stages:
  - build
  - deploy

variables:
  DOCKER_TLS_CERTDIR: /certs
  DEPLOYMENT_VERSION: $CI_COMMIT_SHA

.build-template: &build-template
  stage: build
  rules:
    - if: $CI_COMMIT_REF_NAME == "master"
  image:
    name: gcr.io/kaniko-project/executor:v1.23.2-debug
    entrypoint: [""]
  variables:
    DOCKER_CONFIG: /kaniko/.docker
    REGISTRY_USER: $CI_REGISTRY_USER
    REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD
    REGISTRY_URL: $CI_REGISTRY
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor
      --context "${CONTEXT}"
      --dockerfile "${DOCKERFILE_PATH}"
      --destination "${IMAGE_NAME}:${CI_COMMIT_SHA}"
      --destination "${IMAGE_NAME}:latest"
      --cache=true
      --registry-mirror=dockerhub.timeweb.cloud
  retry: 2

build_frontend:
  <<: *build-template
  variables:
    CONTEXT: ${CI_PROJECT_DIR}/services/frontend
    DOCKERFILE_PATH: Dockerfile
    IMAGE_NAME: $CI_REGISTRY_IMAGE/frontend

build_backend:
  <<: *build-template
  variables:
    CONTEXT: ${CI_PROJECT_DIR}/services/backend
    DOCKERFILE_PATH: Dockerfile
    IMAGE_NAME: $CI_REGISTRY_IMAGE/backend

build_backend-staticfiles:
  <<: *build-template
  variables:
    CONTEXT: ${CI_PROJECT_DIR}/services/backend
    DOCKERFILE_PATH: Dockerfile.staticfiles
    IMAGE_NAME: $CI_REGISTRY_IMAGE/backend-staticfiles

build_checker:
  <<: *build-template
  variables:
    CONTEXT: ${CI_PROJECT_DIR}/services/checker
    DOCKERFILE_PATH: Dockerfile
    IMAGE_NAME: $CI_REGISTRY_IMAGE/checker

build_custom-python:
  <<: *build-template
  variables:
    CONTEXT: ${CI_PROJECT_DIR}/services/checker
    DOCKERFILE_PATH: Dockerfile.checker
    IMAGE_NAME: $CI_REGISTRY_IMAGE/custom-python

build_docs:
  <<: *build-template
  variables:
    CONTEXT: ${CI_PROJECT_DIR}/services/docs
    DOCKERFILE_PATH: Dockerfile
    IMAGE_NAME: $CI_REGISTRY_IMAGE/docs

deploy:
  image: kroniak/ssh-client:3.19
  stage: deploy
  rules:
    - if: $CI_COMMIT_REF_NAME == "master"
  variables:
    SSH_ADDRESS: $SSH_USER@$SSH_HOST
    SSH_PRIVATE_KEY_BASE64: $SSH_PRIVATE_KEY_BASE64
  environment:
    name: production
    url: https://datarush.itqdev.xyz
  resource_group: production
  script:
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo -e "Host *\n\tStrictHostKeyChecking no\n\tIdentitiesOnly yes\n\n" > ~/.ssh/config
    - echo "$SSH_PRIVATE_KEY_BASE64" | base64 -d > ~/.ssh/id_rsa
    - chmod 600 ~/.ssh/id_rsa
    - ssh-keyscan -H $SSH_HOST -p $SSH_PORT > /dev/null 2>&1

    - AUTH_COMMAND="echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin";
    - ssh -p $SSH_PORT $SSH_ADDRESS "$AUTH_COMMAND" > /dev/null 2>&1

    - SET_VERSION="echo "VERSION=$DEPLOYMENT_VERSION" > ~/deploy/.env"
    - ssh -p $SSH_PORT $SSH_ADDRESS "$SET_VERSION" > /dev/null 2>&1

    - scp -P $SSH_PORT -C -r infrastructure/ compose.yaml $SSH_ADDRESS:~/deploy/ > /dev/null 2>&1
    - |
      ssh -p $SSH_PORT $SSH_ADDRESS > /dev/null 2>&1 <<'EOF'
      cd ~/deploy

      docker compose pull --policy always -q > deploy.log 2>&1
      docker compose up -d --remove-orphans --force-recreate >> deploy.log 2>&1
      docker compose ps >> deploy.log 2>&1

      nohup docker system prune -a --force >> deploy.log 2>&1 &
      EOF
  retry: 2