name: Deploy Production

on:
  workflow_dispatch:

concurrency:
  group: deploy-prod
  cancel-in-progress: false

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: production
    steps:
      - name: Check out code
        uses: actions/checkout@v5

      - name: Build release archive
        run: |
          rm -f /tmp/release.tgz
          tar \
            --exclude=.git \
            --exclude=.github \
            --exclude=.venv \
            --exclude=__pycache__ \
            --exclude=node_modules \
            --exclude=backend/media \
            --exclude=backend/staticfiles \
            --exclude=release.tgz \
            -czf /tmp/release.tgz .

      - name: Upload release bundle
        uses: appleboy/scp-action@v1.0.0
        with:
          host: ${{ secrets.PROD_DEPLOY_HOST }}
          username: ${{ secrets.PROD_DEPLOY_USER }}
          key: ${{ secrets.PROD_DEPLOY_SSH_KEY }}
          port: ${{ secrets.PROD_DEPLOY_PORT || 22 }}
          source: "/tmp/release.tgz"
          target: ${{ secrets.PROD_DEPLOY_PATH }}
          rm: false
          overwrite: true
          strip_components: 0

      - name: Deploy over SSH
        uses: appleboy/ssh-action@v1.2.0
        with:
          host: ${{ secrets.PROD_DEPLOY_HOST }}
          username: ${{ secrets.PROD_DEPLOY_USER }}
          key: ${{ secrets.PROD_DEPLOY_SSH_KEY }}
          port: ${{ secrets.PROD_DEPLOY_PORT || 22 }}
          script: |
            set -e
            DEPLOY_DIR="${{ secrets.PROD_DEPLOY_PATH }}"
            cd "$DEPLOY_DIR"
            tar -xzf release.tgz
            rm -f release.tgz
            RUN_DJANGO_CHECK=1 ./scripts/deploy_stack.sh .env.prod docker-compose.prod.yml