name: Dynamic Branch Deploy
on: [push]

env:
  REGISTRY: git.zb-server.de
  # WICHTIG: Deine echte Haupt-Domain
  BASE_DOMAIN: escape-from-school.de

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      # 1. Code auschecken
      - name: Checkout Code
        uses: actions/checkout@v3

      # 2. Variablen vorbereiten (MIT HAUPT-DOMAIN LOGIK)
      - name: Prepare Environment Variables
        id: prep
        run: |
          # 1. Repo und Branch Namen säubern
          # Voller Pfad für Docker Image (z.B. "user/escape-teacher")
          FULL_IMAGE_PATH=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]')
          
          # Nur der Projektname für K8s (z.B. "escape-teacher")
          REPO_LOWER=$(echo "$FULL_IMAGE_PATH" | cut -d'/' -f2)
          
          # Branch Name säubern (Sonderzeichen zu Bindestrichen)
          BRANCH_LOWER=$(echo "${{ gitea.ref_name }}" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g')
          
          # 2. Logik: Ist es der Haupt-Branch?
          if [ "$BRANCH_LOWER" = "main" ] || [ "$BRANCH_LOWER" = "master" ]; then
            # PRODUKTION:
            # URL ist direkt die Domain (ohne Subdomain)
            APP_URL="${{ env.BASE_DOMAIN }}"
            # Namespace ist nur der Projektname (ohne Branch-Suffix)
            TARGET_NS="${REPO_LOWER}"
            echo "Mode: PRODUCTION (Root Domain)"
          else
            # ENTWICKLUNG:
            # URL ist repo-branch.domain.de
            APP_URL="${REPO_LOWER}-${BRANCH_LOWER}.${{ env.BASE_DOMAIN }}"
            # Namespace ist repo-branch
            TARGET_NS="${REPO_LOWER}-${BRANCH_LOWER}"
            echo "Mode: DEVELOPMENT (Subdomain)"
          fi
          
          # Image Tag (Commit Hash)
          IMAGE_TAG="${{ gitea.sha }}"

          # Debug Ausgabe
          echo "DEBUG: Branch: $BRANCH_LOWER"
          echo "DEBUG: Namespace: $TARGET_NS"
          echo "DEBUG: URL: $APP_URL"

          # In Gitea Actions Environment schreiben
          echo "FULL_IMAGE_PATH=$FULL_IMAGE_PATH" >> $GITHUB_ENV
          echo "REPO_NAME=$REPO_LOWER" >> $GITHUB_ENV
          echo "TARGET_NS=$TARGET_NS" >> $GITHUB_ENV
          echo "APP_URL=$APP_URL" >> $GITHUB_ENV
          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV

      # 3. Kaniko Build
      - name: Build and Push with Kaniko
        uses: aevea/action-kaniko@v0.12.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ gitea.actor }}
          password: ${{ secrets.PACKAGE_TOKEN }}
          image: ${{ env.FULL_IMAGE_PATH }}
          tag: ${{ env.IMAGE_TAG }}
          cache: true
          extra_args: --skip-tls-verify-pull --insecure

      # 4. Setup Kubectl (Interner Trick)
      - name: Setup Kubectl
        run: |
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          mv kubectl /usr/local/bin/

          mkdir -p $HOME/.kube
          echo "${{ secrets.KUBE_CONFIG }}" > $HOME/.kube/config
          chmod 600 $HOME/.kube/config
          
          # Internal DNS Trick (für Kommunikation innerhalb des Clusters)
          sed -i 's|server: https://.*:6443|server: https://kubernetes.default.svc:443|g' $HOME/.kube/config

      # 5. Deploy to Kubernetes
      - name: Deploy to Kubernetes
        run: |
          # Namespace erstellen (falls nicht existiert)
          kubectl create namespace ${{ env.TARGET_NS }} --dry-run=client -o yaml | kubectl apply -f -
          
          # Vollen Image Pfad bauen
          FULL_IMAGE_URL="${{ env.REGISTRY }}/${{ env.FULL_IMAGE_PATH }}:${{ env.IMAGE_TAG }}"
          
          # 1. Ingress anpassen (Hier wird die URL eingesetzt!)
          sed -i "s|\${APP_URL}|${{ env.APP_URL }}|g" k8s/ingress.yaml
          
          # 2. App Deployment anpassen (Image & Secrets)
          # Nutze Secrets oder Fallback-Werte
          ADMIN_USER="${{ secrets.ADMIN_USER || 'lehrer' }}"
          ADMIN_PASS="${{ secrets.ADMIN_PASS || 'geheim123' }}"
          
          sed -i "s|\${IMAGE_NAME}|$FULL_IMAGE_URL|g" k8s/app.yaml
          sed -i "s|\${ADMIN_USER}|$ADMIN_USER|g" k8s/app.yaml
          sed -i "s|\${ADMIN_PASS}|$ADMIN_PASS|g" k8s/app.yaml

          # Anwenden
          echo "Deploying Resources to Namespace: ${{ env.TARGET_NS }}"
          kubectl apply -f k8s/redis.yaml -n ${{ env.TARGET_NS }}
          kubectl apply -f k8s/app.yaml -n ${{ env.TARGET_NS }}
          kubectl apply -f k8s/ingress.yaml -n ${{ env.TARGET_NS }}
          
          # HPA (Autoscaling) nur für Main/Master Branch aktivieren
          # Wir vergleichen den Namespace mit dem Repo-Namen
          # Wenn Namespace == RepoName, dann sind wir im Main Branch
          if [ "${{ env.TARGET_NS }}" == "${{ env.REPO_NAME }}" ]; then
            echo "Main Branch detected: Applying HPA (Autoscaling)..."
            kubectl apply -f k8s/hpa.yaml -n ${{ env.TARGET_NS }}
          else
            echo "Feature Branch: Skipping HPA."
            # Optional: HPA löschen, falls es versehentlich da ist
            kubectl delete hpa escape-game-hpa -n ${{ env.TARGET_NS }} --ignore-not-found
          fi

          # Force Update (damit das neue Image sicher geladen wird)
          kubectl rollout restart deployment/escap10e-game -n ${{ env.TARGET_NS }}

      # 6. Summary
      - name: Summary
        run: echo "🚀 Deployed successfully to https://${{ env.APP_URL }}"