# .gitea/workflows/deploy.yml
name: Deploy mindnet to llm-node
on:
  push:
    branches: [ "main" ]

concurrency:
  group: deploy-mindnet
  cancel-in-progress: false

jobs:
  deploy:
    runs-on: linux_host
    env:
      DEPLOY_USER: "llmadmin"
      DEPLOY_HOST: "${{ secrets.DEPLOY_HOST }}"
      TARGET_BASE: "/home/llmadmin/mindnet"
      # Whitelist der zu synchronisierenden Einträge (keine Caches!)
      DEPLOY_DIRS: "app scripts schemas docker tests requirements.txt README.md"
      # Optional: HF Cache global außerhalb TARGET_BASE (empfohlen)
      HF_HOME: "/home/llmadmin/.cache/huggingface"

    steps:
      - name: Checkout
        uses: https://github.com/actions/checkout@v4

      - name: Ensure target base exists
        run: |
          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "mkdir -p '$TARGET_BASE' '$HF_HOME' && chown -R $DEPLOY_USER:$DEPLOY_USER '$TARGET_BASE' '$HF_HOME' || true"

      - name: Stop API (graceful)
        continue-on-error: true
        run: |
          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" '
            if systemctl --user list-unit-files | grep -q "^mindnet-api.service"; then
              systemctl --user stop mindnet-api.service || true
            fi
          '

      - name: Deploy whitelisted (rsync)
        run: |
          set -euo pipefail
          SRC="$GITHUB_WORKSPACE"
          DEST="$DEPLOY_USER@$DEPLOY_HOST:$TARGET_BASE/"

          # Liste der Quellen vorbereiten (mit führendem ./ für --relative)
          mapfile -t items < <(echo "$DEPLOY_DIRS" | tr " " "\n" | sed "s|^|./|")
          cd "$SRC"

          rsync -avz --delete --relative \
            --omit-dir-times --no-perms --no-owner --no-group \
            --exclude ".git" \
            --exclude ".github" \
            --exclude ".gitea" \
            --exclude ".venv" \
            --exclude "__pycache__" \
            --exclude ".mypy_cache" \
            --exclude ".pytest_cache" \
            --exclude "hf_cache" \
            --exclude "hf_cache/**" \
            "${items[@]}" "$DEST"

      - name: Fix ownership
        continue-on-error: true
        run: |
          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "sudo chown -R $DEPLOY_USER:$DEPLOY_USER '$TARGET_BASE' || true"

      - name: Python venv & requirements
        run: |
          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "
            set -e
            cd '$TARGET_BASE'
            [ -d .venv ] || python3 -m venv .venv
            source .venv/bin/activate
            python -m pip install --upgrade pip
            [ -f requirements.txt ] && pip install -r requirements.txt || true
          "

      - name: Start/Restart mindnet-api
        continue-on-error: true
        run: |
          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" '
            if systemctl --user list-unit-files | grep -q "^mindnet-api.service"; then
              # HF_HOME außerhalb des Deploy-Baums setzen (robust gegen rsync --delete)
              if ! systemctl --user cat mindnet-api.service | grep -q "Environment=HF_HOME="; then
                echo "⚠️ Hinweis: Bitte Environment=HF_HOME in der Service-Unit setzen, z.B.:
[Service]
Environment=HF_HOME=/home/llmadmin/.cache/huggingface"
              fi
              systemctl --user restart mindnet-api.service
              systemctl --user --no-pager status mindnet-api.service --full -l || true
            else
              echo "mindnet-api.service nicht vorhanden – übersprungen."
            fi
          '