name: deploy-tunnel

on:
  push:
    branches: [ main ]

jobs:
#───────────────── deploy ─────────────────
  deploy:
    runs-on: docker
    env:
      TUNNEL_ID: ${{ secrets.TUNNEL_ID }}
      TUNNEL_CREDENTIALS: ${{ secrets.TUNNEL_CREDENTIALS }}
    steps:
      - uses: actions/checkout@v3

      - name: Create .env file from secrets
        run: |
          cat > .env << EOF
          TUNNEL_ID=${{ secrets.TUNNEL_ID }}
          EOF

      - name: Create credentials.json from secret
        run: |
          echo '${{ secrets.TUNNEL_CREDENTIALS }}' > credentials.json

      - name: Verify tunnel configuration
        run: |
          if [ ! -f credentials.json ] || [ ! -f .env ]; then
            echo "❌ Error: credentials.json o .env no se crearon correctamente"
            exit 1
          fi
          echo "✓ Archivos de configuración creados desde secrets"

      - name: Ensure external docker network exists
        run: |
          docker network inspect principal >/dev/null 2>&1 || docker network create principal

      - name: Pull fresh cloudflared image
        run: docker compose pull

      - name: Clean up stack
        run: docker compose --project-name cloudflared-tunnel down || true

      - name: Update stack
        run: docker compose --project-name cloudflared-tunnel up -d --remove-orphans --wait

      - name: Show tunnel status
        run: docker compose --project-name cloudflared-tunnel logs --tail=50