name: build-and-deploy

on:
  push:
    branches: [ main ]

jobs:
  #───────────────── build & push ─────────────────
  build:
    runs-on: docker
    env:
      REG: gitea.nucleoriofrio.com/nucleo000
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-buildx-action@v2
      - uses: docker/login-action@v2
        with:
          registry: gitea.nucleoriofrio.com
          username: nucleo000
          password: 7bc7b2fcd283bd6a251bef3ede368b7f897c919d

      - name: Build+push radiusNucleo
        run: |
          docker build -t $REG/radiusNucleo:${{ github.sha }} -t $REG/radiusNucleo:latest ./node-api
          docker push $REG/radiusNucleo:${{ github.sha }}
          docker push $REG/radiusNucleo:latest

  #───────────────── deploy ─────────────────
  deploy:
    needs: build
    runs-on: docker
    env:
      REG: gitea.nucleoriofrio.com/nucleo000
      RADIUS_CLIENTS_CIDR: 192.168.87.0/24
      RADIUS_SHARED_SECRET: tamosbien
    steps:
      - uses: actions/checkout@v3

      - name: Login to registry
        run: docker login gitea.nucleoriofrio.com -u nucleo000 -p 7bc7b2fcd283bd6a251bef3ede368b7f897c919d

      - name: Ensure external docker network exists
        run: |
          docker network inspect principal >/dev/null 2>&1 || docker network create principal

      - name: Pull fresh images used in compose
        run: docker compose pull

      - name: Clean up stack
        run: docker compose --project-name radiusNucleo down

      - name: Update stack
        run: docker compose --project-name radiusNucleo up -d --remove-orphans --wait