name: deploy-rs
run-name: ${{ github.actor }} - deploy-rs
on:
 schedule:
   - cron: '0 2 * * *'
   # “At 02:00 daily."

jobs:
  deploy-rs:
    runs-on: alpine
    container: 
      image: alpine:edge
      options: --mount type=bind,src=/dev/net/tun,dst=/dev/net/tun --privileged
    steps:
    - name: "Runner: Info"
      run: |
        set -x
        pwd
        ls -lah 
        id
        uname -a
        hostname
        cat /etc/os-release
        whoami
        id
        cat /etc/resolv.conf

    - name:  "Setup: Runner"
      run: |
        apk update
        apk add git nodejs nix openssh-client qemu tailscale sudo --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/

    - name:  "Setup: SSH"
      run: |
        mkdir /root/.ssh
        echo "${{ secrets.SSH_PUBLIC_KEY }}"  > /root/.ssh/id_ed25519.pub 
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > /root/.ssh/id_ed25519
        chmod 700 /root/.ssh
        chmod 600 /root/.ssh/id_ed25519 
        chmod 644 /root/.ssh/id_ed25519.pub
        echo "Public Key:  "
        cat /root/.ssh/id_ed25519.pub

    - name: "Setup:  Headscale"
      run: | 
        echo "tailscaled --cleanup"
        sudo tailscaled --cleanup
        echo ""
        echo "tailscaled --state=mem 2> ~/tailscaled.log &"
        sudo tailscaled --state=mem: 2> ~/tailscaled.log &
        echo ""
        echo "tailscale up"
        sudo tailscale up \
            --login-server=https://headscale.sysctl.io \
            --accept-routes \
            --accept-dns \
            --authkey ${{ secrets.TAILSCALE_KEY }}  \
            --hostname forgejo-runner \
            --advertise-tags "tag:forgejo,tag:container,tag:ephemeral"
        sudo tailscale status 
        sudo tailscale netcheck

    - name: "nixos-version (Pre)"
      run: |  
        ssh -q -A -o StrictHostKeyChecking=no albert@framework-server \
            "
            nixos-version
            "

    - name: "SSH and Deploy"
      run: |  
        ssh -q -A -o StrictHostKeyChecking=no albert@framework-server \
            "
            cd /etc/nixos/git
            git pull
            deploy
            git commit -am \"[ACTIONS] deploy-rs updates (`date +%Y-%m-%d`)\"
            git push
            "

    - name: "nixos-version (Post)"
      run: |  
        ssh -q -A -o StrictHostKeyChecking=no albert@framework-server \
            "
            nixos-version
            "

    - if: success()
      uses:  https://git.sysctl.io/actions/gotify-action@master
      with:
        gotify_api_base: '${{ secrets.GOTIFY_URL }}'
        gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
        notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] NixOS Deployed'
        notification_message: 'Deployment completed successfully.'
      name:  "Send Notification - Success"
    - if: failure()
      uses:  https://git.sysctl.io/actions/gotify-action@master
      with:
        gotify_api_base: '${{ secrets.GOTIFY_URL }}'
        gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
        notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] Deployment Failed'
        notification_message: 'Your deployment has failed.  Check Forgejo.'
      name:  "Send Notification - Failure"