---
name: CI/CD Pipeline

"on":
  push:
    branches: [main, flip_dev]

jobs:
  lint:
    runs-on: docker
    container:
      image: node:20-bullseye
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install Python & linters
        run: |
          apt-get update && apt-get install -y python3 python3-pip bash git
          pip3 install --upgrade pip
          pip3 install yamllint ansible-lint

      - name: Run linters
        run: |
          yamllint .
    
  deploy:
    runs-on: docker
    container:
      image: node:20-bullseye
    needs: build
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install Ansible & dependencies
        run: |
          apt-get update && apt-get install -y python3 python3-pip openssh-client bash git
          pip3 install --upgrade pip
          pip3 install ansible
      
      - name: Setup SSH
        shell: bash
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_PASSPHRASE: ${{ secrets.SSH_PASSPHRASE }}
        run: |
          set -euo pipefail

          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

          ssh-keyscan -H 213.95.90.157 >> ~/.ssh/known_hosts

          eval "$(ssh-agent -s)"
          if [ -n "${SSH_PASSPHRASE:-}" ]; then
            echo "$SSH_PASSPHRASE" | ssh-add ~/.ssh/id_ed25519
          else
            ssh-add ~/.ssh/id_ed25519
          fi

          ssh -o BatchMode=yes root@213.95.90.157 true

      - name: Run Ansible
        run: |
          ansible-playbook -i ansible/inventory.yaml site.yaml