name: Deploy Website

on:
  push:
    branches:
      - main   # change if your main branch is different

jobs:
  deploy:
    runs-on: self-hosted
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      # ---- Debug info ----
      - name: Debug secrets and env
        run: |
          echo "Host: ${DEPLOY_HOST}"
          echo "User: ${DEPLOY_USER}"
          echo "Port: ${DEPLOY_PORT:-22}"
          if [ -n "${DEPLOY_KEY}" ]; then
            echo "✅ DEPLOY_KEY appears set (length: ${#DEPLOY_KEY})"
          else
            echo "❌ DEPLOY_KEY is empty!"
            exit 1
          fi
        env:
          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}

      # ---- SSH setup ----
      - name: Set up SSH key
        run: |
          set -e
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          printf "%s" "${DEPLOY_KEY}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

          echo "🔑 Testing ssh-keyscan on ${DEPLOY_HOST}:${DEPLOY_PORT:-22}"
          if ! ssh-keyscan -p "${DEPLOY_PORT:-22}" -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts 2>/dev/null; then
            echo "⚠️ ssh-keyscan failed (host unreachable?)"
          fi
        env:
          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}

      # ---- Deploy via rsync ----
      - name: Deploy website via rsync
        run: |
          echo "🚀 Deploying to ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH} (port ${DEPLOY_PORT:-22})"
          rsync -avz -e "ssh -p ${DEPLOY_PORT:-22}" --delete ./ \
            ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}