name: CI/CD

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install uv
        run: pip install uv

      - name: Install dependencies
        run: uv pip install --system -e "haproxy_mcp[dev]" || uv pip install --system -e haproxy_mcp

      - name: Lint with ruff
        run: ruff check . || true

      - name: Type check
        run: mypy . --ignore-missing-imports || true

  build-and-deploy:
    needs: test
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Gitea Registry
        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.anvil.it.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin

      - name: Build and push Docker image
        run: |
          IMAGE=gitea.anvil.it.com/kaffa/haproxy-mcp
          TAG=${GITHUB_SHA::8}
          docker buildx build \
            --platform linux/amd64 \
            --tag ${IMAGE}:${TAG} \
            --tag ${IMAGE}:latest \
            --push \
            .

      - name: Deploy to K8s
        env:
          KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }}
        run: |
          mkdir -p ~/.kube
          echo "${KUBECONFIG_DATA}" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config

          IMAGE=gitea.anvil.it.com/kaffa/haproxy-mcp
          TAG=${GITHUB_SHA::8}

          kubectl set image deployment/haproxy-mcp \
            haproxy-mcp=${IMAGE}:${TAG} \
            -n default

          kubectl rollout status deployment/haproxy-mcp \
            -n default --timeout=120s