name: Deploy Website
run-name: Deploying website changes by ${{ github.actor }}

on:
  push:
    branches: [ main ]
    paths: 
      - '*.html'
      - 'assets/**'
      - 'css/**'
      - 'js/**'
      - 'images/**'

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        
      - name: Validate HTML
        run: |
          apt-get update && apt-get install -y tidy
          find . -name "*.html" -exec tidy -q -e {} \;
          echo "✅ HTML validation passed"
          
      - name: Setup SSH
        run: |
          echo "🔧 Setting up SSH configuration..."
          mkdir -p ~/.ssh
          
          # Debug: Check if secret exists and has content
          if [ -z "${{ secrets.DEPLOY_SSH_KEY }}" ]; then
            echo "❌ DEPLOY_SSH_KEY secret is empty or not set"
            exit 1
          fi
          
          echo "✅ SSH key secret found"
          
          # Write the private key
          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          
          # Debug: Verify key file was created
          if [ ! -f ~/.ssh/deploy_key ]; then
            echo "❌ Failed to create SSH key file"
            exit 1
          fi
          
          echo "✅ SSH key file created"
          
          # Verify key format
          if ! ssh-keygen -l -f ~/.ssh/deploy_key; then
            echo "❌ SSH key appears to be malformed"
            echo "Key file contents (first few lines):"
            head -3 ~/.ssh/deploy_key
            exit 1
          fi
          
          echo "✅ SSH key format is valid"
          
          # Set server IP and scan for host keys
          SERVER_IP="192.168.4.56"
          echo "🔍 Scanning for SSH host keys on $SERVER_IP..."
          
          # Add error handling for ssh-keyscan
          if ! ssh-keyscan -H $SERVER_IP >> ~/.ssh/known_hosts 2>/dev/null; then
            echo "❌ Failed to get SSH host keys from $SERVER_IP"
            echo "Trying alternative approach..."
            ssh-keyscan $SERVER_IP >> ~/.ssh/known_hosts 2>/dev/null || {
              echo "⚠️ ssh-keyscan failed, adding StrictHostKeyChecking=no to SSH commands"
            }
          else
            echo "✅ SSH host keys retrieved successfully"
          fi
          
          echo "✅ SSH setup completed"
          
      - name: Deploy website
        run: |
          # Server configuration
          SERVER_IP="192.168.4.56"  # Your server IP
          DEPLOY_USER="deploy"       # The user we just created
          WEBSITE_DIR="/media/stephen/Storage_Linux/infrastructure/services/websites/maverickApplications"
          
          echo "📁 Syncing files to server..."
          rsync -avz --delete \
            -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \
            ./ $DEPLOY_USER@$SERVER_IP:$WEBSITE_DIR/
          
          echo "🔄 Restarting website container..."
          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no $DEPLOY_USER@$SERVER_IP \
            "cd $WEBSITE_DIR && docker compose restart maverick-website"
            
      - name: Health check
        run: |
          echo "🏥 Waiting for container to restart..."
          sleep 15
          
          for i in {1..5}; do
            if curl -f --connect-timeout 10 https://maverickapplications.com; then
              echo "✅ Website is responding correctly!"
              exit 0
            fi
            echo "⏳ Attempt $i failed, retrying in 10 seconds..."
            sleep 10
          done
          echo "❌ Website health check failed"
          exit 1
          
      - name: Cleanup
        if: always()
        run: rm -f ~/.ssh/deploy_key