name: Deploy

on:
  push:
    branches: [main]
  workflow_dispatch:
    inputs:
      ref:
        description: "Commit or branch to deploy (default: main)"
        required: false
        default: "main"

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy via SSH
        run: |
          REF="${{ github.event.inputs.ref || github.sha }}"
          mkdir -p ~/.ssh
          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
          ssh -o StrictHostKeyChecking=no opc@${{ secrets.DEPLOY_HOST }} << ENDSSH
          cd /home/opc/services/my-favs
          git fetch origin
          git checkout ${REF}
          git pull origin main || true
          sudo docker compose up -d --build
          echo "${REF}" > .deployed-commit
          echo "Deployed: ${REF} at $(date -u +%Y-%m-%dT%H:%M:%SZ)"
          ENDSSH