# Build image, push to Gitea registry, trigger Portainer redeploy via webhook.
# Stack managed by Portainer (type=git). Env vars live in Portainer stack Env.
#
# Repo secrets required:
#   REGISTRY_TOKEN         ci user token, scope write:package
#   PORTAINER_WEBHOOK_URL  POST URL from Portainer stack auto-update setting

name: Deploy

on:
  push:
    branches:
      - main
  workflow_dispatch:

env:
  IMAGE: git.domverse-berlin.eu/ci/pngx-sync/app

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Login to Gitea registry
        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.domverse-berlin.eu -u ci --password-stdin

      - name: Build and push
        run: |
          docker build --build-arg APP_VERSION="${{ gitea.sha }}" \
            -t "$IMAGE:latest" -t "$IMAGE:${{ gitea.sha }}" .
          docker push "$IMAGE:latest"
          docker push "$IMAGE:${{ gitea.sha }}"

      - name: Trigger Portainer redeploy (retry on transient pull-lease failure)
        run: |
          for i in 1 2 3; do
            code=$(curl -sk -X POST -o /dev/null -w '%{http_code}' "${{ secrets.PORTAINER_WEBHOOK_URL }}")
            echo "attempt $i -> $code"
            [ "$code" = "204" ] && exit 0
            sleep 5
          done
          exit 1

      - name: Prune dangling images
        run: docker image prune -f