name: "CI"

on: [push, pull_request]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
      matrix:
        service: ["api", "tasks", "websocket"]
    steps:
      - uses: actions/checkout@v2
      - name: Log in to the Container registry
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - run: |
          docker build . \
            --build-arg SERVICE=${{ matrix.service }} \
            -t ghcr.io/${{ github.repository }}/${{ matrix.service }}:${{ github.sha }}
      - run: |
          docker tag ghcr.io/${{ github.repository }}/${{ matrix.service }}:${{ github.sha }} \
            ghcr.io/${{ github.repository }}/${{ matrix.service }}:latest
        if: github.ref == 'refs/heads/main'
      - run: |
          docker push ghcr.io/${{ github.repository }}/${{ matrix.service }}
  deploy:
    runs-on: ubuntu-latest
    needs: build
    if: github.ref == 'refs/heads/main'
    environment:
      name: production
      url: https://saerro.harasse.rs
    permissions:
      contents: "read"
      id-token: "write"
    steps:
      - id: "auth"
        uses: "google-github-actions/auth@v1"
        with:
          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
          service_account: ${{ secrets.SERVICE_ACCOUNT }}

      - name: "Set up Cloud SDK"
        uses: "google-github-actions/setup-gcloud@v1"

      - name: "Deploy"
        run: |
          gcloud compute ssh ${{ secrets.VM_NAME }} --zone=us-central1-a --command "cd /opt && sudo docker compose pull && sudo docker compose up -d"