---
name: deploy

on:
  workflow_dispatch:
    inputs:
      sha:
        description: Commit SHA to promote (defaults to dispatch SHA)
        required: false
        type: string

permissions:
  contents: read

env:
  REGISTRY_SERVER: docker.io
  RELEASE_IMAGE_NAME: docker.io/genunix/homeassistant
  KUBERNETES_NAMESPACE: hass

jobs:
  promote-and-deploy:
    if: github.event_name == 'workflow_dispatch'
    runs-on: docker
    container:
      image: quay.io/podman/stable:v5.4
      options: >-
        --privileged
        --security-opt seccomp=unconfined
        --device /dev/fuse
        --user root
    env:
      CONTAINERS_STORAGE_DRIVER: vfs
      BUILDAH_FORMAT: docker
      XDG_RUNTIME_DIR: /tmp/run
      SHA_INPUT: ${{ inputs.sha }}
    steps:
      - name: Podman login
        env:
          REGISTRY_USERNAME: ${{ secrets.dockerhub_username }}
          REGISTRY_PASSWORD: ${{ secrets.dockerhub_password }}
        run: |
          mkdir -p /var/lib/containers "$XDG_RUNTIME_DIR"
          echo -n "$REGISTRY_PASSWORD" | podman login --username "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_SERVER"
      - name: Promote latest from SHA
        run: |
          set -euo pipefail
          SHA_TO_PROMOTE=${SHA_INPUT:-${GITHUB_SHA}}
          echo "== Promoting ${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE} into production"
          podman pull "docker://${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}"
          podman push "${RELEASE_IMAGE_NAME}:${SHA_TO_PROMOTE}" "docker://${RELEASE_IMAGE_NAME}:latest"
      - name: Logout
        if: always()
        run: |
          podman logout "${REGISTRY_SERVER}"
      - name: Notify via Pushover on failure
        if: failure()
        run: |
          curl -v \
            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
            -F "user=${{ secrets.PUSHOVER_USER }}" \
            --form-string "title=HomeAssistant Promote Failed" \
            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
            -F "message=Workflow failed on ${{ github.repository }}" \
            https://api.pushover.net/1/messages.json

  deploy:
    if: github.event_name == 'workflow_dispatch'
    runs-on: docker
    needs: promote-and-deploy
    container:
      image: bitnami/kubectl
    steps:
      - name: Write kubeconfig
        env:
          KUBECONFIG_CONTENT: ${{ secrets.kubeconfig }}
        run: |
          echo "$KUBECONFIG_CONTENT" > kubeconfig
      - name: Rollout restart
        run: |
          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout restart deployment/hass
          kubectl --kubeconfig=kubeconfig -n ${KUBERNETES_NAMESPACE} rollout status deployment/hass
      - name: Notify via Pushover on failure
        if: failure()
        run: |
          curl -v \
            -F "token=${{ secrets.PUSHOVER_TOKEN }}" \
            -F "user=${{ secrets.PUSHOVER_USER }}" \
            --form-string "title=HomeAssistant Deploy Failed" \
            --form-string "url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
            -F "message=Workflow failed on ${{ github.repository }}" \
            https://api.pushover.net/1/messages.json