name: Deploy

on:
  push:
    branches:
      - rewrite-static

jobs:
  deploy:
    name: Deploy website via rsync over SSH
    runs-on: [self-hosted, linux]

    env:
      DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
      DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
      DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
      DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
      DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Check required secrets
        run: |
          echo "Checking secrets availability..."
          for var in DEPLOY_KEY DEPLOY_USER DEPLOY_HOST DEPLOY_PORT DEPLOY_PATH; do
            if [ -z "${!var}" ]; then
              echo "Error: Secret $var is empty or undefined!" && exit 1
            else
              echo "Found secret $var (length: ${#var})"
            fi
          done
        shell: bash

      - name: Set up SSH key
        run: |
          echo "Setting up SSH environment..."
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          echo "$DEPLOY_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

          ssh-keyscan -p "$DEPLOY_PORT" -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null
          echo "SSH setup complete."
        shell: bash

      - name: Deploy via rsync
        run: |
          echo "Starting rsync deployment..."
          rsync -avz \
            --delete \
            -e "ssh -i ~/.ssh/id_ed25519 -p $DEPLOY_PORT -o StrictHostKeyChecking=no -o ConnectTimeout=10" \
            ./ "${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}"
          echo "Deployment finished successfully."
        shell: bash