# See https://fly.io/docs/app-guides/continuous-deployment-with-github-actions/

name: Production CI
on:
  push:
    branches:
      - main

env:
  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}

jobs:
  ci:
    uses: ./.github/workflows/ci.yml
    secrets: inherit

  deploy:
    name: Deploy app
    needs: ci
    runs-on: ubuntu-latest
    concurrency: deploy-group

    environment:
      name: production

    steps:
      - uses: actions/checkout@v5

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

      - uses: superfly/flyctl-actions/setup-flyctl@master

      - name: Authenticate with Fly registry
        run: flyctl auth docker

      - name: Build and push Docker image (GHA cache)
        uses: docker/build-push-action@v6
        with:
          push: true
          context: .
          tags: registry.fly.io/spazio-solazzo:sha-${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Set Fly secrets
        run: |
          flyctl secrets --access-token "$FLY_API_TOKEN" set \
            TOKEN_SIGNING_SECRET="$TOKEN_SIGNING_SECRET" \
            ADMIN_EMAIL="$ADMIN_EMAIL" \
            SPAZIO_SOLAZZO_EMAIL="$SPAZIO_SOLAZZO_EMAIL" \
            FRONT_OFFICE_PHONE_NUMBER="$FRONT_OFFICE_PHONE_NUMBER" \
            RESEND_API_KEY="$RESEND_API_KEY" \
            DATABASE_URL="$DATABASE_URL"
        env:
          TOKEN_SIGNING_SECRET: ${{ secrets.TOKEN_SIGNING_SECRET }}
          ADMIN_EMAIL: ${{ secrets.ADMIN_EMAIL }}
          SPAZIO_SOLAZZO_EMAIL: ${{ secrets.SPAZIO_SOLAZZO_EMAIL }}
          FRONT_OFFICE_PHONE_NUMBER: ${{ secrets.FRONT_OFFICE_PHONE_NUMBER }}
          RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
          DATABASE_URL: ${{ secrets.DATABASE_URL }}

      - run: flyctl deploy --image ${{ env.IMAGE_TAG }}