# Workflow for building and deploying a Next.js site to AWS S3
name: Deploy Next.js site to S3

on:
  # Runs on pushes targeting the default branch
  push:
    branches: ["master"]

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
concurrency:
  group: "s3-deployment"
  cancel-in-progress: false

jobs:
  build-and-deploy:
    runs-on: self-hosted
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Checkout
        uses: https://code.forgejo.org/actions/checkout@v4
                  
      - name: Create .env.local file
        run: |
          echo "YOUTUBE_API_KEY=${{ secrets.YOUTUBE_API_KEY }}" > .env.local
          echo "S3_BUCKET_NAME=${{ secrets.S3_BUCKET_NAME }}" >> .env.local
          
      - name: Install dependencies
        run: npm ci
        
      - name: Restore Next.js cache
        uses: https://code.forgejo.org/actions/cache@v4
        with:
          path: |
            .next/cache
          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
          restore-keys: |
            ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
            
      - name: Build Next.js site
        env:
          YOUTUBE_API_KEY: ${{ secrets.YOUTUBE_API_KEY }}
          S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
        run: npm run build:static
        
      - name: Configure AWS credentials
        # Note: aws-actions/configure-aws-credentials is GitHub-specific
        # For Forgejo, we'll use environment variables directly
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: us-east-1
        run: |
          echo "AWS credentials configured via environment variables"
          
      - name: Deploy to S3
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: us-east-1
        run: |
          aws s3 sync out/ s3://${{ secrets.S3_BUCKET_NAME }} --delete --no-cli-pager
          
      - name: Output deployment URL
        run: |
          echo "🎉 Deployment successful!"
          echo "S3 website URL: http://${{ secrets.S3_BUCKET_NAME }}.s3-website-us-east-1.amazonaws.com"
          echo "Note: Site will be served through CloudFlare proxy for production"