stages:
  - build
  - deploy

# ==========================================================
# ✅ Global defaults
# ==========================================================
default:
  tags:
    - server-development-biznet
  interruptible: true

# ==========================================================
# 🏗️ Build Template
# ==========================================================
.build_template: &build_template
  stage: build
  image: public.ecr.aws/docker/library/node:20-alpine
  cache:
    key: npm-cache
    paths:
      - node_modules/
  variables:
    NPM_CONFIG_PRODUCTION: 'false'
    NODE_ENV: ''
  script:
    - echo "Installing dependencies..."
    - npm ci --no-audit --no-fund
    - echo "Build env used:"
    - echo "NEXT_PUBLIC_LTI_URL=$NEXT_PUBLIC_LTI_URL"
    - echo "NEXT_PUBLIC_SSO_LOGIN_URL=$NEXT_PUBLIC_SSO_LOGIN_URL"
    - echo "NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL"
    - echo "Building Next.js static export..."
    - npx next build
    - |
      mkdir -p out
      cat <<EOF > out/build-info.json
      {
        "commit": "$CI_COMMIT_SHORT_SHA",
        "pipeline": "$CI_PIPELINE_ID",
        "built_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
        "NEXT_PUBLIC_LTI_URL": "$NEXT_PUBLIC_LTI_URL",
        "NEXT_PUBLIC_SSO_LOGIN_URL": "$NEXT_PUBLIC_SSO_LOGIN_URL",
        "NEXT_PUBLIC_API_BASE_URL": "$NEXT_PUBLIC_API_BASE_URL"
      }
      EOF
  artifacts:
    name: 'out-$CI_COMMIT_SHORT_SHA'
    paths:
      - out/
    expire_in: 1 week

# ==========================================================
# 🚀 Deploy Template
# ==========================================================
.deploy_template: &deploy_template
  stage: deploy
  image:
    name: public.ecr.aws/aws-cli/aws-cli:latest
    entrypoint: ['/bin/sh', '-c']
  script:
    - set -e
    - aws --version
    - echo "Cleaning up newline characters in AWS credentials..."
    - export AWS_ACCESS_KEY_ID=$(echo $AWS_ACCESS_KEY_ID | tr -d '\r\n')
    - export AWS_SECRET_ACCESS_KEY=$(echo $AWS_SECRET_ACCESS_KEY | tr -d '\r\n')
    - echo "Deploying to s3://$S3_BUCKET in region $AWS_REGION"
    - aws s3api head-bucket --bucket "$S3_BUCKET" --region "$AWS_REGION" || aws s3api create-bucket --bucket "$S3_BUCKET" --region "$AWS_REGION" --create-bucket-configuration LocationConstraint="$AWS_REGION"
    - aws s3 sync ./out "s3://$S3_BUCKET" --delete --region "$AWS_REGION" --endpoint-url "https://s3.ap-southeast-3.amazonaws.com"

    # CloudFront invalidation
    - |
      STATUS="success"
      if [ -n "$CLOUDFRONT_DISTRIBUTION_ID" ]; then
        echo "Invalidating CloudFront cache..."
        if ! aws cloudfront create-invalidation --distribution-id "$CLOUDFRONT_DISTRIBUTION_ID" --paths "/*"; then
          echo "CloudFront invalidation failed."
          STATUS="failed"
        fi
      else
        echo "No CloudFront distribution specified — skipping invalidation"
      fi

    # Notifikasi Discord
    - |
      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}"

      if [ "$CI_COMMIT_BRANCH" = "development" ]; then
        ENVIRONMENT_NAME="WEB-LTI-DEV"
      elif [ "$CI_COMMIT_BRANCH" = "staging" ]; then
        ENVIRONMENT_NAME="WEB-LTI-STAGING"
      else
        ENVIRONMENT_NAME="UNKNOWN"
      fi

      if [ "$STATUS" = "success" ]; then
        COLOR=3066993
        TITLE="✅ Deployment ${ENVIRONMENT_NAME} Succeeded"
        DESC="Deployment job on branch \${CI_COMMIT_REF_NAME}\ completed successfully."
      else
        COLOR=15158332
        TITLE="❌ Deployment ${ENVIRONMENT_NAME} Failed"
        DESC="Deployment job on branch \${CI_COMMIT_REF_NAME}\ encountered issues."
      fi

