name: Magent CI/CD

on:
  push:
    branches:
      - beta
      - prod
  workflow_dispatch:

concurrency:
  group: magent-${{ github.ref }}
  cancel-in-progress: true

jobs:
  verify:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: "24"
          cache: npm
          cache-dependency-path: frontend/package-lock.json

      - name: Install frontend dependencies
        working-directory: frontend
        run: npm ci

      - name: Run backend quality gate
        run: bash scripts/ci_backend_quality_gate.sh

      - name: Build frontend
        working-directory: frontend
        run: npm run build

  deploy-prod:
    if: github.ref_name == 'prod'
    needs: verify
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Configure SSH key
        env:
          PROD_SSH_PRIVATE_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
          PROD_SSH_KNOWN_HOSTS: ${{ secrets.PROD_SSH_KNOWN_HOSTS }}
        run: |
          set -euo pipefail
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          printf '%s' "$PROD_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          if [ -n "${PROD_SSH_KNOWN_HOSTS:-}" ]; then
            printf '%s\n' "$PROD_SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
            chmod 644 ~/.ssh/known_hosts
          fi

      - name: Deploy to AMS-DEV01
        env:
          DEPLOY_HOST: ${{ secrets.PROD_SSH_HOST }}
          DEPLOY_USER: ${{ secrets.PROD_SSH_USER }}
          DEPLOY_PATH: ${{ secrets.PROD_DEPLOY_PATH }}
          DEPLOY_SSH_OPTS: -o StrictHostKeyChecking=accept-new
        run: bash scripts/deploy_ams_dev01.sh