name: Build & Deploy
on:
  push:
    branches: [main]
    paths-ignore: ['**.md', 'docs/**']

env:
  TARGET_VM: infra.agiliton.internal
  DEPLOY_PATH: /opt/apps/agiliton-account

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh && chmod 700 ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -H ${{ env.TARGET_VM }} >> ~/.ssh/known_hosts 2>/dev/null || true

      - name: Build & deploy on infra
        run: |
          ssh root@${{ env.TARGET_VM }} << 'EOF'
          cd /opt/apps/agiliton-account && git pull origin main --ff-only
          docker compose build --pull
          docker compose up -d --force-recreate --remove-orphans
          docker builder prune -f --filter "until=24h" 2>/dev/null || true
          EOF

      - name: Health check
        run: |
          sleep 5
          curl -sf http://${{ env.TARGET_VM }}:4100/health | grep '"status":"ok"'