name: Deploy PROD DB Infrastructure

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: mealcraft-runners

    steps:
      - uses: actions/checkout@v4

      - name: Install kubectl
        run: |
          sudo apt-get update
          sudo apt-get install -y curl ca-certificates
          curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          sudo install -m 0755 kubectl /usr/local/bin/kubectl

      - name: Configure kubeconfig (in-cluster)
        run: |
          KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
          CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
          NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)

          kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
          kubectl config set-credentials runner --token="$SA_TOKEN"
          kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
          kubectl config use-context runner-context

      - name: Apply PROD secrets
        run: kubectl apply -f db/k8s/secrets/

      - name: Deploy PROD Postgres
        run: kubectl apply -f db/k8s/postgres/

      - name: Deploy PROD backups
        run: kubectl apply -f db/k8s/backups/

  migrate:
    runs-on: mealcraft-runners
    needs: deploy

    steps:
      - uses: actions/checkout@v4

      - name: Install kubectl
        run: |
          sudo apt-get update
          sudo apt-get install -y curl ca-certificates
          curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          sudo install -m 0755 kubectl /usr/local/bin/kubectl

      - name: Configure kubeconfig (in-cluster)
        run: |
          KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
          CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
          NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)

          kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
          kubectl config set-credentials runner --token="$SA_TOKEN"
          kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
          kubectl config use-context runner-context

      - name: Install Atlas
        run: curl -sSf https://atlasgo.sh | sh

      - name: Load PROD DB creds
        run: |
          export POSTGRES_USER=$(kubectl get secret postgres-prod-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)
          export POSTGRES_PASSWORD=$(kubectl get secret postgres-prod-secret -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)

          echo "POSTGRES_USER=$POSTGRES_USER" >> $GITHUB_ENV
          echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $GITHUB_ENV

      - name: Run Atlas migrations (PROD)
        run: |
          atlas migrate apply \
            --config file://./db/atlas/atlas.hcl \
            --env stripe_invoice_prod