name: Deploy

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: vps-host
    steps:
      - uses: actions/checkout@v4.2.2

      - name: Supply chain checks (production dependencies)
        run: |
          set -euo pipefail
          cd api
          npm ci
          npm audit --omit=dev --audit-level=high
          cd ../web
          npm ci
          npm audit --omit=dev --audit-level=high

      - name: Build Web
        run: |
          cd web
          npm run build

      - name: Deploy with Docker Compose
        run: |
          # Deploy directory
          APP_DIR=/opt/skymoney
          mkdir -p $APP_DIR

          # Sync repo to server (excluding node_modules, dist, etc)
          rsync -a --delete \
            --exclude=node_modules \
            --exclude=dist \
            --exclude=.git \
            --exclude=.gitea \
            --exclude=backups \
            --exclude=exporting \
            ./ $APP_DIR/

          # Copy built web to shared volume
          mkdir -p /var/www/skymoney/dist
          cp -r web/dist/* /var/www/skymoney/dist/

          cd $APP_DIR

          # Build and start all services
          sudo docker-compose up -d --build

          # Wait for database to be ready
          sleep 10

          # Run Prisma migrations inside the API container
          sudo docker-compose exec -T api npx prisma migrate deploy

      - name: Reload Nginx
        run: sudo systemctl reload nginx