name: CI

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest

      - name: Install dependencies
        # --ignore-scripts skips native postinstall builds (e.g. canvas) that
        # aren't needed for the Vite browser build and fail on CI runners.
        run: bun install --frozen-lockfile --ignore-scripts

      - name: Build
        run: bun run build

  deploy:
    # Auto-deploy to the VPS (avria.cloud) on every push to main.
    # The SSH key is restricted on the server (forced command): it can only
    # run /home/avria/deploy.sh, which pulls main, builds, and rsyncs
    # dist/ -> public_html. The command string below is therefore ignored
    # by the server but kept descriptive.
    needs: build
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - name: Deploy to VPS
        run: |
          mkdir -p ~/.ssh
          printf '%s\n' "$VPS_DEPLOY_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          printf '%s\n' "$VPS_HOST_KEY" > ~/.ssh/known_hosts
          ssh -i ~/.ssh/deploy_key -o IdentitiesOnly=yes avria@2.25.155.250 "deploy main"
        env:
          VPS_DEPLOY_KEY: ${{ secrets.VPS_DEPLOY_KEY }}
          VPS_HOST_KEY: ${{ secrets.VPS_HOST_KEY }}