stages:
  - lint
  - build
  - backup
  - deploy

.configure_ssh:
  before_script:
    # Run ssh-agent for keys management
    - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
    - eval $(ssh-agent -s)
    # Add place for ssh related files
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    # Initialize token
    - chmod 400 "$SSH_PRIVATE_KEY"
    - ssh-add "$SSH_PRIVATE_KEY"
    # Add server fingerprint to known hosts
    - ssh-keyscan "$SSH_HOST" >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts

.on_merge_request:
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - when: never

lint-ruff:
  stage: lint
  image: registry.gitlab.com/pipeline-components/ruff:latest
  rules: 
    - !reference [.on_merge_request, rules]
  script:
    - echo "☕ Linting with ruff"
    - ruff check --output-format=gitlab src/
    - echo "✅ Passed"

lint-mypy:
  stage: lint
  image: python:3.12
  rules:
    - !reference [.on_merge_request, rules]
  before_script:
  - pip install mypy
  - apt install make 
  - make deps
  script:
    - echo "🐍 Typechecking with mypy"
    - mypy src
    - echo "✅ Passed"

build:
  stage: build
  image: docker:latest
  services:
    - docker:dind
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
  script:
    - docker pull $CI_REGISTRY_IMAGE:latest || true
    - docker build --target prod --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker push $CI_REGISTRY_IMAGE:latest

database-backup:
  stage: backup  
  image: ubuntu:latest
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
  before_script:
    - !reference [.configure_ssh, before_script]
  script:
    - echo "💾 backuping database"
    - ssh $SSH_USER@$SSH_HOST "docker exec database pg_dump --column-inserts udom >> pre_deploy.sql"
    - echo "✅ Passed"
  
deploy-dev:
  stage: deploy
  image: ubuntu:latest  
  rules:
    - if: '$CI_COMMIT_BRANCH == "dev"'
  before_script:
    - !reference [.configure_ssh, before_script]
  script:
    - echo "🚀🧨 Deploing dev changes"
    - ssh $SSH_USER@$SSH_HOST "cd /root/udom_dev/ && git pull && docker compose -f compose-dev.yaml up -d --build --remove-orphans"
    - echo "✅ Passed"

deploy-main:
  stage: deploy
  image: ubuntu:latest
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'
  before_script:
    - !reference [.configure_ssh, before_script]
  script:
    - echo "🚀 Deploing changes"
    - ssh $SSH_USER@$SSH_HOST "cd /root/udom/ && git pull && echo $SERVER_TOKEN | docker login registry.gitlab.com -u 'Server' --password-stdin && docker compose pull && docker compose up -d --build --remove-orphans"
    - echo "✅ Passed"