#!/usr/bin/env bash
# Deploy BaoLife TypeScript backend to lichun-master via git only.
# Do NOT copy files with scp — production must match a commit on origin/main.
#
# Prerequisites (local):
#   git push origin main   # server must be able to fast-forward
#
# Usage:
#   ./scripts/deploy-lichun-master.sh
#   ./scripts/deploy-lichun-master.sh --check   # show prod vs origin/main only

set -euo pipefail

REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
REMOTE_HOST="${LICHUN_DEPLOY_HOST:-lichun-master}"
REMOTE_PATH="${LICHUN_DEPLOY_PATH:-/var/www/lichun.app/lichun}"
SERVICE_NAME="${LICHUN_WEBSOCKET_SERVICE:-baolife-websocket.service}"

CHECK_ONLY=false
if [[ "${1:-}" == "--check" ]]; then
  CHECK_ONLY=true
fi

LOCAL_SHA="$(git -C "$REPO_ROOT" rev-parse HEAD)"
LOCAL_BRANCH="$(git -C "$REPO_ROOT" rev-parse --abbrev-ref HEAD)"
REMOTE_SHA="$(git -C "$REPO_ROOT" rev-parse "origin/main" 2>/dev/null || true)"

echo "=== BaoLife production deploy (git-tracked) ==="
echo "Local branch: $LOCAL_BRANCH @ $LOCAL_SHA"
echo "origin/main:  ${REMOTE_SHA:-unknown}"

if [[ "$LOCAL_BRANCH" != "main" ]]; then
  echo "Warning: not on main branch."
fi

if [[ -n "$REMOTE_SHA" && "$LOCAL_SHA" != "$REMOTE_SHA" ]]; then
  AHEAD="$(git -C "$REPO_ROOT" rev-list --count "origin/main..HEAD" 2>/dev/null || echo "?")"
  if [[ "$AHEAD" != "0" && "$AHEAD" != "?" ]]; then
    echo "Error: $AHEAD commit(s) on HEAD are not on origin/main. Push before deploying:"
    echo "  git push origin main"
    exit 1
  fi
fi

echo ""
echo "--- Production ($REMOTE_HOST) ---"
ssh "$REMOTE_HOST" "sudo -u www-data git -C '$REMOTE_PATH' fetch origin main 2>&1 && \
  echo 'Deployed commit:' && sudo -u www-data git -C '$REMOTE_PATH' rev-parse HEAD && \
  sudo -u www-data git -C '$REMOTE_PATH' log -1 --oneline && \
  echo 'origin/main on server:' && sudo -u www-data git -C '$REMOTE_PATH' rev-parse origin/main && \
  echo 'Working tree:' && sudo -u www-data git -C '$REMOTE_PATH' status -sb | head -15"

if $CHECK_ONLY; then
  exit 0
fi

echo ""
read -r -p "Run git pull + npm install + restart $SERVICE_NAME on $REMOTE_HOST? [y/N] " CONFIRM
if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then
  echo "Aborted."
  exit 0
fi

ssh "$REMOTE_HOST" bash -s <<EOF
set -euo pipefail
cd '$REMOTE_PATH'

# Refuse deploy if server has uncommitted changes (would be lost or block pull)
if ! sudo -u www-data git diff --quiet || ! sudo -u www-data git diff --cached --quiet; then
  echo "Error: production repo has local modifications. Commit or stash on the server, or:"
  echo "  sudo -u www-data git -C '$REMOTE_PATH' status"
  echo "  sudo -u www-data git -C '$REMOTE_PATH' restore ."
  echo "  sudo -u www-data git -C '$REMOTE_PATH' clean -fd   # removes untracked files"
  exit 1
fi

BEFORE=\$(sudo -u www-data git rev-parse HEAD)
sudo -u www-data git pull origin main
AFTER=\$(sudo -u www-data git rev-parse HEAD)

echo "Deployed: \$BEFORE -> \$AFTER"
sudo -u www-data git log -1 --oneline

cd server
if command -v npm >/dev/null 2>&1; then
  # Production runs via tsx (devDependency); omit=dev breaks ExecStart.
  sudo -u www-data npm install 2>&1 | tail -5
fi

sudo systemctl restart '$SERVICE_NAME'
sleep 2
systemctl is-active '$SERVICE_NAME'
EOF

echo ""
echo "Done. Verify: ssh $REMOTE_HOST 'sudo tail -30 /var/log/baolife-websocket.log'"