name: Build and Push Next.js to Private Registry

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      # 替换 actions/checkout@v4：直接利用 Runner 容器自带的 git 命令克隆
      # Gitea 会自动注入环境变量 $GITEA_SERVER_URL, $GITEA_REPOSITORY, $GITEA_SHA
      - name: 检查代码 (本地原生 Git)
        run: |
          git clone ${{ github.server_url }}/${{ github.repository }}.git .
          git checkout ${{ github.sha }}

      - name: 生成短哈希版本号
        id: vars
        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

      - name: 构建并推送镜像 (本地 Docker)
        run: |
          IMAGE_NAME="192.168.10.236:31051/nextjs-app"
          SHA_TAG="${{ steps.vars.outputs.sha_short }}"
          docker build -t ${IMAGE_NAME}:latest -t ${IMAGE_NAME}:${SHA_TAG} -f ./Dockerfile .
          docker push ${IMAGE_NAME}:latest
          docker push ${IMAGE_NAME}:${SHA_TAG}

      - name: SSH连接宿主机执行K3s灰度发布
        env:
          SSH_HOST: 192.168.10.236
          SSH_USER: root
          SSH_PWD: CLKJ@aidj236
          SHA_TAG: ${{ steps.vars.outputs.sha_short }}
        run: |
          apt update && apt install -y openssh-client sshpass
          sshpass -p "${SSH_PWD}" ssh -o StrictHostKeyChecking=no -p 22 ${SSH_USER}@${SSH_HOST} << EOF
            echo "1. 应用灰度配置文件"
            kubectl apply -f /home/ai/k3s/nextjs-traefik-gray.yaml
            echo "2. 更新镜像版本: ${SHA_TAG}"
            kubectl set image deployment/nextjs-app-canary nextjs=192.168.10.236:31051/nextjs-app:${SHA_TAG}
            echo "3. 等待滚动更新完成"
            kubectl rollout status deployment/nextjs-app-canary --timeout=60s
            echo "【发布成功】灰度版本 ${SHA_TAG} 已上线"
          EOF