kind: pipeline
type: exec
name: deploy
clone:
  disable: true

trigger:
  branch:
    - test
  event:
    - push

steps:
  - name: debug
    commands:
      - echo $PATH
      - whoami
      - which node
      - which pm2
  - name: deploy
    environment:
      # exec runner 常不设置 HOME，会导致 ~/.bun、~/.nvm 等路径展开错误
      HOME: /root
      DEPLOY_BRANCH: deploy
      REPO_DIR: /root/projects/nuxt4-demo/nuxt4-demo-origin
      # Gitea 必须用 git 用户拉代码；用 root@ 可能 SSH 能过但 git 会话卡住
      GIT_REMOTE: ssh://git@git.xieyaxin.top:8892/topuser/nuxt4-demo.git
      GIT_SSH_HOST: git.xieyaxin.top
      GIT_SSH_PORT: "8892"
      UNZIP_DIR: /root/projects/nuxt4-demo/nuxt4-demo
      DEPLOY_SSH_KEY:
        from_secret: DEPLOY_SSH_KEY
      DATABASE_URL:
        from_secret: DATABASE_URL
      NITRO_PORT:
        from_secret: NITRO_PORT
      STATIC_DIR:
        from_secret: STATIC_DIR
      TMP_DIR:
        from_secret: TMP_DIR
      MEDIA_UPLOAD_SUBDIR:
        from_secret: MEDIA_UPLOAD_SUBDIR
      BOOTSTRAP_ADMIN_USERNAME:
        from_secret: BOOTSTRAP_ADMIN_USERNAME
      BOOTSTRAP_ADMIN_PASSWORD:
        from_secret: BOOTSTRAP_ADMIN_PASSWORD
    commands:
      - mkdir -p -m 700 "/root/.ssh"
      - umask 077 && printf '%s\n' "$DEPLOY_SSH_KEY" > "/root/.ssh/id_rsa"
      # 须与 GIT_REMOTE 主机一致，否则 StrictHostKeyChecking 会因缺少 [host]:port 的密钥失败
      - 'ssh-keyscan -p "$GIT_SSH_PORT" -H -T 15 "$GIT_SSH_HOST" > "/root/.ssh/known_hosts" && chmod 644 "/root/.ssh/known_hosts"'
      - 'export SSH_OPTS="-i /root/.ssh/id_rsa -p $GIT_SSH_PORT -o IdentitiesOnly=yes -o UserKnownHostsFile=/root/.ssh/known_hosts -o StrictHostKeyChecking=yes -o BatchMode=yes -o ConnectTimeout=10 -o ServerAliveInterval=15 -o ServerAliveCountMax=3"'
      # 与 GIT_REMOTE 用户一致（deploy key 挂在 Gitea 的 git 访问上）
      - 'ssh $SSH_OPTS -T git@"$GIT_SSH_HOST" || true'
      - 'export GIT_SSH_COMMAND="ssh $SSH_OPTS"'
      - |
        set -e
        export GIT_TERMINAL_PROMPT=0
        BRANCH="$DEPLOY_BRANCH"
        REPO_DIR="$REPO_DIR"
        GIT_REMOTE="$GIT_REMOTE"
        if [ -d "$REPO_DIR/.git" ]; then
          git -C "$REPO_DIR" fetch --progress --depth 1 origin "$BRANCH"
          git -C "$REPO_DIR" checkout -B "$BRANCH" "origin/$BRANCH"
          git -C "$REPO_DIR" reset --hard "origin/$BRANCH"
          git -C "$REPO_DIR" clean -fdx
        else
          rm -rf "$REPO_DIR"
          mkdir -p "$(dirname "$REPO_DIR")"
          git clone --progress --depth 1 -b "$BRANCH" "$GIT_REMOTE" "$REPO_DIR"
        fi
      - |
        set -e
        [ -f "$REPO_DIR/build-output.tar.gz" ] || { echo "build-output.tar.gz not found in $REPO_DIR"; exit 1; }
        rm -rf "$UNZIP_DIR"
        mkdir -p "$UNZIP_DIR"
        tar -xzf "$REPO_DIR/build-output.tar.gz" -C "$UNZIP_DIR"
      - |
        set -e
        cd "$UNZIP_DIR"
        source ~/.nvm/nvm.sh
        nvm use 24.15.0
        'pm2 stop nuxt4-demo || true'
        'pm2 delete nuxt4-demo || true'
        'pm2 start ./run.sh --name nuxt4-demo'