on:
  workflow_call:
    inputs:
      tag:
        required: false
        type: string
        default: latest
      debug:
        required: false
        type: boolean
        default: false
      migrate:
        type: boolean
        default: false
      environment:
        type: string
        required: true
      host:
        type: string
        required: true

jobs:
  deploy:
    runs-on: gpu
    env:
      CR_REGISTRY: crp8vh46gd976oq8ipla
      CR_REPO: ${{ github.event.repository.name }}
      TAG: ${{ inputs.tag }}
    steps:
      - name: Checkout
        uses: actions/checkout@master
      - name: Yandex Cloud Login
        uses: yc-actions/yc-cr-login@v2
        with:
          yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
      - name: Import Secrets
        uses: hashicorp/vault-action@v2
        id: vault
        with:
          url: https://vault.hublab.ru/
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          secrets: |
            hub/data/tach/${{ inputs.environment }}/base * | PFX_;
            hub/data/tach/${{ inputs.environment }}/${{github.event.repository.name}} * | PFX_;
      - name: Save envs
        run: |
          env | grep '^PFX_' | while IFS= read -r line; \
            do new_key=$(echo "$line" | cut -d= -f1 | sed "s/^PFX_//"); \
            value=$(echo "$line" | cut -d= -f2-); \
            echo "$new_key=$value" >> .env; \
          done
          source .env
          cat .env
      - name: Migrate
        if: ${{ inputs.migrate == 'true' }}
        run: |
          docker run --env-file=.env --pull=always --rm cr.yandex/$CR_REGISTRY/$CR_REPO:$TAG alembic upgrade head
      - name: Deploy
        env:
            DOCKER_HOST: tcp://${{ inputs.host }}:2376
        run: |
          docker compose pull
          docker compose -p ${{ inputs.environment }} up -d --force-recreate