name: rn-h5-prod

on:
  push:
    tags: ['v*']

jobs:
  build-and-push:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: |
            network=host
          buildkitd-flags: |
            --allow-insecure-entitlement security.insecure

      - name: Log in to container registry
        uses: docker/login-action@v3
        with:
          registry: 626064810415.dkr.ecr.us-west-1.amazonaws.com
          username: ${{ secrets.PROD_DOCKER_USERNAME }}
          password: ${{ secrets.PROD_DOCKER_PASSWORD }}

      - name: Extract tag name
        id: tag
        run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

      - name: Build Docker image
        run: |
          docker build -t 626064810415.dkr.ecr.us-west-1.amazonaws.com/raveai/rn-h5:${{ steps.tag.outputs.TAG }} .

      - name: Push Docker image
        run: |
          docker push 626064810415.dkr.ecr.us-west-1.amazonaws.com/raveai/rn-h5:${{ steps.tag.outputs.TAG }}
        env:
          DOCKER_CONTENT_TRUST: 0

  deploy:
    runs-on: ubuntu-latest
    needs: build-and-push
    environment: test

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Extract tag name
        id: tag
        run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

      - name: Copy files and deploy via SSH
        uses: appleboy/scp-action@v0.1.3
        with:
          host: ${{ secrets.PROD_SERVER_HOST }}
          username: ${{ secrets.PROD_SERVER_USERNAME }}
          key: ${{ secrets.PROD_SERVER_KEY }}
          port: 22
          source: "docker-compose.yaml"
          target: "/home/ubuntu/docker-compose/rn-h5"
          override: true

      - name: Deploy with Docker Compose
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.PROD_SERVER_HOST }}
          username: ${{ secrets.PROD_SERVER_USERNAME }}
          key: ${{ secrets.PROD_SERVER_KEY }}
          port: 22
          script: |
            # 切换到项目目录
            cd /home/ubuntu/docker-compose/rn-h5
            
            aws ecr get-login-password --region us-west-1 | docker login --username AWS --password-stdin 626064810415.dkr.ecr.us-west-1.amazonaws.com
            
            # 拉取指定tag的镜像
            docker pull 626064810415.dkr.ecr.us-west-1.amazonaws.com/raveai/rn-h5:${{ steps.tag.outputs.TAG }}
            
            TAG=${{ steps.tag.outputs.TAG }} docker compose down
            TAG=${{ steps.tag.outputs.TAG }} docker compose up -d
  

  cleanup:
    runs-on: ubuntu-latest
    needs: deploy
    if: always()

    steps:
      - name: Clean up Docker resources on server
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.PROD_SERVER_HOST }}
          username: ${{ secrets.PROD_SERVER_USERNAME }}
          key: ${{ secrets.PROD_SERVER_KEY }}
          port: 22
          script: |
            docker image prune -f
            docker container prune -f
            docker builder prune -f
            docker network prune -f
            echo "Cleanup completed!"

      - name: Clean up GitHub Actions workspace
        run: |
          echo "Cleaning up GitHub Actions workspace..."
          docker system df