name: Deploy website to VPS

env:
  NODE_VERSION: '20'
  HUGO_VERSION: '0.121.0' # Fallback version

on:
  push:
    branches: ['main']
  workflow_dispatch:

jobs:
  build-and-deploy:
    runs-on: debian-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install System Dependencies
        run: |
          apt-get update
          apt-get install -y rsync openssh-client git ca-certificates

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Setup pnpm
        if: hashFiles('package.json') != ''
        uses: pnpm/action-setup@v4

      - name: Get Hugo Version
        run: |
          if [ -f "hugoblox.yaml" ]; then
            # Extract version from your config file
            VERSION=$(grep "hugo_version" hugoblox.yaml | awk '{print $2}' | tr -d "'\"")
            echo "HUGO_VERSION=$VERSION" >> $GITHUB_ENV
          else
            # Fallback if file doesn't exist
            echo "HUGO_VERSION=0.125.0" >> $GITHUB_ENV
          fi

      - name: Install Node Dependencies
        run: |
          if [ -f "package.json" ]; then
            pnpm install --no-frozen-lockfile || npm install
          fi

      - name: Setup Hugo
        uses: peaceiris/actions-hugo@v3
        with:
          hugo-version: ${{ env.HUGO_VERSION }}
          extended: true

      - name: Build with Hugo
        env:
          HUGO_ENVIRONMENT: production
        run: |
          # Replace with your actual domain
          hugo --minify --baseURL "https://ejs.cam/"

      - name: Generate Pagefind search index
        run: |
          if [ -f "package.json" ] && grep -q "pagefind" package.json; then
            pnpm dlx pagefind --source "public" || npx pagefind --source "public"
          fi

      - name: Deploy via Rsync
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          REMOTE_PORT: ${{ secrets.REMOTE_PORT }}
        run: |
          # 1. Prepare SSH Directory
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          # 2. Load the Private Key
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

          # 3. Add host to known_hosts to prevent interactive prompt
          ssh-keyscan -p "$REMOTE_PORT" "$REMOTE_HOST" >> ~/.ssh/known_hosts

          # 4. Sync files to NixOS /var/www
          # Note: the trailing slash on ./public/ means "contents of public"
          rsync -avz --delete \
            -e "ssh -p $REMOTE_PORT" \
            ./public/ \
            $REMOTE_USER@$REMOTE_HOST:/var/www/