name: CD - Auto Deploy to HAS

on:
  workflow_run:
    workflows: ["CI - Tests & Security"]
    branches: [master]
    types:
      - completed

jobs:
  deploy:
    name: Deploy to HAS Production
    runs-on: ubuntu-latest
    # Only run this if the tests passed successfully
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    
    steps:
      - name: Deploy via SSH
        uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2 # v1.2.5
        with:
          host: ${{ secrets.HAS_SSH_HOST }}
          username: ${{ secrets.HAS_SSH_USER }}
          key: ${{ secrets.HAS_SSH_PRIVATE_KEY }}
          port: 2222
          script: |
            set -e
            echo "🚀 Spouštím automatický deployment na HAS..."
            cd /home/orchestration || exit 1
            git status --short > /home/orchestration/deploy-dirty-status-before-reset.txt || true
            
            # Stáhneme nejnovější změny z masteru
            git fetch origin master
            git reset --hard origin/master
            
            # Aplikujeme změny v prostředí bez nutnosti celkového restartu, pokud to není nutné
            # Použijeme oba compose soubory (hlavní + vault) pro jistotu
            docker-compose -f docker-compose.yml -f docker-compose.vault.yml up -d --remove-orphans
            
            echo "✅ Deployment úspěšný!"