      jq -n \
        --arg title "$TITLE" \
        --arg desc "$DESC" \
        --arg color "$COLOR" \
        --arg repo "$CI_PROJECT_PATH" \
        --arg actor "$GITLAB_USER_LOGIN" \
        --arg commit "$CI_COMMIT_SHA" \
        --arg run_url "$RUN_URL" \
        '{
          username: "CI Bot - LTI WEB",
          embeds: [{
            title: $title,
            description: $desc,
            color: ($color|tonumber),
            fields: [
              {name: "Repository", value: $repo, inline: true},
              {name: "Actor", value: $actor, inline: true},
              {name: "Commit", value: $commit, inline: false},
              {name: "Pipeline", value: ("[Open run](" + $run_url + ")"), inline: false}
            ]
          }]
        }' > payload.json

      curl -sS -H "Content-Type: application/json" -d @payload.json "$DISCORD_WEBHOOK_URL"

# ==========================================================
# ==== DEVELOPMENT (Branch development) ======
# ==========================================================
build:dev:
  <<: *build_template
  rules:
    - if: '$CI_COMMIT_BRANCH == "development"'
  environment:
    name: development
  variables:
    NEXT_PUBLIC_LTI_URL: 'https://dev-lti-erp.mbugroup.id'
    NEXT_PUBLIC_SSO_LOGIN_URL: 'https://dev-auth-erp.mbugroup.id'
    NEXT_PUBLIC_API_BASE_URL: 'https://dev-api-lti.mbugroup.id/api'
    NEXT_PUBLIC_CLIENT_ID: 'Lumbung-Telur-Indonesia'

deploy:dev:
  <<: *deploy_template
  needs: ['build:dev']
  rules:
    - if: '$CI_COMMIT_BRANCH == "development"'
  variables:
    S3_BUCKET: 'dev-lti-erp.mbugroup.id'
    AWS_REGION: 'ap-southeast-3'
    CLOUDFRONT_DISTRIBUTION_ID: 'E1Z8XTA8XF1GIV'
  environment:
    name: development
    url: https://dev-lti-erp.mbugroup.id

# ==========================================================
# ====== STAGING (Branch staging) ======
# ==========================================================
build:staging:
  <<: *build_template
  rules:
    - if: '$CI_COMMIT_BRANCH == "staging"'
  environment:
    name: staging
  variables:
    NEXT_PUBLIC_LTI_URL: 'https://stg-lti-erp.mbugroup.id'
    NEXT_PUBLIC_SSO_LOGIN_URL: 'https://stg-auth-erp.mbugroup.id'
    NEXT_PUBLIC_API_BASE_URL: 'https://stg-api-lti.mbugroup.id/api'
    NEXT_PUBLIC_CLIENT_ID: 'Lumbung-Telur-Indonesia'

deploy:staging:
  <<: *deploy_template
  needs: ['build:staging']
  rules:
    - if: '$CI_COMMIT_BRANCH == "staging"'
  variables:
    S3_BUCKET: 'stg-lti-erp.mbugroup.id'
    AWS_REGION: 'ap-southeast-3'
    CLOUDFRONT_DISTRIBUTION_ID: 'E2V6PPO1AUIU7H'
  environment:
    name: staging
    url: https://stg-lti-erp.mbugroup.id

# ==========================================================
# ====== STAGING (Branch production) ======
# ==========================================================
build:production:
  <<: *build_template
  rules:
    - if: '$CI_COMMIT_BRANCH == "production"'
  environment:
    name: staging
  variables:
    NEXT_PUBLIC_LTI_URL: 'https://lti-erp.mbugroup.id'
    NEXT_PUBLIC_SSO_LOGIN_URL: 'https://auth-erp.mbugroup.id'
    NEXT_PUBLIC_API_BASE_URL: 'https://api-lti.mbugroup.id/api'
    NEXT_PUBLIC_CLIENT_ID: 'Lumbung-Telur-Indonesia'

deploy:production:
  <<: *deploy_template
  needs: ['build:production']
  rules:
    - if: '$CI_COMMIT_BRANCH == "production"'
  variables:
    S3_BUCKET: 'production-lti-erp.mbugroup.id'
    AWS_REGION: 'ap-southeast-3'
    CLOUDFRONT_DISTRIBUTION_ID: 'E1SSLXKYYITASJ'
  environment:
    name: staging
    url: https://lti-erp.mbugroup.id