name: cd

on:
  push:
    branches: [main]
  workflow_dispatch:

env:
  REGISTRY: registry.juwan.xhttp.zip
  REPO: juwan

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and push all
        shell: bash
        env:
          REGISTRY: ${{ env.REGISTRY }}
          REPO: ${{ env.REPO }}
        run: |
          set -euo pipefail
          SHA_TAG="${GITHUB_SHA::7}"

          python3 - >/tmp/targets <<'PY'
          import os
          NAME_OVERRIDE = {
              "users":              ("users",              "user"),
              "user_verifications": ("user_verifications", "user-verifications"),
          }
          STATEFULSETS = {"snowflake-rpc": "snowflake"}
          for svc in sorted(os.listdir("app")):
              svc_dir = f"app/{svc}"
              if not os.path.isdir(svc_dir):
                  continue
              for sub in sorted(os.listdir(svc_dir)):
                  d = f"{svc_dir}/{sub}"
                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
                      continue
                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
                  image    = f"{img_pre}-{sub}"
                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
                  print(f"{image}|{d}|{workload}")
          PY

          while IFS='|' read -r image dir _workload; do
            echo "::group::Build $image"
            entry=$(grep -l "package main" "$dir"/*.go | head -n1)
            cfg=$(basename "$(find "$dir/etc" -maxdepth 1 -name '*.yaml' | head -n1)" 2>/dev/null || echo config.yaml)
            cat > Dockerfile.build <<EOF
          FROM golang:1.25-alpine AS builder
          WORKDIR /build
          ENV CGO_ENABLED=0 GOOS=linux
          COPY go.mod go.sum ./
          RUN --mount=type=cache,target=/go/pkg/mod go mod download
          COPY . .
          RUN --mount=type=cache,target=/go/pkg/mod \
              --mount=type=cache,target=/root/.cache/go-build \
              go build -ldflags="-s -w" -o /app/main $entry

          FROM alpine:3.21
          RUN apk add --no-cache ca-certificates tzdata
          ENV TZ=Asia/Shanghai
          WORKDIR /app
          COPY --from=builder /app/main /app/main
          COPY $dir/etc /app/etc
          CMD ["./main", "-f", "etc/$cfg"]
          EOF
            IMAGE="$REGISTRY/$REPO/$image"
            CACHE="$REGISTRY/$REPO/buildcache:$image"
            docker buildx build \
              --file Dockerfile.build \
              --tag "$IMAGE:$SHA_TAG" \
              --tag "$IMAGE:latest" \
              --cache-from "type=registry,ref=$CACHE" \
              --cache-to "type=registry,ref=$CACHE,mode=max" \
              --push \
              .
            echo "::endgroup::"
          done < /tmp/targets

  rollout:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install kubectl
        run: |
          curl -sLo /usr/local/bin/kubectl \
            "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x /usr/local/bin/kubectl

      - name: Rollout k01
        env:
          REGISTRY: ${{ env.REGISTRY }}
          REPO: ${{ env.REPO }}
          KUBECONFIG_B64: ${{ secrets.K01_KUBECONFIG }}
        shell: bash
        run: |
          set -euo pipefail
          mkdir -p ~/.kube
          echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config
          SHA_TAG="${GITHUB_SHA::7}"

          python3 - <<PY
          import os, subprocess
          NAME_OVERRIDE = {
              "users":              ("users",              "user"),
              "user_verifications": ("user_verifications", "user-verifications"),
          }
          STATEFULSETS = {"snowflake-rpc": "snowflake"}
          reg = os.environ["REGISTRY"] + "/" + os.environ["REPO"]
          sha = "$SHA_TAG"
          for svc in sorted(os.listdir("app")):
              svc_dir = f"app/{svc}"
              if not os.path.isdir(svc_dir):
                  continue
              for sub in sorted(os.listdir(svc_dir)):
                  d = f"{svc_dir}/{sub}"
                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
                      continue
                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
                  image    = f"{img_pre}-{sub}"
                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
                  kind = "statefulset" if workload == "snowflake" else "deployment"
                  ref  = f"{reg}/{image}:{sha}"
                  cmd  = ["kubectl","-n","juwan","set","image",f"{kind}/{workload}",f"{image}={ref}"]
                  print(" ".join(cmd))
                  subprocess.run(cmd, check=False)
          PY