#!/usr/bin/env bash
set -euo pipefail

# deploy.sh — Deploy project from CI workspace to target directory.
#
# Works for both manual and Woodpecker CI deployment.
#
# Usage:
#   Manual:  sudo bash scripts/deploy.sh
#   CI:      sudo /usr/local/bin/deploy-<project-name> /path/to/workspace
#
# CI setup (one-time, as root on VPS):
#   cp scripts/deploy.sh /usr/local/bin/deploy-<project-name>
#   chmod 755 /usr/local/bin/deploy-<project-name>
#   chown root:root /usr/local/bin/deploy-<project-name>

# --- Configure these for your project ---
INSTALL_DIR="/opt/<project-name>"
SERVICE_USER="<project-user>"
SERVICE_NAME="<project-name>"
HEALTH_URL="http://localhost:3000/api/health"
NGINX_CONF_SRC="${INSTALL_DIR}/config/nginx/<project-name>.conf"  # set to "" to skip
NGINX_DOMAIN="<your-domain>"
# -----------------------------------------

SOURCE_DIR="${1:-.}"

echo "=== Deploy ==="

if [[ $EUID -ne 0 ]]; then
    echo "Error: must be root (sudo)"; exit 1
fi

if [[ ! -d "${INSTALL_DIR}" ]]; then
    echo "Error: ${INSTALL_DIR} not found"; exit 1
fi

echo "[1/3] Syncing files..."
rsync -a --delete \
    --exclude='node_modules' \
    --exclude='.env' \
    --exclude='.git' \
    --exclude='.idea' \
    "${SOURCE_DIR}/" "${INSTALL_DIR}/"
chown -R "${SERVICE_USER}:${SERVICE_USER}" "${INSTALL_DIR}"

echo "[2/4] Installing dependencies..."
sudo -u "${SERVICE_USER}" HOME="${INSTALL_DIR}" bash -c "cd ${INSTALL_DIR} && npm ci --omit=dev"

echo "[3/4] Updating nginx config..."
if [[ -n "${NGINX_CONF_SRC:-}" && -f "${NGINX_CONF_SRC}" ]]; then
    WEBUZO_DIR="/var/webuzo-data/nginx/custom/domains"
    NGINX_BIN="/usr/local/apps/nginx/sbin/nginx"
    if [[ -d "${WEBUZO_DIR}" ]]; then
        cat "${NGINX_CONF_SRC}" > "${WEBUZO_DIR}/${NGINX_DOMAIN}.conf"
    else
        cp "${NGINX_CONF_SRC}" "/etc/nginx/conf.d/${SERVICE_NAME}.conf"
        NGINX_BIN="nginx"
    fi
    "${NGINX_BIN}" -t && "${NGINX_BIN}" -s reload
    echo "nginx reloaded"
else
    echo "nginx: no config source set — skipping"
fi

echo "[4/4] Restarting service..."
systemctl daemon-reload
systemctl restart "${SERVICE_NAME}"
sleep 2

if systemctl is-active --quiet "${SERVICE_NAME}"; then
    echo "Service running"
else
    echo "Error: service failed to start — check: journalctl -u ${SERVICE_NAME} -n 50"; exit 1
fi

curl -sf "${HEALTH_URL}" || { echo "FAIL: health check"; exit 1; }

echo "=== Deploy complete ==="