name: Deploy SingleChat

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest

    env:
      SSH_HOST: ${{ vars.PROD_HOST }}
      SSH_PORT: ${{ vars.PROD_PORT }}
      SSH_USER: ${{ vars.PROD_USER }}
      DEPLOY_SCRIPT: ${{ vars.PROD_DEPLOY_SCRIPT }}

    steps:
      - name: Show resolved non-secret config
        run: |
          echo "SSH_HOST=$SSH_HOST"
          echo "SSH_PORT=$SSH_PORT"
          echo "SSH_USER=$SSH_USER"
          echo "DEPLOY_SCRIPT=${DEPLOY_SCRIPT:-/usr/local/bin/actualize-singlechat.sh}"

      - name: Prepare SSH
        run: |
          set -e
          mkdir -p ~/.ssh
          printf '%s' "${{ secrets.PROD_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_deploy
          chmod 600 ~/.ssh/id_deploy
          ssh-keygen -l -f ~/.ssh/id_deploy
          ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts

      - name: Test SSH connection
        run: |
          set -e
          ssh -i ~/.ssh/id_deploy \
            -o StrictHostKeyChecking=no \
            -o BatchMode=yes \
            -o ConnectTimeout=10 \
            -p "$SSH_PORT" \
            "$SSH_USER@$SSH_HOST" \
            "echo SSH OK"

      - name: Run deployment script
        run: |
          set -e
          script="${DEPLOY_SCRIPT:-/usr/local/bin/actualize-singlechat.sh}"
          ssh -i ~/.ssh/id_deploy \
            -o StrictHostKeyChecking=no \
            -o BatchMode=yes \
            -o ConnectTimeout=10 \
            -p "$SSH_PORT" \
            "$SSH_USER@$SSH_HOST" \
            "$script"