stages:
  - build
  - publish
  - deploy

variables:
  REGISTRY: registry.gitlab.com/$CI_PROJECT_PATH

# ---------- BUILD ----------
build-rag:
  stage: build
  image: eclipse-temurin:25-jdk-alpine
  cache:
    key: "${CI_COMMIT_REF_SLUG}-rag"
    paths:
      - rag-service/.m2/repository
  script:
    - cd rag-service
    - chmod +x mvnw
    - ./mvnw package -DskipTests -B -Dmaven.repo.local=.m2/repository
  artifacts:
    paths:
      - rag-service/target/*.jar
    expire_in: 1h

# ---------- PUBLISH DOCKER IMAGE ----------
publish-rag:
  stage: publish
  image: docker:27
  services:
    - docker:27-dind
  variables:
    DOCKER_TLS_CERTDIR: ""
  before_script:
    - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin
  script:
    - docker build -t $REGISTRY/rag-service:${CI_COMMIT_SHORT_SHA} -t $REGISTRY/rag-service:latest rag-service/
    - docker push $REGISTRY/rag-service:${CI_COMMIT_SHORT_SHA}
    - docker push $REGISTRY/rag-service:latest
  needs: [build-rag]

# ---------- DEPLOY TO VPS ----------
deploy:
  stage: deploy
  image: alpine:3.20
  needs: [publish-rag]
  only:
    - main
  before_script:
    - apk add --no-cache openssh-client
    - mkdir -p ~/.ssh
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
    - chmod 600 ~/.ssh/id_ed25519
    - ssh-keyscan -H $VPS_HOST >> ~/.ssh/known_hosts
  script:
    - |
      ssh $VPS_USER@$VPS_HOST << ENDSSH
        set -e
        echo "$CI_REGISTRY_PASSWORD" | docker login registry.gitlab.com -u "$CI_REGISTRY_USER" --password-stdin
        cd /opt/services
        export CI_COMMIT_SHORT_SHA=${CI_COMMIT_SHORT_SHA}
        docker compose -f docker-compose.yml -f docker-compose.prod.yml pull rag-service
        docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d rag-service
        docker image prune -f
      ENDSSH
  environment:
    name: production
    url: https://balexvic.com