DiunaBI/.gitea/workflows/morskaRelease.yml

name: Release Morska (latest successful build)

on:
  workflow_dispatch: {}   # ręczny trigger

env:
  DEPLOY_HOST: "bim-it.pl"
  DEPLOY_USER: "mz"
  DEPLOY_PATH: "./deployment/"
  SSH_KEYFILE: "/ci-keys/morska"
  BUILD_WORKFLOW_PATH: ".gitea/workflows/build.yml"
  API_BASE: "https://code.bim-it.pl/api/v1"

jobs:
  release:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout (for completeness)
        uses: https://github.com/actions/checkout@v4

      - name: Install tools
        run: |
          apt-get update -y
          apt-get install -y jq unzip zip openssh-client

      - name: Resolve repo/env
        id: repo
        env:
          GITEA_SERVER_URL: ${{ github.server_url }}   # np. https://code.bim-it.pl
          GITHUB_REPOSITORY: ${{ github.repository }}  # owner/repo
        run: |
          set -euo pipefail
          OWNER="${GITHUB_REPOSITORY%%/*}"
          REPO="${GITHUB_REPOSITORY##*/}"
          echo "owner=$OWNER" >> $GITHUB_OUTPUT
          echo "repo=$REPO"   >> $GITHUB_OUTPUT
          echo "api=${GITEA_SERVER_URL%/}/api/v1" >> $GITHUB_OUTPUT

  - name: Probe API & auth
    env:
      API:   ${{ steps.repo.outputs.api }}
      OWNER: ${{ steps.repo.outputs.owner }}
      REPO:  ${{ steps.repo.outputs.repo }}
      TOKEN: ${{ secrets.GITEATOKEN }}
    run: |
      set -euo pipefail
      echo "Probing: $API/repos/$OWNER/$REPO"
      curl -sfSL -H "Authorization: token $TOKEN" "$API/repos/$OWNER/$REPO" >/dev/null
      echo "OK"

  - name: Pick latest successful build (main)
    id: pick
    env:
      API:   ${{ steps.repo.outputs.api }}
      OWNER: ${{ steps.repo.outputs.owner }}
      REPO:  ${{ steps.repo.outputs.repo }}
      TOKEN: ${{ secrets.GITEATOKEN }}
    run: |
      set -euo pipefail
      URL="$API/repos/$OWNER/$REPO/actions/runs?status=success&branch=main&per_page=20"
      echo "GET $URL"
      RESP="$(curl -sfSL -H "Authorization: token $TOKEN" "$URL")"
      echo "$RESP" | jq -e '.workflow_runs' >/dev/null
      
      RUN_ID="$(echo "$RESP" | jq -r '
        .workflow_runs
        | map(select(
            (.head_branch=="main")
            and (.status=="completed")
            and (.conclusion=="success")
            and (
              (.path? // .workflow_path? // .workflow?.path? // "") 
              | test("(\\.gitea|\\.github)/workflows/build\\.yml$")
            )
          ))
        | sort_by(.run_number) | reverse | .[0].id // empty
      ')"
      test -n "$RUN_ID" && echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT || { echo "No successful build found"; exit 1; }
    
    - name: Download artifacts (frontend, webapi)
        env:
          API: ${{ steps.repo.outputs.api }}
          OWNER: ${{ steps.repo.outputs.owner }}
          REPO: ${{ steps.repo.outputs.repo }}
          TOKEN: ${{ secrets.GITEA_TOKEN }}
          RUN_ID: ${{ steps.pick.outputs.run_id }}
        run: |
          set -euo pipefail
          mkdir -p release
          LIST="$(curl -sfSL -H "Authorization: token $TOKEN" \
            "$API/repos/$OWNER/$REPO/actions/runs/$RUN_ID/artifacts")"
          echo "Artifacts:"; echo "$LIST" | jq -r '.artifacts[]?.name'

          download_artifact () {
            local NAME="$1"
            local URL
            URL="$(echo "$LIST" | jq -r --arg n "$NAME" '
              (.artifacts // []) | map(select(.name==$n)) | .[0].archive_download_url // .[0].url // empty
            ')"
            [ -n "$URL" ] && [ "$URL" != "null" ] || { echo "Artifact $NAME not found"; exit 1; }
            curl -sfSL -H "Authorization: token $TOKEN" -o "$NAME.zip" "$URL"
            unzip -o "$NAME.zip" -d "./$NAME"
          }

          download_artifact frontend
          download_artifact webapi
          (cd frontend && zip -r ../DiunaBI-Morska-Frontend.zip .)
          (cd webapi    && zip -r ../DiunaBI-Morska-WebApi.zip .)
          ls -la release

    - name: Prepare known_hosts
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -H "${{ env.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true

    - name: Send artifacts to PROD
        run: |
          scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \
            ./release/DiunaBI-Morska-Frontend.zip \
            "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}"
          scp -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \
            ./release/DiunaBI-Morska-WebApi.zip \
            "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}:${{ env.DEPLOY_PATH }}"

    - name: Run remote deploy script
        run: |
          ssh -i "${{ env.SSH_KEYFILE }}" -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes \
            "${{ env.DEPLOY_USER }}@${{ env.DEPLOY_HOST }}" << 'EOF'
              ./deployment/DiunaBI-Morska.Release.sh
          EOF