name: Deploy Production

on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Release tag to deploy (e.g. v3.3.0)'
        required: true

env:
  IMAGE: git.adlee.work/alee/golfgame

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy to production
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.PROD_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          envs: IMAGE
          script: |
            cd /opt/golfgame

            # Pull the same image that passed staging
            docker login git.adlee.work -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }}
            docker pull $IMAGE:${{ github.event.inputs.tag }}

            # Tag it so compose uses it
            docker tag $IMAGE:${{ github.event.inputs.tag }} golfgame-app:latest

            # Update code (for compose file / env changes)
            git fetch origin && git checkout ${{ github.event.inputs.tag }}

            # Restart app
            docker compose -f docker-compose.prod.yml up -d app

            # Wait for healthy
            echo "Waiting for health check..."
            for i in $(seq 1 30); do
              if docker compose -f docker-compose.prod.yml ps app | grep -q "healthy"; then
                echo "Production deploy successful — ${{ github.event.inputs.tag }}"
                exit 0
              fi
              sleep 2
            done
            echo "CRITICAL: app not healthy after 60s"
            docker compose -f docker-compose.prod.yml logs --tail=30 app
            exit 1