name: Build .deb Package

on:
  push:
    branches: [master]
    tags: ["v*"]
  pull_request:
    branches: [master]

env:
  CARGO_TERM_COLOR: always

jobs:
  build-and-package:
    runs-on: ubuntu-latest
    steps:
      - name: Install system dependencies
        run: |
          apt-get update -qq
          apt-get install -y --no-install-recommends \
            curl pkg-config libssl-dev ca-certificates \
            git nodejs npm dpkg-dev python3

      - name: Checkout repository
        run: |
          git clone "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" .
          git checkout "$GITHUB_SHA"

      - name: Install Rust toolchain
        run: |
          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
          . "$HOME/.cargo/env"
          rustup default stable
          echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"

      - name: Build Rust backend (release)
        run: |
          . "$HOME/.cargo/env"
          cargo build --release

      - name: Run Rust tests
        run: |
          . "$HOME/.cargo/env"
          cargo test --release

      - name: Strip binaries
        run: |
          strip target/release/pm-web
          strip target/release/pm-worker

      - name: Install frontend dependencies
        working-directory: frontend
        run: npm ci

      - name: Build frontend
        working-directory: frontend
        run: npm run build

      - name: Determine version
        id: version
        run: |
          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
            VERSION="${GITHUB_REF#refs/tags/v}"
          else
            VERSION="1.0.0-dev.$(date +%Y%m%d%H%M)"
          fi
          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
          echo "Building version: ${VERSION}"

      - name: Assemble .deb package
        run: |
          VERSION="${{ steps.version.outputs.version }}"
          BUILD_DIR="package-build"

          mkdir -p "${BUILD_DIR}/DEBIAN"
          mkdir -p "${BUILD_DIR}/usr/local/bin"
          mkdir -p "${BUILD_DIR}/usr/share/patch-manager/frontend"
          mkdir -p "${BUILD_DIR}/usr/share/patch-manager/migrations"
          mkdir -p "${BUILD_DIR}/lib/systemd/system"

          # Binaries
          cp target/release/pm-web "${BUILD_DIR}/usr/local/bin/pm-web"
          cp target/release/pm-worker "${BUILD_DIR}/usr/local/bin/pm-worker"
          cp scripts/backup.sh "${BUILD_DIR}/usr/local/bin/backup.sh"
          chmod 755 "${BUILD_DIR}/usr/local/bin/pm-web"
          chmod 755 "${BUILD_DIR}/usr/local/bin/pm-worker"
          chmod 700 "${BUILD_DIR}/usr/local/bin/backup.sh"

          # Frontend
          cp -r frontend/dist/* "${BUILD_DIR}/usr/share/patch-manager/frontend/"

          # Config + migrations
          cp config/config.example.toml "${BUILD_DIR}/usr/share/patch-manager/config.example.toml"
          cp migrations/*.sql "${BUILD_DIR}/usr/share/patch-manager/migrations/"

          # Systemd units
          cp systemd/patch-manager-web.service "${BUILD_DIR}/lib/systemd/system/"
          cp systemd/patch-manager-worker.service "${BUILD_DIR}/lib/systemd/system/"
          cp systemd/patch-manager.target "${BUILD_DIR}/lib/systemd/system/"

          # DEBIAN control scripts
          cp debian/postinst "${BUILD_DIR}/DEBIAN/postinst"
          cp debian/prerm "${BUILD_DIR}/DEBIAN/prerm"
          cp debian/postrm "${BUILD_DIR}/DEBIAN/postrm"
          chmod 755 "${BUILD_DIR}/DEBIAN/postinst" "${BUILD_DIR}/DEBIAN/prerm" "${BUILD_DIR}/DEBIAN/postrm"

          # Generate control file
          INSTALLED_SIZE=$(du -sk "${BUILD_DIR}" | cut -f1)
          cat > "${BUILD_DIR}/DEBIAN/control" <<CTRL
          Package: linux-patch-manager
          Version: ${VERSION}-1
          Architecture: amd64
          Maintainer: Moon Dragon <echo@moon-dragon.us>
          Installed-Size: ${INSTALLED_SIZE}
          Depends: postgresql-16, libssl3, libc6 (>= 2.39)
          Recommends: postgresql-client-16
          Suggests: gpg
          Section: admin
          Priority: optional
          Description: Enterprise Linux Patch Management System
           Linux Patch Manager is a secure, web-based management interface for
           controlling patching and updates on Linux servers and workstations.
          CTRL

          # Build .deb
          DEB_NAME="linux-patch-manager_${VERSION}-1_amd64.deb"
          dpkg-deb --build "${BUILD_DIR}" "${DEB_NAME}"
          echo "Built: ${DEB_NAME}"
          du -h "${DEB_NAME}"

      - name: Verify package
        run: |
          DEB_NAME=$(ls linux-patch-manager_*.deb)
          echo "=== Package Info ==="
          dpkg-deb --info "${DEB_NAME}"
          echo "=== Package Size ==="
          du -h "${DEB_NAME}"

      - name: Create Gitea Release (tags only)
        if: startsWith(github.ref, 'refs/tags/v')
        run: |
          DEB_NAME=$(ls linux-patch-manager_*.deb)
          VERSION="${{ steps.version.outputs.version }}"
          # Create release via Gitea API
          curl -s -X POST \
            "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases" \
            -H "Authorization: token ${GITHUB_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "{\"tag_name\": \"${GITHUB_REF_NAME}\", \"title\": \"Release ${VERSION}\", \"body\": \"Automated build from tag ${GITHUB_REF_NAME}.\"}" \
            -o release.json
          # Extract release ID and upload .deb
          RELEASE_ID=$(python3 -c "import json; print(json.load(open('release.json'))['id'])")
          curl -s -X POST \
            "${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}/assets" \
            -H "Authorization: token ${GITHUB_TOKEN}" \
            -F "attachment=@${DEB_NAME}" \
            -F "name=${DEB_NAME}"