name: CD Deployment - Kubernetes

on:
  workflow_run:
    workflows: ["CD Bootstrap - Release Image Publish"]
    types: [completed]
    branches: [main, develop]
  workflow_dispatch:
    inputs:
      image_tag:
        description: 'Image tag to deploy (e.g., latest, dev)'
        required: true
        default: 'dev'
        type: string

jobs:
  deploy:
    name: Deploy to Kubernetes
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install kubectl
        run: |
          curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x kubectl
          sudo mv kubectl /usr/local/bin/

      - name: Install Kustomize
        run: |
          curl -Lo kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv5.4.1/kustomize_v5.4.1_linux_amd64.tar.gz
          tar -xzf kustomize.tar.gz
          chmod +x kustomize
          sudo mv kustomize /usr/local/bin/

      - name: Set Image Tag
        run: |
          IMAGE_TAG="${{ github.event.inputs.image_tag }}"
          if [[ -z "$IMAGE_TAG" ]]; then
            IMAGE_TAG="dev" # Default for auto-trigger
          fi
          echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV

      - name: Kustomize Edit Image Tag
        working-directory: ./infra/k8s/overlays/dev
        run: |
          kustomize edit set image 192.168.241.13:8080/workclub-api=192.168.241.13:8080/workclub-api:$IMAGE_TAG
          kustomize edit set image 192.168.241.13:8080/workclub-frontend=192.168.241.13:8080/workclub-frontend:$IMAGE_TAG

      - name: Deploy to Kubernetes
        run: |
          export KUBECONFIG=$HOME/.kube/config
          mkdir -p $HOME/.kube
          if echo "${{ secrets.KUBECONFIG }}" | grep -q "apiVersion"; then
            echo "Detected plain text KUBECONFIG"
            printf '%s' "${{ secrets.KUBECONFIG }}" > $KUBECONFIG
          else
            echo "Detected base64 KUBECONFIG"
            # Handle potential newlines/wrapping in the secret
            printf '%s' "${{ secrets.KUBECONFIG }}" | base64 -d > $KUBECONFIG
          fi
          chmod 600 $KUBECONFIG
          
          # Diagnostics
          echo "Kubeconfig path: $KUBECONFIG"
          echo "Kubeconfig size: $(wc -c < $KUBECONFIG) bytes"
          echo "Available contexts:"
          kubectl config get-contexts
          
          if ! grep -q "current-context" $KUBECONFIG; then
            echo "Warning: current-context missing, attempting to fix..."
            FIRST_CONTEXT=$(kubectl config get-contexts -o name | head -n 1)
            if [ -n "$FIRST_CONTEXT" ]; then
              kubectl config use-context "$FIRST_CONTEXT"
            fi
          fi
          
          echo "Current context: $(kubectl config current-context)"
          
          # Ensure target namespace exists
          kubectl create namespace workclub-dev --dry-run=client -o yaml | kubectl apply -f -
          
          # Delete existing StatefulSet to allow immutable field changes (vct -> emptyDir)
          kubectl delete statefulset workclub-postgres -n workclub-dev --ignore-not-found
          
          kubectl config view --minify # Verification of context
          kubectl apply -k infra/k8s/overlays/dev