#!/bin/sh
# Woodpecker production deploy for the Authentik-backed ATLAS stack.

set -eu

STACK_NAME="${STACK_NAME:-atlas}"
STACK_FILE="${STACK_FILE:-stack.production.yml}"
SS_ATLAS_IMAGE="${SS_ATLAS_IMAGE:-git.nixc.us/a250/ss-atlas:production}"

log() {
  printf '[ci-deploy] %s\n' "$*"
}

fail() {
  printf '[ci-deploy] ERROR: %s\n' "$*" >&2
  exit 1
}

[ -f "$STACK_FILE" ] || fail "Missing $STACK_FILE"
docker info >/dev/null 2>&1 || fail "Docker daemon is not reachable"
[ "$(docker info --format '{{.Swarm.LocalNodeState}}')" = "active" ] || fail "Docker is not an active swarm manager"

if [ -n "${REGISTRY_USER:-}" ] && [ -n "${REGISTRY_PASSWORD:-}" ]; then
  log "Logging into git.nixc.us"
  printf '%s' "$REGISTRY_PASSWORD" | docker login -u "$REGISTRY_USER" --password-stdin git.nixc.us
fi

log "Pulling $SS_ATLAS_IMAGE"
docker pull "$SS_ATLAS_IMAGE"

log "Deploying $STACK_NAME from $STACK_FILE"
docker stack deploy --with-registry-auth -c "$STACK_FILE" "$STACK_NAME"

if docker service inspect "${STACK_NAME}_ss-atlas" >/dev/null 2>&1; then
  log "Forcing ${STACK_NAME}_ss-atlas to $SS_ATLAS_IMAGE"
  docker service update --force --image "$SS_ATLAS_IMAGE" "${STACK_NAME}_ss-atlas"
fi

log "Current stack tasks"
docker stack ps "$STACK_NAME" --no-trunc