name: auth-gateway

on:
  push:
    branches: [main]
    paths:
      - apps/auth/services/gateway/**
      - go.mod
      - go.sum

env:
  IMAGE: ghcr.io/${{ github.repository_owner }}/homelab/auth-gateway

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v4

      - name: Log in to ghcr.io
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: apps/auth/services/gateway/Dockerfile
          push: true
          tags: |
            ${{ env.IMAGE }}:${{ github.sha }}
            ${{ env.IMAGE }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Deploy to k3s
        env:
          KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }}
        run: |
          mkdir -p ~/.kube
          echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config
          kubectl set image deployment/gateway \
            gateway=${{ env.IMAGE }}:${{ github.sha }} \
            -n auth
          kubectl rollout status deployment/gateway -n auth --timeout=120s