name: Deploy DB Infrastructure

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: mealcraft-runners

    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      # Install kubectl
      - name: Install kubectl
        run: |
          sudo apt-get update
          sudo apt-get install -y curl ca-certificates
          curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          sudo install -m 0755 kubectl /usr/local/bin/kubectl

      # Configure kubeconfig (ARC in-cluster)
      - name: Configure kubeconfig
        run: |
          KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
          CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
          NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)

          kubectl config set-cluster microk8s \
            --server="$KUBE_HOST" \
            --certificate-authority="$CA_CERT"

          kubectl config set-credentials runner \
            --token="$SA_TOKEN"

          kubectl config set-context runner-context \
            --cluster=microk8s \
            --user=runner \
            --namespace="$NAMESPACE"

          kubectl config use-context runner-context

      # 1️⃣ Secrets
      - name: Apply DB secrets
        run: |
          kubectl apply -f db/k8s/secrets/

      # 2️⃣ PostgreSQL
      - name: Deploy Postgres
        run: |
          kubectl apply -f db/k8s/postgres/

      # 3️⃣ Backups (CronJob)
      - name: Deploy Postgres backups
        run: |
          kubectl apply -f db/k8s/backups/

  migrate:
    runs-on: mealcraft-runners
    needs: deploy

    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      # Install Atlas
      - name: debug
        run: |
          ls -la
          pwd

      # Install Atlas
      - name: Install Atlas CLI
        run: |
          curl -sSf https://atlasgo.sh | sh

      # Load DB creds from Kubernetes secret
      - name: Load Postgres credentials
        run: |
          export POSTGRES_USER=$(kubectl get secret postgres-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)
          export POSTGRES_PASSWORD=$(kubectl get secret postgres-secret -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)

          echo "POSTGRES_USER=$POSTGRES_USER" >> $GITHUB_ENV
          echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $GITHUB_ENV

      # Run Atlas migrations (DEV only)
      - name: Run Atlas migrations (dev)
        run: |
          atlas migrate apply \
            --config db/atlas/atlas.hcl \
            --env stripe_invoice_dev