#!/usr/bin/env bash
set -euo pipefail

cd "$(dirname "$0")/.."

ENV_SOURCE="/opt/job-tracker/shared/.env"
ENV_TARGET=".env"

if [ ! -f "$ENV_SOURCE" ]; then
  echo "Missing shared env file at $ENV_SOURCE"
  exit 1
fi

# Keep runtime secrets outside the repo checkout so workflow uploads cannot wipe them.
ln -sf "$ENV_SOURCE" "$ENV_TARGET"

if [ ! -f "$ENV_TARGET" ]; then
  echo "Failed to link deployment env file into $(pwd)/$ENV_TARGET"
  exit 1
fi

export APP_VERSION="${APP_VERSION:-0.0.0}"
export APP_COMMIT_SHA="${APP_COMMIT_SHA:-unknown}"
export APP_BUILD_STAMP="${APP_BUILD_STAMP:-unknown}"

docker compose pull || true
docker compose build
# Force recreation so updated port mappings, env vars, and container config always apply on deploy.
docker compose up -d --force-recreate --remove-orphans

sleep 5
docker compose ps

backend_status="$(docker compose ps --format json backend | python -c 'import json,sys; data=[json.loads(line) for line in sys.stdin if line.strip()]; print(data[0].get("State", "") if data else "")')"
if [ "$backend_status" != "running" ]; then
  echo "Backend service is not healthy after deploy (state: ${backend_status:-unknown})."
  docker compose logs --tail=200 backend || true
  exit 1
fi

echo "Deployment complete: ${APP_VERSION} ${APP_COMMIT_SHA}"