name: Promote to Production

on:
  push:
    tags:
      - 'v*'

jobs:
  promote:
    name: Deploy to Production
    runs-on: ubuntu-latest

    steps:
    - name: Install kubectl
      run: |
        curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
        chmod +x kubectl

    - name: Get image from tag
      id: image
      run: |
        # Tag format: v0.2.1 or v0.2.1-rc1
        # The staging pipeline already pushed the image with the commit SHA
        # We retag with the version tag for traceability
        echo "tag=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"

    - name: Login to Forgejo Registry
      uses: docker/login-action@v3
      with:
        registry: git.cloonar.com
        username: openclawd
        password: ${{ secrets.REGISTRY_TOKEN }}

    - name: Retag image for production
      run: |
        # Pull latest staging image and tag with version
        docker pull --platform linux/arm64 git.cloonar.com/openclawd/docfast:latest
        docker tag git.cloonar.com/openclawd/docfast:latest \
          git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}
        docker push git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }}

    - name: Deploy to Production
      run: |
        echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml

        ./kubectl set image deployment/docfast \
          docfast=git.cloonar.com/openclawd/docfast:${{ steps.image.outputs.tag }} \
          -n docfast --kubeconfig=/tmp/kubeconfig.yaml

        ./kubectl rollout status deployment/docfast \
          -n docfast --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s

        echo "✅ Production deploy complete! Version: ${{ steps.image.outputs.tag }}"