name: Generate Nginx Config
run-name: 🔧 Generate Nginx config for ${{ vars.VAR_APP_NAME }}

on:
  workflow_call:
  workflow_dispatch:
  push:
    paths:
      - '.gitea/workflows/nextjs-nginx-conf.yaml'
      - '.gitea/templates/nginx-nextjs-site.conf.template'
    branches:
      - main

jobs:
  generate-config:
    runs-on: ubuntu-latest

    env:
      APP_NAME: ${{ vars.VAR_APP_NAME }}
      NEXTJS_PORT: ${{ vars.NEXTJS_PORT }}
      WEBSITE_URL: ${{ vars.WEBSITE_URL }}
      ADMIN_EMAIL: ${{ vars.ADMIN_EMAIL }}

    steps:
      - name: 📥 Checkout devops
        uses: actions/checkout@v3
        with:
          repository: public/gitea-workflows
          ref: main
          fetch-depth: 1

      - name: 📋 Infos de génération
        run: |
          echo "APP_NAME    : ${{ env.APP_NAME }}"
          echo "NEXTJS_PORT : ${{ env.NEXTJS_PORT }}"
          echo "WEBSITE_URL : ${{ env.WEBSITE_URL }}"
          if [ -z "${{ env.APP_NAME }}" ]; then echo "❌ VAR_APP_NAME manquant" && exit 1; fi
          if [ -z "${{ env.NEXTJS_PORT }}" ]; then echo "❌ NEXTJS_PORT manquant" && exit 1; fi
          if [ -z "${{ env.WEBSITE_URL }}" ]; then echo "❌ WEBSITE_URL manquant" && exit 1; fi

      - name: 🔧 Génération du fichier de configuration
        run: |
          DOMAIN=$(echo "${{ env.WEBSITE_URL }}" | sed -E 's#^https?://##' | sed -E 's#/.*$##')
          CONFIG_FILENAME="${DOMAIN}.conf"
          LOCAL_TEMP="/tmp/$CONFIG_FILENAME"
          cp .gitea/templates/nginx-nextjs-site.conf.template "$LOCAL_TEMP"
          sed -i "s/{{DOMAIN}}/$DOMAIN/g" "$LOCAL_TEMP"
          sed -i "s/{{PORT}}/${{ env.NEXTJS_PORT }}/g" "$LOCAL_TEMP"
          cat "$LOCAL_TEMP"

      - name: 🛠️ Déploiement page maintenance
        run: |
          sudo mkdir -p /var/www/errors
          sudo cp .gitea/templates/maintenance.html /var/www/errors/maintenance.html
          sudo chmod 644 /var/www/errors/maintenance.html

      - name: 🔒 Certificat SSL (certbot --standalone si absent)
        run: |
          DOMAIN=$(echo "${{ env.WEBSITE_URL }}" | sed -E 's#^https?://##' | sed -E 's#/.*$##')
          CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"

          # Installer certbot si absent
          if ! command -v certbot &>/dev/null; then
            echo "📦 Installation de certbot..."
            sudo apt-get update -qq
            sudo apt-get install -y -qq certbot
          fi

          if [ -f "$CERT_PATH" ]; then
            echo "✅ Certificat existant trouvé — aucune action requise"
          else
            echo "🔐 Certificat absent — obtention via certbot --standalone"
            # Arrêt de nginx pour libérer le port 80 (standalone en a besoin)
            sudo systemctl stop nginx || true
            sudo certbot certonly \
              --standalone \
              --non-interactive \
              --agree-tos \
              --email "${{ env.ADMIN_EMAIL }}" \
              -d "$DOMAIN"
            echo "✅ Certificat obtenu pour $DOMAIN"
          fi

      - name: 🚀 Installation NGINX
        run: |
          DOMAIN=$(echo "${{ env.WEBSITE_URL }}" | sed -E 's#^https?://##' | sed -E 's#/.*$##')
          CONFIG_FILENAME="${DOMAIN}.conf"
          LOCAL_TEMP="/tmp/$CONFIG_FILENAME"
          TARGET_AVAILABLE="/etc/nginx/sites-available/$CONFIG_FILENAME"
          TARGET_ENABLED="/etc/nginx/sites-enabled/$CONFIG_FILENAME"
          sudo mv "$LOCAL_TEMP" "$TARGET_AVAILABLE"
          if [ ! -f "$TARGET_ENABLED" ]; then sudo ln -s "$TARGET_AVAILABLE" "$TARGET_ENABLED"; fi
          sudo nginx -t
          if sudo systemctl is-active --quiet nginx; then
            sudo systemctl reload nginx
          else
            sudo systemctl start nginx
          fi