name: ReleaseApp (JS finder + download)

on:
  workflow_dispatch: {}

jobs:
  release:
    runs-on: ubuntu-latest
    env:
      GITEA_BASE_URL: https://code.bim-it.pl
      OWNER: mz
      REPO: DiunaBI
      # Comma-separated artifact names that must exist
      REQUIRED_ARTIFACTS: frontend,webapi
      # How many recent successful runs to scan
      SCAN_LIMIT: "100"

    steps:
      - name: Checkout
        uses: https://github.com/actions/checkout@v4

      - name: Use Node.js 20
        uses: https://github.com/actions/setup-node@v4
        with:
          node-version: 20

      - name: Install unzip (for extraction)
        run: |
          sudo apt-get update
          sudo apt-get install -y unzip

      - name: Resolve latest run that exposes required artifacts
        id: resolve
        env:
          GITEA_PAT: ${{ secrets.GITEATOKEN }}
        run: |
          node .gitea/scripts/getLatestRunWithArtifacts.js
          echo "Resolved run_id: $(cat .gitea/.cache/run_id)"

      - name: Download frontend artifact
        env:
          GITEA_PAT: ${{ secrets.GITEATOKEN }}
          ARTIFACT_NAME: frontend
          RUN_ID: ${{ steps.resolve.outputs.run_id }}
          OUTPUT_DIR: artifacts/frontend
        run: |
          node .gitea/scripts/downloadArtifactByName.js

      - name: Download webapi artifact
        env:
          GITEA_PAT: ${{ secrets.GITEATOKEN }}
          ARTIFACT_NAME: webapi
          RUN_ID: ${{ steps.resolve.outputs.run_id }}
          OUTPUT_DIR: artifacts/webapi
        run: |
          node .gitea/scripts/downloadArtifactByName.js

      - name: Show artifact structure
        run: |
          echo "::group::frontend"
          ls -laR artifacts/frontend || true
          echo "::endgroup::"
          echo "::group::webapi"
          ls -laR artifacts/webapi || true
          echo "::endgroup::"
          
      # 3) Package artifacts as ZIPs for transfer
      - name: Package artifacts as ZIPs
        run: |
          mkdir -p build
          (cd artifacts/frontend && zip -rq ../../build/DiunaBI-Morska-Frontend.zip .)
          (cd artifacts/webapi && zip -rq ../../build/DiunaBI-Morska-WebApi.zip .)
          ls -la build
      - name: Debug SSH key
        env:
          SSH_PRIVATE_KEY: ${{ secrets.BIMIT_SSH_KEY }}
        run: |
          echo "== Początek klucza =="
          echo "$SSH_PRIVATE_KEY" | head -n 5
          echo "== Koniec klucza =="
          echo "$SSH_PRIVATE_KEY" | tail -n 5
          echo "== Liczba linii =="
          echo "$SSH_PRIVATE_KEY" | wc -l
          echo "== ssh-keygen sprawdzenie formatu =="
          printf "%s" "$SSH_PRIVATE_KEY" > private_key
          ssh-keygen -lf private_key || true
      # 4) Upload ZIPs to remote server via SSH (using secret key)
      - name: Upload artifacts to remote server
        env:
          SSH_PRIVATE_KEY: ${{ secrets.BIMIT_SSH_KEY }}
          SSH_USER: mz
          SSH_HOST: bim-it.pl
          REMOTE_DIR: deployment
        run: |
          set -euo pipefail
          
          # Prepare key
          umask 077
          echo "$SSH_PRIVATE_KEY" > private_key
          chmod 600 private_key
          
          # Preload known_hosts (safer than StrictHostKeyChecking=no)
          mkdir -p ~/.ssh
          ssh-keyscan -H "$SSH_HOST" >> ~/.ssh/known_hosts
          
          # Ensure remote dir exists
          ssh -i private_key "$SSH_USER@$SSH_HOST" "mkdir -p ~/$REMOTE_DIR"
          
          # Upload files
          scp -i private_key build/DiunaBI-Morska-Frontend.zip "$SSH_USER@$SSH_HOST:~/$REMOTE_DIR/"
          scp -i private_key build/DiunaBI-Morska-WebApi.zip "$SSH_USER@$SSH_HOST:~/$REMOTE_DIR/"
          
          # Cleanup
          shred -u private_key