name: CD Bootstrap - Release Image Publish

on:
  workflow_dispatch:
    inputs:
      image_tag:
        description: 'Image tag (e.g., v1.0.0, latest, dev)'
        required: true
        default: 'latest'
        type: string
      build_backend:
        description: 'Build backend image'
        required: false
        default: true
        type: boolean
      build_frontend:
        description: 'Build frontend image'
        required: false
        default: true
        type: boolean

env:
  REGISTRY_HOST: http://192.168.241.13:8080
  BACKEND_IMAGE: workclub-api
  FRONTEND_IMAGE: workclub-frontend

jobs:
  prepare:
    name: Prepare Build Metadata
    runs-on: ubuntu-latest
    outputs:
      image_tag: ${{ steps.metadata.outputs.image_tag }}
      image_sha: ${{ steps.metadata.outputs.image_sha }}
      build_backend: ${{ steps.metadata.outputs.build_backend }}
      build_frontend: ${{ steps.metadata.outputs.build_frontend }}
    
    steps:
      - name: Generate build metadata
        id: metadata
        run: |
          IMAGE_TAG="${{ github.event.inputs.image_tag }}"
          if [[ -z "$IMAGE_TAG" ]]; then
            IMAGE_TAG="latest"
          fi
          
          IMAGE_SHA="${{ github.sha }}"
          IMAGE_SHA_SHORT="${IMAGE_SHA:0:7}"
          
          BUILD_BACKEND="${{ github.event.inputs.build_backend }}"
          BUILD_FRONTEND="${{ github.event.inputs.build_frontend }}"
          
          if [[ -z "$BUILD_BACKEND" || "$BUILD_BACKEND" == "false" ]]; then
            BUILD_BACKEND="false"
          else
            BUILD_BACKEND="true"
          fi
          
          if [[ -z "$BUILD_FRONTEND" || "$BUILD_FRONTEND" == "false" ]]; then
            BUILD_FRONTEND="false"
          else
            BUILD_FRONTEND="true"
          fi
          
          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
          echo "image_sha=$IMAGE_SHA_SHORT" >> $GITHUB_OUTPUT
          echo "build_backend=$BUILD_BACKEND" >> $GITHUB_OUTPUT
          echo "build_frontend=$BUILD_FRONTEND" >> $GITHUB_OUTPUT
          
          echo "✅ Build configuration:"
          echo "   Image Tag: $IMAGE_TAG"
          echo "   Commit SHA: $IMAGE_SHA_SHORT"
          echo "   Build Backend: $BUILD_BACKEND"
          echo "   Build Frontend: $BUILD_FRONTEND"

  backend-image:
    name: Build & Push Backend Image
    runs-on: ubuntu-latest
    needs: [prepare]
    if: needs.prepare.outputs.build_backend == 'true'
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      
      - name: Configure insecure registry
        run: |
          sudo mkdir -p /etc/docker
          
          if [ -f /etc/docker/daemon.json ] && [ -s /etc/docker/daemon.json ]; then
            echo "$(jq '. + {"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' /etc/docker/daemon.json)" | sudo tee /etc/docker/daemon.json
          else
            echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
          fi
          
          sudo systemctl restart docker
          sleep 5
          docker info | grep "Insecure Registries" -A 2
      
      - name: Login to registry (if credentials provided)
        if: ${{ secrets.REGISTRY_USERNAME != '' && secrets.REGISTRY_PASSWORD != '' }}
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_HOST }} \
            --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
      
      - name: Build backend image
        working-directory: ./backend
        run: |
          docker build \
            -t ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
            -f Dockerfile \
            .
      
      - name: Tag with commit SHA
        run: |
          docker tag \
            ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
            ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
      
      - name: Push images to registry
        run: |
          docker push ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}
          docker push ${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
      
      - name: Capture push evidence
        run: |
          mkdir -p .sisyphus/evidence
          cat > .sisyphus/evidence/task-31-backend-push.json <<EOF
           {
             "scenario": "backend_image_push",
             "result": "success",
             "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
             "details": {
               "image": "${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}",
               "version_tag": "${{ needs.prepare.outputs.image_tag }}",
               "sha_tag": "sha-${{ needs.prepare.outputs.image_sha }}",
               "registry": "${{ env.REGISTRY_HOST }}"
             }
           }
          EOF
      
