stages:
  - build

variables:
  DOCKER_BUILDKIT: "1"
  DOCKER_DRIVER: overlay2
  DOCKER_HOST: tcp://docker:2375
  DOCKER_TLS_CERTDIR: ""
  GIT_SUBMODULE_STRATEGY: none
  GIT_DEPTH: "20"

  IMAGE_TAG: "stg-ec2_${CI_COMMIT_SHORT_SHA}"
  IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
  IMAGE_LATEST_STG_EC2: "${CI_REGISTRY_IMAGE}:stg-ec2_latest"

build:stg-ec2:
  stage: build
  image: docker:27.0.3
  services:
    - name: docker:27.0.3-dind
      command: ["--mtu=1460"]
  rules:
    - if: '$CI_COMMIT_BRANCH == "stg-ec2"'

  before_script:
    - docker info
    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"

  script:
    - docker build -t "$IMAGE_NAME" -f Dockerfile .
    - docker push "$IMAGE_NAME"
    - docker tag "$IMAGE_NAME" "$IMAGE_LATEST_STG_EC2"
    - docker push "$IMAGE_LATEST_STG_EC2"

  after_script:
    - docker system prune -af || true
  
variables:
  CI_DEBUG_TRACE: "true"
  GIT_TRACE: "1"
  GIT_CURL_VERBOSE: "1"
  GIT_STRATEGY: clone
  GIT_DEPTH: "20"
  GIT_SUBMODULE_STRATEGY: none
  GIT_LFS_SKIP_SMUDGE: "1"

# =========================
# DEPLOY: Server pull image + docker compose up
# =========================
# deploy:stg-ec2:
#   stage: deploy
#   image: alpine:3.20
#   rules:
#     - if: '$CI_COMMIT_BRANCH == "stg-ec2"'
#   needs: ["build:stg-ec2"]

#   before_script:
#     - apk add --no-cache openssh-client bash curl ca-certificates
#     - mkdir -p ~/.ssh

#     # penting: buang CRLF biar key tidak "error in libcrypto"
#     - printf "%s" "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
#     - chmod 600 ~/.ssh/id_rsa

#     - eval "$(ssh-agent -s)"
#     - ssh-add ~/.ssh/id_rsa

#     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts

#   script:
#     - echo "Deploy on server: $SERVER_USER@$SERVER_IP"
#     - echo "Target dir: /docker/deployment/stg-ec2/stg-lti-api"
#     - |
#       ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
#         set -e
#         cd /docker/deployment/stg-ec2/stg-lti-api

#         echo 'Login registry on server...'
#         echo '$CI_REGISTRY_PASSWORD' | docker login -u '$CI_REGISTRY_USER' --password-stdin '$CI_REGISTRY'

#         echo 'Pull new image...'
#         docker compose pull

#         echo 'Restart containers...'
#         docker compose up -d

#         echo 'Cleanup old images...'
#         docker image prune -af --filter 'until=168h' || true
#       "