name: Deploy to Staging

on:
  push:
    branches: [main]
  workflow_dispatch: # Allows manual triggering

jobs:
  deploy_to_staging:
    runs-on: ubuntu-latest
    env:
      DOCKER_BUILDKIT: 1
      RAILS_ENV: staging
      BUNDLE_WITHOUT: "development test"
      BUNDLE_WITH: tools
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          platforms: linux/amd64

      - name: Install 1Password CLI
        uses: 1password/install-cli-action@v1

      - name: Set up SSH
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          eval $(ssh-agent -s)
          ssh-add ~/.ssh/id_ed25519
          ssh-keyscan x.x.x.x >> ~/.ssh/known_hosts
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Deploy with Kamal
        run: |
          bin/kamal deploy -d staging
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}

SECRETS=$(kamal secrets fetch --adapter 1password --account ACCOUNT_ID --from VAULT/ITEM KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY POSTGRES_PASSWORD HONEYBADGER_API_KEY)

KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS)
RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS)
POSTGRES_PASSWORD=$(kamal secrets extract POSTGRES_PASSWORD $SECRETS)
POSTGRES_PASS=$(kamal secrets extract POSTGRES_PASSWORD $SECRETS)
HONEYBADGER_API_KEY=$(kamal secrets extract HONEYBADGER_API_KEY $SECRETS)