      - name: Upload backend push evidence
        uses: actions/upload-artifact@v3
        with:
          name: backend-push-evidence
          path: .sisyphus/evidence/task-31-backend-push.json
          retention-days: 30

  frontend-image:
    name: Build & Push Frontend Image
    runs-on: ubuntu-latest
    needs: [prepare]
    if: needs.prepare.outputs.build_frontend == 'true'
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      
      - name: Configure insecure registry
        run: |
          sudo mkdir -p /etc/docker
          
          if [ -f /etc/docker/daemon.json ] && [ -s /etc/docker/daemon.json ]; then
            echo "$(jq '. + {"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' /etc/docker/daemon.json)" | sudo tee /etc/docker/daemon.json
          else
            echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
          fi
          
          sudo systemctl restart docker
          sleep 5
          docker info | grep "Insecure Registries" -A 2
      
      - name: Login to registry (if credentials provided)
        if: ${{ secrets.REGISTRY_USERNAME != '' && secrets.REGISTRY_PASSWORD != '' }}
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY_HOST }} \
            --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
      
      - name: Build frontend image
        working-directory: ./frontend
        run: |
          docker build \
            -t ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
            -f Dockerfile \
            .
      
      - name: Tag with commit SHA
        run: |
          docker tag \
            ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }} \
            ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
      
      - name: Push images to registry
        run: |
          docker push ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}
          docker push ${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}
      
      - name: Capture push evidence
        run: |
          mkdir -p .sisyphus/evidence
          cat > .sisyphus/evidence/task-32-frontend-push.json <<EOF
           {
             "scenario": "frontend_image_push",
             "result": "success",
             "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
             "details": {
               "image": "${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}",
               "version_tag": "${{ needs.prepare.outputs.image_tag }}",
               "sha_tag": "sha-${{ needs.prepare.outputs.image_sha }}",
               "registry": "${{ env.REGISTRY_HOST }}"
             }
           }
          EOF
      
      - name: Upload frontend push evidence
        uses: actions/upload-artifact@v3
        with:
          name: frontend-push-evidence
          path: .sisyphus/evidence/task-32-frontend-push.json
          retention-days: 30

  release-summary:
    name: Create Release Summary Evidence
    runs-on: ubuntu-latest
    needs: [prepare, backend-image, frontend-image]
    if: always()
    
    steps:
      - name: Generate release summary
        run: |
          mkdir -p .sisyphus/evidence
          
          # Task 33 evidence: CD bootstrap release summary
          cat > .sisyphus/evidence/task-33-cd-bootstrap-release.json <<EOF
          {
            "release_tag": "${{ needs.prepare.outputs.image_tag }}",
            "commit_sha": "${{ needs.prepare.outputs.image_sha }}",
            "backend_image": "${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}",
            "frontend_image": "${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}",
            "backend_job_conclusion": "${{ needs.backend-image.result }}",
            "frontend_job_conclusion": "${{ needs.frontend-image.result }}",
            "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)"
          }
          EOF
      
      - name: Upload all evidence artifacts
        uses: actions/upload-artifact@v3
        with:
          name: cd-bootstrap-evidence
          path: .sisyphus/evidence/*.json
          retention-days: 30
      
      - name: Summary report
        run: |
          echo "## 🚀 CD Bootstrap Release Summary" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "**Release Tag:** ${{ needs.prepare.outputs.image_tag }}" >> $GITHUB_STEP_SUMMARY
          echo "**Commit SHA:** ${{ needs.prepare.outputs.image_sha }}" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Published Images" >> $GITHUB_STEP_SUMMARY
          echo "- **Backend:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\`" >> $GITHUB_STEP_SUMMARY
          echo "- **Backend SHA:** \`${{ env.REGISTRY_HOST }}/${{ env.BACKEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}\`" >> $GITHUB_STEP_SUMMARY
          echo "- **Frontend:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:${{ needs.prepare.outputs.image_tag }}\`" >> $GITHUB_STEP_SUMMARY
          echo "- **Frontend SHA:** \`${{ env.REGISTRY_HOST }}/${{ env.FRONTEND_IMAGE }}:sha-${{ needs.prepare.outputs.image_sha }}\`" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "### Job Results" >> $GITHUB_STEP_SUMMARY
          echo "- Backend Image: ${{ needs.backend-image.result }}" >> $GITHUB_STEP_SUMMARY
          echo "- Frontend Image: ${{ needs.frontend-image.result }}" >> $GITHUB_STEP_SUMMARY