name: Build and Deploy Backend

on:
  push:
    branches:
      - main
    paths:
      - 'backend/**'
      - 'frontend/src/shared/**'

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Generate version
        id: version
        run: |
          echo "version=dev-${GITHUB_SHA::7}" >> $GITHUB_OUTPUT

      - name: Copy shared code
        run: |
          mkdir -p backend/src/.shared
          cp -r frontend/src/shared/* backend/src/.shared/

      - name: Google Auth
        id: auth
        uses: google-github-actions/auth@v1
        with:
          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
          service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}

      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v1

      - name: Check for required Google Cloud secrets
        run: |
          required_secrets=("OPENAI_API_KEY" "DB_USER" "DB_HOST" "DB_NAME" "DB_PASSWORD" "GOOGLE_CLIENT_ID")
          missing_secrets=()
          for secret in "${required_secrets[@]}"; do
            if ! gcloud secrets versions access latest --secret="$secret" >/dev/null 2>&1; then
              missing_secrets+=("$secret")
            fi
          done
          if [ ${#missing_secrets[@]} -ne 0 ]; then
            echo "Error: The following required Google Cloud secrets are missing:"
            for secret in "${missing_secrets[@]}"; do
              echo "- $secret"
            done
            exit 1
          fi
          echo "All required Google Cloud secrets are present. Proceeding with deployment..."

      - name: Build and Push Image
        id: build
        run: |
          cd backend
          BUILD_ID=$(gcloud builds submit --tag gcr.io/mindmeld-backend/mindmeld:${{ steps.version.outputs.version }} --format='get(id)' --async)
          echo "build_id=$BUILD_ID" >> $GITHUB_OUTPUT
          
          echo "Waiting for build to complete..."
          while true; do
            STATUS=$(gcloud builds describe $BUILD_ID --format='get(status)')
            if [ "$STATUS" = "SUCCESS" ]; then
              echo "Build completed successfully!"
              break
            elif [ "$STATUS" = "FAILURE" ] || [ "$STATUS" = "TIMEOUT" ] || [ "$STATUS" = "CANCELLED" ]; then
              echo "Build failed with status: $STATUS"
              exit 1
            fi
            echo "Build status: $STATUS"
            sleep 30
          done

      - name: Deploy to Cloud Run
        if: success()
        run: |
          gcloud run deploy mindmeld \
            --image gcr.io/mindmeld-backend/mindmeld:${{ steps.version.outputs.version }} \
            --add-cloudsql-instances ${{ secrets.CLOUD_SQL_CONNECTION_NAME }} \
            --set-secrets=OPENAI_API_KEY=OPENAI_API_KEY:latest,DB_USER=DB_USER:latest,DB_HOST=DB_HOST:latest,DB_NAME=DB_NAME:latest,DB_PASSWORD=DB_PASSWORD:latest,GOOGLE_CLIENT_ID=GOOGLE_CLIENT_ID:latest \
            --platform managed \
            --region europe-west1 \
            --allow-unauthenticated