Using sudo for docker commands..."
              sudo docker-compose down 2>/dev/null || true
              # 2) Prune out any stopped containers, unused networks, images, and build cache
              sudo docker system prune -f
            else
              echo "Direct docker access available..."
              docker-compose down 2>/dev/null || true
              # 2) Prune out any stopped containers, unused networks, images, and build cache
              docker system prune -f
            fi
            
            # 3) Double-check you're seeing the new compose file
            echo "---- current compose file ----"
            cat docker-compose.yml
            echo "------------------------------"
            
            # 4) Rebuild from that file and bring up only your nginx service
            if ! docker ps > /dev/null 2>&1; then
              sudo docker-compose up -d --build
            else
              docker-compose up -d --build
            fi
          EOF