name: Deploy Website

on:
  push:
    branches:
      - main  # change if your main branch is different

jobs:
  deploy:
    runs-on: self-hosted
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      # Debug step (optional) - confirms secrets and environment
      - name: Debug environment
        run: |
          echo "Host: ${DEPLOY_HOST}"
          if [ -n "${DEPLOY_KEY}" ]; then
            echo "? DEPLOY_KEY is set"
          else
            echo "? DEPLOY_KEY is missing!"
          fi
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}

      # Set up SSH key safely
      - name: Set up SSH key
        run: |
          mkdir -p ~/.ssh
          printf "%s" "${DEPLOY_KEY}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H "${DEPLOY_HOST}" >> ~/.ssh/known_hosts
        env:
          DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}

      # Deploy site files with rsync
      - name: Deploy website via rsync
        run: |
          echo "?? Deploying files to ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}"
          rsync -avz --delete ./ ${DEPLOY_USER}@${DEPLOY_HOST}:${DEPLOY_PATH}
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}