name: Deploy (Manual)

on:
  workflow_dispatch:
    inputs:
      scope:
        description: "Deployment scope"
        required: true
        default: "all"
        type: choice
        options:
          - all
          - backend
          - frontend
          - rollback
          - list

jobs:
  deploy:
    name: Manual deployment to LXC
    runs-on: lxc
    container:
      image: debian:bookworm
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Install uv
        run: |
          curl -LsSf https://astral.sh/uv/install.sh | sh
          echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "24"

      - name: Install pnpm
        run: npm install -g pnpm

      - name: Configure SSH key
        env:
          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
        run: |
          mkdir -p "$HOME/.ssh"
          chmod 700 "$HOME/.ssh"
          printf '%s\n' "$DEPLOY_SSH_KEY" > "$HOME/.ssh/id_ed25519"
          chmod 600 "$HOME/.ssh/id_ed25519"

      - name: Configure known hosts
        env:
          DEPLOY_KNOWN_HOSTS: ${{ secrets.DEPLOY_KNOWN_HOSTS }}
        run: |
          if [ -z "$DEPLOY_KNOWN_HOSTS" ]; then
            echo "DEPLOY_KNOWN_HOSTS secret is required"
            exit 1
          fi
          printf '%s\n' "$DEPLOY_KNOWN_HOSTS" > "$HOME/.ssh/known_hosts"
          chmod 644 "$HOME/.ssh/known_hosts"

      - name: Run deployment
        env:
          DEPLOY_SERVER: ${{ secrets.DEPLOY_SERVER }}
        run: |
          if [ -z "$DEPLOY_SERVER" ]; then
            echo "DEPLOY_SERVER secret is required"
            exit 1
          fi
          chmod +x ./deploy.sh
          ./deploy.sh "${{ inputs.scope }}"