name: CI/CD

# Test on every push/PR; build + push an image and deploy on develop (staging)
# and on v* tags (production). Deployment goes through the Swarmpit REST API.
on:
  push:
    branches: [main, develop]
    tags: ["v*"]
  pull_request:
    branches: [main, develop]

env:
  REGISTRY: git.intra.yksa.space
  IMAGE_NAME: web/predictor

jobs:
  test:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: "1.25"
          cache: true

      - name: Check formatting
        run: |
          unformatted="$(gofmt -l .)"
          if [ -n "$unformatted" ]; then
            echo "These files need gofmt:"; echo "$unformatted"; exit 1
          fi

      - name: Vet
        run: go vet ./...

      - name: Build
        run: go build ./...

      - name: Test
        run: go test -race ./...

  build:
    needs: test
    runs-on: ubuntu-24.04
    if: github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/v')
    outputs:
      tag: ${{ steps.meta.outputs.tag }}
    steps:
      - uses: actions/checkout@v4

      - uses: docker/setup-buildx-action@v3

      - uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Resolve image tag
        id: meta
        run: |
          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
            TAG="${GITHUB_REF#refs/tags/v}"
          else
            TAG="develop"
          fi
          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
          echo "Resolved tag: ${TAG}"

      - name: Build and push image
        run: |
          IMAGE="${REGISTRY}/${IMAGE_NAME}"
          TAG="${{ steps.meta.outputs.tag }}"
          TAGS="-t ${IMAGE}:${TAG}"
          # Tagged releases also move :latest.
          if [[ "${TAG}" != "develop" ]]; then
            TAGS="${TAGS} -t ${IMAGE}:latest"
          fi
          docker buildx build \
            --platform linux/amd64 \
            --build-arg VERSION="${TAG}" \
            --build-arg REVISION="${{ github.sha }}" \
            --push ${TAGS} .

  deploy-staging:
    needs: build
    runs-on: ubuntu-24.04
    if: github.ref == 'refs/heads/develop'
    environment: staging
    steps:
      - uses: actions/checkout@v4
      - name: Deploy to Swarmpit (staging)
        env:
          SWARMPIT_URL: ${{ secrets.SWARMPIT_URL }}
          SWARMPIT_TOKEN: ${{ secrets.SWARMPIT_TOKEN }}
          STACK_NAME: ${{ secrets.STACK_NAME }}
          CA_CERTIFICATES: ${{ secrets.CA_CERTIFICATES }}
          TAG: ${{ needs.build.outputs.tag }}
        run: sh deploy/swarmpit-deploy.sh

  deploy-production:
    needs: build
    runs-on: ubuntu-24.04
    if: startsWith(github.ref, 'refs/tags/v')
    environment: production
    steps:
      - uses: actions/checkout@v4
      - name: Deploy to Swarmpit (production)
        env:
          SWARMPIT_URL: ${{ secrets.SWARMPIT_URL }}
          SWARMPIT_TOKEN: ${{ secrets.SWARMPIT_TOKEN }}
          STACK_NAME: ${{ secrets.STACK_NAME }}
          CA_CERTIFICATES: ${{ secrets.CA_CERTIFICATES }}
          TAG: ${{ needs.build.outputs.tag }}
        run: sh deploy/swarmpit-deploy.sh