# =============================================================================
# Woodpecker CI/CD Pipeline
#
# Triggers:
# - Push to develop: Run tests, build, deploy to testing
# - Push to testing: Run tests, build, deploy to staging
# - Push to main: Run tests, build, deploy to production
# - Pull requests: Run tests only
# =============================================================================

variables:
  - &golang_image "golang:1.25-alpine"
  - &node_image "node:lts-alpine"
  - &podman_image "quay.io/podman/stable:latest"

# =============================================================================
# PIPELINE: Pull Request Checks
# =============================================================================
when:
  - event: pull_request

steps:
  # Frontend checks
  frontend-lint:
    image: *node_image
    directory: frontend
    commands:
      - corepack enable && corepack prepare pnpm@latest --activate
      - pnpm install --frozen-lockfile
      - pnpm run lint
      - pnpm run type-check

  frontend-test:
    image: *node_image
    directory: frontend
    commands:
      - corepack enable && corepack prepare pnpm@latest --activate
      - pnpm install --frozen-lockfile
      - pnpm run test:unit

  # Backend checks (run in parallel for each service)
  backend-auth-test:
    image: *golang_image
    directory: backend/functions/auth-service
    commands:
      - go mod download
      - go vet ./...
      - go test -v ./...

  backend-blog-test:
    image: *golang_image
    directory: backend/functions/blog-service
    commands:
      - go mod download
      - go vet ./...
      - go test -v ./...

  backend-forum-test:
    image: *golang_image
    directory: backend/functions/forum-service
    commands:
      - go mod download
      - go vet ./...
      - go test -v ./...

  backend-payment-test:
    image: *golang_image
    directory: backend/functions/payment-service
    commands:
      - go mod download
      - go vet ./...
      - go test -v ./...

  backend-work-mgmt-test:
    image: *golang_image
    directory: backend/functions/work-management-service
    commands:
      - go mod download
      - go vet ./...
      - go test -v ./...

---
# =============================================================================
# PIPELINE: Develop Branch - Deploy to Testing
# =============================================================================
when:
  - event: push
    branch: develop

steps:
  # Run all tests first
  test-frontend:
    image: *node_image
    directory: frontend
    commands:
      - corepack enable && corepack prepare pnpm@latest --activate
      - pnpm install --frozen-lockfile
      - pnpm run lint
      - pnpm run type-check
      - pnpm run test:unit

  test-backend:
    image: *golang_image
    commands:
      - |
        for svc in auth-service blog-service forum-service payment-service work-management-service contact-service; do
          echo "=== Testing $svc ==="
          cd backend/functions/$svc
          go mod download
          go vet ./...
          go test -v ./... || exit 1
          cd -
        done

  # Build frontend
  build-frontend:
    image: *node_image
    directory: frontend
    depends_on:
      - test-frontend
    commands:
      - corepack enable && corepack prepare pnpm@latest --activate
      - pnpm install --frozen-lockfile
      - pnpm run build

  # Deploy to testing server
  deploy-testing:
    image: appleboy/drone-ssh
    depends_on:
      - test-frontend
      - test-backend
    settings:
      host:
        from_secret: testing_server_host
      username:
        from_secret: testing_server_user
      key:
        from_secret: testing_server_ssh_key
      port: 22
      script:
        - cd /home/administrator/projects/coppertone.tech
        - git fetch origin develop
        - git checkout develop
        - git pull origin develop
        - export DB_SCHEMA=testing
        - podman-compose build
        - podman-compose down
        - podman-compose up -d
        - echo "Deployed to testing environment"

  # Notify on success
  notify-success:
    image: plugins/webhook
    depends_on:
      - deploy-testing
    settings:
      urls:
        from_secret: notification_webhook
      content_type: application/json
      template: |
        {
          "event": "deploy",
          "branch": "{{ .CI_COMMIT_BRANCH }}",
          "commit": "{{ .CI_COMMIT_SHA }}",
          "status": "success",
          "environment": "testing"
        }
    when:
      - status: success

---
# =============================================================================
# PIPELINE: Testing Branch - Deploy to Staging
# =============================================================================
when:
  - event: push
    branch: testing

steps:
  test-all:
    image: *golang_image
    commands:
      - echo "Running full test suite for staging deployment..."
      # Add comprehensive tests here

  deploy-staging:
    image: appleboy/drone-ssh
    depends_on:
      - test-all
    settings:
      host:
        from_secret: staging_server_host
      username:
        from_secret: staging_server_user
      key:
        from_secret: staging_server_ssh_key
      port: 22
      script:
        - cd /opt/coppertone
        - git fetch origin testing
        - git checkout testing
        - git pull origin testing
        - export DB_SCHEMA=testing
        - podman-compose build
        - podman-compose down
        - podman-compose up -d
        - echo "Deployed to staging environment"

---
# =============================================================================
# PIPELINE: Main Branch - Deploy to Production
# =============================================================================
when:
  - event: push
    branch: main

steps:
  # Full test suite
  test-all:
    image: *golang_image
    commands:
      - echo "Running full test suite for production deployment..."
      # Add comprehensive tests here

  # Security scan
  security-scan:
    image: aquasec/trivy:latest
    commands:
      - trivy fs --severity HIGH,CRITICAL --exit-code 1 .
    failure: ignore  # Alert but don't block (adjust as needed)

  # Build and push images to registry (if using one)
  # build-images:
  #   image: *podman_image
  #   privileged: true
  #   commands:
  #     - podman-compose build
  #     - podman push ...

  # Deploy to production
  deploy-production:
    image: appleboy/drone-ssh
    depends_on:
      - test-all
    settings:
      host:
        from_secret: production_server_host
      username:
        from_secret: production_server_user
      key:
        from_secret: production_server_ssh_key
      port: 22
      script:
        - cd /opt/coppertone
        - git fetch origin main
        - git checkout main
        - git pull origin main
        - export DB_SCHEMA=prod
        - podman-compose build
        - podman-compose down
        - podman-compose up -d
        - echo "Deployed to production environment"

  # Create release tag
  create-tag:
    image: alpine/git
    depends_on:
      - deploy-production
    commands:
      - |
        VERSION=$(date +%Y.%m.%d)-${CI_COMMIT_SHA:0:7}
        git tag -a "v$VERSION" -m "Release $VERSION"
        git push origin "v$VERSION"

  notify-production:
    image: plugins/webhook
    depends_on:
      - deploy-production
    settings:
      urls:
        from_secret: notification_webhook
      content_type: application/json
      template: |
        {
          "event": "production_deploy",
          "branch": "{{ .CI_COMMIT_BRANCH }}",
          "commit": "{{ .CI_COMMIT_SHA }}",
          "status": "success",
          "environment": "production"
        }