name: deploy blog
on:
  workflow_dispatch:
  push:
    branches:
      - staging
      - production

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:     
      - name: Install dependencies
        run: apk --no-cache add hugo python3 py3-pip git openssh-client rsync

      - name: Check versions
        run: |
          cat /etc/os-release
          git version
          hugo version
          python --version
        
      - name: Checkout repository
        run: |
          git clone -b ${{ forgejo.ref_name }} --recursive https://git.berlin.ccc.de/cccb-website-team/www.git .
          git status

      - name: Install Python depenndencies
        run: python -m pip install -r requirements.txt --break-system-packages

      - name: Render site
        run: ./build.sh

      - name: Setup SSH
        env:
          SSH_PRIVATE_KEY: ${{ forgejo.ref_name == 'production' && secrets.SSH_PRIVATE_KEY_PRODUCTION || secrets.SSH_PRIVATE_KEY_STAGING }}
        run: |
          mkdir -p ~/.ssh
          printf "%s" "${{ secrets.KNOWN_HOSTS }}" | base64 -d > ~/.ssh/known_hosts
          printf "%s" "$SSH_PRIVATE_KEY" | base64 -d > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keygen -f ~/.ssh/id_ed25519 -y > ~/.ssh/id_ed25519.pub
          cat ~/.ssh/id_ed25519.pub

      - name: Rsync rendered site
        env:
          DEPLOY_DIR: ${{ forgejo.ref_name == 'production' && '/srv/http/www/' || '/srv/http/www-staging/' }}
        run: rsync -var -e 'ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes' ./public/ deploy@www.berlin.ccc.de:$DEPLOY_DIR

      - name: Cleanup
        if: ${{ always() }}
        run: rm -rf ~/.ssh