name: Deploy Container
description: Build Docker image, deploy container, and register with Pangolin

inputs:
  app-name:
    required: true
    description: Application name (used for image/container naming)
  branch:
    required: true
    description: Branch name; the repo's default branch deploys as production, everything else as a preview
  internal-port:
    required: false
    default: "80"
    description: Port the app listens on inside the container
  build-args:
    required: false
    default: ""
    description: Extra docker build args (space-separated KEY=VALUE pairs)
  env-vars:
    required: false
    default: ""
    description: |
      Runtime env vars for the container, one KEY=VALUE per line.
      Merged on top of /opt/apps/${app-name}/.env.${environment} on the runner;
      keys defined here win. Use secrets to avoid leaking values into logs.

runs:
  using: composite
  steps:
    - name: Derive deploy parameters
      id: derive
      shell: bash
      env:
        APP_NAME: ${{ inputs.app-name }}
        BRANCH: ${{ inputs.branch }}
        DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
      run: |
        BRANCH="${BRANCH#refs/heads/}"
        DEFAULT_BRANCH="${DEFAULT_BRANCH:-main}"

        if [[ "$BRANCH" == "$DEFAULT_BRANCH" ]]; then
          TAG="production"
          ENVIRONMENT="production"
          SUBDOMAIN="$APP_NAME"
          PORT=$(( 10000 + ( $(echo -n "${APP_NAME}-production" | cksum | awk '{print $1}') % 10000 ) ))
        else
          SLUG=$(echo "$BRANCH" | tr '/_' '--' | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]//g' | cut -c1-40)
          TAG="$SLUG"
          ENVIRONMENT="preview"
          SUBDOMAIN="${SLUG}.${APP_NAME}"
          PORT=$(( 20000 + ( $(echo -n "$SLUG" | cksum | awk '{print $1}') % 10000 ) ))
        fi

        REPO_SLUG="${GITHUB_REPOSITORY//\//-}"

        {
          echo "tag=$TAG"
          echo "environment=$ENVIRONMENT"
          echo "subdomain=$SUBDOMAIN"
          echo "port=$PORT"
          echo "resource-name=${REPO_SLUG}-${TAG}"
        } >> "$GITHUB_OUTPUT"

    - name: Build Docker image
      shell: bash
      run: |
        BUILD_ARGS="--build-arg APP_ENV=${{ steps.derive.outputs.environment }}"
        for arg in ${{ inputs.build-args }}; do
          BUILD_ARGS="$BUILD_ARGS --build-arg $arg"
        done
        docker build \
          $BUILD_ARGS \
          -t ${{ inputs.app-name }}:${{ steps.derive.outputs.tag }} \
          -f dockerfile .

    - name: Write workflow env-vars to file
      id: env-file
      shell: bash
      env:
        ENV_VARS: ${{ inputs.env-vars }}
      run: |
        OVERRIDE_FILE=""
        if [[ -n "$ENV_VARS" ]]; then
          OVERRIDE_FILE=$(mktemp)
          printf '%s\n' "$ENV_VARS" > "$OVERRIDE_FILE"
        fi
        echo "path=$OVERRIDE_FILE" >> "$GITHUB_OUTPUT"

    - name: Deploy container
      shell: bash
      run: |
        bash ${{ github.action_path }}/deploy.sh \
          --name "${{ inputs.app-name }}" \
          --tag "${{ steps.derive.outputs.tag }}" \
          --port "${{ steps.derive.outputs.port }}" \
          --internal-port "${{ inputs.internal-port }}" \
          --env "${{ steps.derive.outputs.environment }}" \
          --env-override "${{ steps.env-file.outputs.path }}"

    - name: Register Pangolin resource
      shell: bash
      run: |
        bash ${{ github.action_path }}/pangolin-upsert.sh \
          --subdomain "${{ steps.derive.outputs.subdomain }}" \
          --port "${{ steps.derive.outputs.port }}" \
          --resource-name "${{ steps.derive.outputs.resource-name }}" \
          --target-ip "$PANGOLIN_TARGET_IP"