lcbp3/.gitea/workflows/ci-deploy.yml

name: CI / CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
  workflow_dispatch:

jobs:
  # ============================================================
  # JOB 1 : CI & Quality Gate
  # ============================================================
  build:
    runs-on: self-hosted
    timeout-minutes: 15
    steps:
      - name: Checkout (HTTPS)
        uses: actions/checkout@v4

      # ── [1] pnpm ต้องมาก่อน setup-node เสมอ ────────────────
      - name: ⚙️ Install pnpm
        uses: pnpm/action-setup@v4
        # version อ่านจาก packageManager field ใน package.json อัตโนมัติ

      - name: ⚙️ Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          # ลบ cache: "pnpm" ออก — ใช้ volume mount บน runner แทน

          # ── [2] ชี้ store ไปที่ volume ที่ mount ไว้ ─────────────
      - name: 🔧 Set pnpm store path
        run: pnpm config set store-dir /root/.local/share/pnpm

      - name: 📦 Install deps
        run: pnpm install --frozen-lockfile

      - name: 🧹 Lint
        run: pnpm lint

      - name: 🔍 Security & quality checks
        run: |
          # UUID misuse check (ADR-019)
          if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "parseInt(.*uuid" .; then
            echo "❌ UUID misuse detected"
            exit 1
          fi
          # console.log check (Clean Code)
          if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "console.log" .; then
            echo "❌ console.log detected"
            exit 1
          fi

      # ── [3] แยก step — เห็น failure ได้ชัดขึ้น ──────────────
      - name: 🧪 Test backend
        run: pnpm test
        working-directory: backend

      - name: 🧪 Test frontend
        run: pnpm test run
        working-directory: frontend

  # ============================================================
  # JOB 2 : Deploy — Trigger Blue-Green on QNAP
  # ============================================================
  deploy:
    needs: build
    if: github.ref == 'refs/heads/main'
    runs-on: self-hosted
    steps:
      - name: " Checkout"
        uses: actions/checkout@v4

      - name: "🚀 Deploy to QNAP"
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -p ${{ secrets.PORT }} ${{ secrets.HOST }} >> ~/.ssh/known_hosts 2>/dev/null

          ssh -o StrictHostKeyChecking=no \
              -o ConnectTimeout=30 \
              -o BatchMode=yes \
              -o ServerAliveInterval=30 \
              -o ServerAliveCountMax=10 \
              -i ~/.ssh/id_rsa \
              -p ${{ secrets.PORT }} ${{ secrets.USERNAME }}@${{ secrets.HOST }} bash << 'REMOTE_EOF'
            set -e
            export PATH="/share/CACHEDEV1_DATA/.qpkg/container-station/bin:/opt/bin:/usr/local/bin:/usr/bin:/bin:$PATH"

            cd /share/np-dms/app/source/lcbp3
            [ -d .git ] || { echo "✗ Git repo not found"; exit 1; }

            git fetch origin main
            git reset --hard origin/main
            chmod +x scripts/deploy.sh scripts/rollback.sh 2>/dev/null || true
            mkdir -p /share/np-dms/app/logs

            ./scripts/deploy.sh
          REMOTE_EOF
        timeout-minutes: 20