.docker-login-template:
  before_script:
    - |
      echo "Logging into Docker..."
      echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin

.image-tag-template:
  script: |
    TAG="${CI_COMMIT_REF_NAME//\//_}"
    DOCKER_IMAGE="$CI_REGISTRY/$CI_PROJECT_PATH/$IMAGE_NAME"
    echo "Generated tag: $TAG"
    echo "Docker image: $DOCKER_IMAGE:$TAG"

.docker-build-template:
  extends: .docker-login-template
  stage: dockerize
  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
  script:
    - !reference [ .image-tag-template, script ]
    - |
      echo "Building Docker image for $IMAGE_NAME in $WORKDIR_PATH"
      cd $WORKDIR_PATH
      
      BUILD_ARGS="--build-arg IMAGE_TAG=$TAG"
      if [ -n "$COMMON_IMAGE" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg COMMON_IMAGE=$COMMON_IMAGE:$TAG"; fi
      if [ -n "$BUILD_FOLDER" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg BUILD_FOLDER=$BUILD_FOLDER"; fi
      if [ -n "$IMAGE_NAME" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg IMAGE_NAME=$IMAGE_NAME"; fi
      if [ -n "$MAIN_CLASS" ]; then BUILD_ARGS="$BUILD_ARGS --build-arg MAIN_CLASS=$MAIN_CLASS"; fi
      if [ -n "$BUILD_ARGS" ]; then BUILD_ARGS="$BUILD_ARGS $BUILD_ARGS" fi
      
      docker build $BUILD_ARGS -t $DOCKER_IMAGE:$TAG -f $DOCKERFILE_PATH .
      
      if [[ "$TAG" == "dev" || "$TAG" == "production" || "$TAG" == "pipeline" ]]; then
        echo "Pushing Docker image $DOCKER_IMAGE:$TAG"
        docker push $DOCKER_IMAGE:$TAG
      
        # After pushing the image
        DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $DOCKER_IMAGE:$TAG | cut -d '@' -f2)
        echo "$DIGEST" > "$CI_PROJECT_DIR/digest-${IMAGE_NAME}.txt"
        echo "Digest for $IMAGE_NAME: $DIGEST"
      else
        echo "Skipping push for non-dev/non-production branch: $TAG"
      fi
  artifacts:
    paths:
      - digest-*.txt
    expire_in: 1 hour

# BUILD COMMON IMAGE
.docker-common-template:
  extends: .docker-login-template
  stage: docker-base
  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
  script:
    - !reference [ .image-tag-template, script ]
    - |
      echo "Building BASE Docker image for $IMAGE_NAME..."
      cd $WORKDIR_PATH
      docker build -f $DOCKERFILE_PATH -t $DOCKER_IMAGE:$TAG .
      if [[ "$TAG" == "dev" || "$TAG" == "production" || "$TAG" == "pipeline" ]]; then
        echo "Pushing Docker image $DOCKER_IMAGE:$TAG"
        docker push $DOCKER_IMAGE:$TAG
      else
        echo "Skipping push for non-dev/non-production branch: $TAG"
      fi

# Deployment
.install-deploy-key: &install-deploy-key
  - |
    echo "Installing SSH deploy key..."
    which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
    mkdir -p ~/.ssh
    echo "$DEPLOY_KEY_BASE64" | base64 -d > ~/.ssh/deploy_key
    chmod 600 ~/.ssh/deploy_key
    eval "$(ssh-agent -s)"
    ssh-add ~/.ssh/deploy_key
    if [[ "$TAG" == "dev" || "$TAG" == "pipeline" ]]; then
      HOST="$DEPLOY_DEV_HOST"
      PORT="${DEPLOY_DEV_PORT:-22}"
    else
      HOST="$DEPLOY_PROD_HOST"
      PORT="${DEPLOY_PROD_PORT:-22}"
    fi
    echo "Scanning SSH host $HOST on port $PORT"
    ssh-keyscan -p "$PORT" "$HOST" >> ~/.ssh/known_hosts || true

.deploy-template:
  stage: deploy
  image: docker:20.10@sha256:2967f0819c84dd589ed0a023b9d25dcfe7a3c123d5bf784ffbb77edf55335f0c
  before_script:
    - !reference [ .install-deploy-key ]
  script: |
    if [[ "$TAG" == "dev" || "$TAG" == "pipeline" ]]; then
      HOST="$DEPLOY_DEV_HOST"
      PORT="${DEPLOY_DEV_PORT:-22}"
    else
      HOST="$DEPLOY_PROD_HOST"
      PORT="${DEPLOY_PROD_PORT:-22}"
    fi

    echo "Image digests:"
    echo "  gateway  : $(cat digest-gateway.txt)"
    echo "  server   : $(cat digest-server.txt)"
    echo "  frontend : $(cat digest-frontend.txt)"

    echo "Injecting image digests"
    cp docker-compose.yml docker-compose.generated.yml

    sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/gateway|registry.boomlab.party/rheinsw/rheinsw-mono-repo/gateway@$(cat digest-gateway.txt)|g" docker-compose.generated.yml
    sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/server|registry.boomlab.party/rheinsw/rheinsw-mono-repo/server@$(cat digest-server.txt)|g" docker-compose.generated.yml
    sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/frontend|registry.boomlab.party/rheinsw/rheinsw-mono-repo/frontend@$(cat digest-frontend.txt)|g" docker-compose.generated.yml

    echo "Copying docker-compose.generated.yml to $HOST:$REMOTE_ENV_PATH/docker-compose.yml"
    # Ensure remote path exists before scp
    ssh -p "$PORT" "$DEPLOY_USER@$HOST" "mkdir -p $REMOTE_ENV_PATH"
    
    # Copy
    scp -P "$PORT" docker-compose.generated.yml "$DEPLOY_USER@$HOST:$REMOTE_ENV_PATH/docker-compose.yml"

    echo "Deploying on $HOST"
    ssh -p "$PORT" "$DEPLOY_USER@$HOST" "
      cd $REMOTE_ENV_PATH
      echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin  
      docker compose down || true
      docker compose pull || true
      docker compose up -d
    "