image: node:22@sha256:f6b9c31ace05502dd98ef777aaa20464362435dcc5e312b0e213121dcf7d8b95

workflow:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == "production"
    - if: $CI_COMMIT_BRANCH == "dev"
    - if: $CI_COMMIT_TAG =~ /^v[\d]{1,4}\.[\d]{1,2}\.[\d]{1,2}$/

stages:
  - build
  - docker
  - deploy
  - sync

cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - node_modules/

variables:
  NEXT_PUBLIC_ENV: "production"
  OUTPUT_DIR: ".next"
  PROJECT_NAME: $CI_PROJECT_NAME
  DOCKER_IMAGE: "registry.boomlab.party/rheinsw/$CI_PROJECT_NAME"

.deploy_production_rule: &deploy_production_rule
  - if: $CI_COMMIT_BRANCH == "production"
    when: manual
    allow_failure: true

# Reusable SSH key setup block
.install_deploy_key: &install_deploy_key
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
  - mkdir -p ~/.ssh
  - echo "$DEPLOY_KEY_BASE64" | base64 -d > ~/.ssh/deploy_key
  - eval "$(ssh-agent -s)"
  - chmod 600 ~/.ssh/deploy_key
  - ssh-add ~/.ssh/deploy_key
  - ssh-keyscan -p 22 -H '192.168.41.101' >> ~/.ssh/known_hosts || true

.deploy_script: &deploy_script
  - |
    echo "Deploying $DOCKER_IMAGE:$TAG to $CONTAINER_NAME on port $PORT..."

    ssh gitlab@192.168.41.101 -p 22 "
      echo \"$CI_REGISTRY_PASSWORD\" | docker login $CI_REGISTRY -u \"$CI_REGISTRY_USER\" --password-stdin &&
      docker pull $DOCKER_IMAGE:$TAG &&
      docker stop $CONTAINER_NAME || true &&
      docker rm $CONTAINER_NAME || true &&
      docker run -d --name $CONTAINER_NAME -p $PORT:3000 $DOCKER_IMAGE:$TAG
    "

build:
  stage: build
  script:
    - npm install
    - npx next build
    - npm run lint

dockerize:
  stage: docker
  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
  before_script:
    - echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
  script:
    - |
      RAW_TAG="$CI_COMMIT_REF_NAME"
      TAG="${RAW_TAG//\//_}"  # replaces "/" with "_"
      echo "Sanitized tag: $TAG"
      docker build -t $DOCKER_IMAGE:$TAG -f Dockerfile .

      if [[ "$RAW_TAG" == "dev" || "$RAW_TAG" == "production" ]]; then
        echo "Pushing Docker image $DOCKER_IMAGE:$TAG"
        docker push $DOCKER_IMAGE:$TAG
      else
        echo "Skipping Docker push for non-dev or production branch: $RAW_TAG"
      fi


deploy_production:
  stage: deploy
  rules: *deploy_production_rule
  before_script: *install_deploy_key
  script:
    - TAG="production"
    - PORT="4100"
    - CONTAINER_NAME="$CI_PROJECT_NAME-production"
    - *deploy_script

deploy_dev:
  stage: deploy
  before_script: *install_deploy_key
  script:
    - TAG="dev"
    - PORT="5100"
    - CONTAINER_NAME="$CI_PROJECT_NAME-dev"
    - *deploy_script
  only:
    - dev

sync_branches:
  stage: sync
  rules:
    - if: '$CI_COMMIT_BRANCH == "production"'
  before_script:
    - git config --global user.email "gitlab-ci@rheinsw.com"
    - git config --global user.name "GitLab CI"
  script:
    - git remote set-url origin "https://oauth2:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git"
    - git checkout dev
    - git pull origin dev
    - git merge --no-ff origin/production
    - git push origin dev