.github/workflows/frontend.yaml

name: Frontend CI and CD

on:
  push:
    paths:
      - .github/**
      - frontend/**
  pull_request:
    paths:
      - .github/**
      - frontend/**

defaults:
  run:
    working-directory: ./frontend

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: frontend

  EC2_SSH_ADDRESS: ${{ secrets.EC2_SSH_ADDRESS }}
  EC2_SSH_ENDPOINT: ${{ secrets.EC2_SSH_USER }}@${{ secrets.EC2_SSH_ADDRESS }}

  INTERNAL_BACKEND_BASE_URL: ${{ secrets.INTERNAL_BACKEND_BASE_URL }}
  NEXT_PUBLIC_FILES_PROTOCOL: https
  NEXT_PUBLIC_FILES_HOST: ${{ secrets.NEXT_PUBLIC_FILES_HOST }}

jobs:
  ci:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Build image
        uses: ./.github/actions/docker-build
        with:
          context: ./frontend
          dockerfile: ./frontend/Dockerfile
          image-name: ${{ env.IMAGE_NAME }}
          target: production
          push: false
          container-registry: ${{ env.REGISTRY }}

  build-and-push-images:
    runs-on: ubuntu-latest

    if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}

    permissions:
      packages: write
      contents: read

    needs:
      - ci

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Build and push image
        uses: ./.github/actions/docker-build
        with:
          context: ./frontend
          dockerfile: ./frontend/Dockerfile
          image-name: ${{ env.IMAGE_NAME }}
          target: production
          push: true
          container-registry: ${{ env.REGISTRY }}
          container-registry-username: ${{ github.actor }}
          container-registry-password: ${{ secrets.GITHUB_TOKEN }}

  deploy:
    runs-on: ubuntu-latest

    if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}

    needs:
      - build-and-push-images

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Deploy services
        run: |
          # Setup ssh key
          echo '${{ secrets.EC2_SSH_PRIVATE_KEY }}' > ~/ec2-key.pem
          chmod 400 ~/ec2-key.pem

          mkdir -p ~/.ssh
          ssh-keyscan -H $EC2_SSH_ADDRESS >> ~/.ssh/known_hosts

          # Ensure remote directory exists
          ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
            sudo mkdir -p /tmp/deployment_frontend
            sudo chown ${{ secrets.EC2_SSH_USER }}:${{ secrets.EC2_SSH_USER }} /tmp/deployment_frontend
          EOF

          # Copy files
          scp -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ./compose.frontend.yaml $EC2_SSH_ENDPOINT:/tmp/deployment_frontend/ > /dev/null 2>&1

          # Connect and deploy services
          ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
            export FRONTEND_IMAGE='${{ secrets.FRONTEND_IMAGE }}'
            export INTERNAL_BACKEND_BASE_URL='${{ env.INTERNAL_BACKEND_BASE_URL }}'
            export NEXT_PUBLIC_FILES_PROTOCOL='${{ env.NEXT_PUBLIC_FILES_PROTOCOL }}'
            export NEXT_PUBLIC_FILES_HOST='${{ env.NEXT_PUBLIC_FILES_HOST }}'

            # Run Docker Compose
            cd /tmp/deployment_frontend/

            docker compose -f compose.frontend.yaml --project-name frontend up --pull always --detach

            sudo rm -rf /tmp/deployment_frontend
          EOF