stages:
  - build
  - deploy

variables:
  DOCKER_BUILDKIT: "1"
  DOCKER_DRIVER: overlay2
  DOCKER_HOST: tcp://docker:2375
  DOCKER_TLS_CERTDIR: ""

  IMAGE_TAG: "staging_${CI_COMMIT_SHORT_SHA}"
  IMAGE_NAME: "${CI_REGISTRY_IMAGE}:${IMAGE_TAG}"
  IMAGE_LATEST_STG_EC2: "${CI_REGISTRY_IMAGE}:staging_latest"

build:staging:
  stage: build
  image: docker:27.0.3
  services:
    - name: docker:27.0.3-dind
      command: ["--mtu=1460"]
  rules:
    - if: '$CI_COMMIT_BRANCH == "staging"'
  before_script:
    - docker info
    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
  script:
    - docker build -t "$IMAGE_NAME" -f Dockerfile .
    - docker push "$IMAGE_NAME"
    - docker tag "$IMAGE_NAME" "$IMAGE_LATEST_STG_EC2"
    - docker push "$IMAGE_LATEST_STG_EC2"

deploy:staging:
  stage: deploy
  image: alpine:3.20
  rules:
    - if: '$CI_COMMIT_BRANCH == "staging"'
  needs:
    - job: build:staging

  before_script:
    - apk add --no-cache openssh-client bash ca-certificates
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh

    # SSH_PRIVATE_KEY = multiline private key (bukan File)
    - printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
    - sed -i 's/\r$//' ~/.ssh/id_rsa
    - chmod 600 ~/.ssh/id_rsa

    - head -n 1 ~/.ssh/id_rsa
    - tail -n 1 ~/.ssh/id_rsa

    - eval "$(ssh-agent -s)"
    - ssh-add ~/.ssh/id_rsa
    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts

  script:
    - >
      ssh "$SERVER_USER@$SERVER_IP"
      "export CI_REGISTRY_USER='$CI_REGISTRY_USER';
       export CI_REGISTRY_PASSWORD='$CI_REGISTRY_PASSWORD';
       export CI_REGISTRY='$CI_REGISTRY';
       set -e;
       cd /home/ubuntu/docker/deployment/staging/stg-lti-api;
       echo \"\$CI_REGISTRY_PASSWORD\" | docker login -u \"\$CI_REGISTRY_USER\" --password-stdin \"\$CI_REGISTRY\";
       docker compose pull;
       docker compose up -d;
       docker image prune -f"

  environment:
    name: staging