.github/workflows/coop_prod_ci_cd.yml

name: COOP-PROD Deployment Pipeline

on:
  push:
    branches:
      - coop-prod
  # workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Set up JDK 11
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: '11'

      - name: Cache Maven Packages
        uses: actions/cache@v3
        with:
          path: ~/.m2
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Build with Maven
        run: mvn clean package -DskipTests

      - name: Archive Build Artifacts
        uses: actions/upload-artifact@v3
        with:
          name: build-artifacts
          path: target/*.war

      # - name: Run Tests
      #   run: mvn test

  deploy:
    needs: build
    runs-on: ubuntu-latest
    # if: github.event_name == 'workflow_dispatch'

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3
        with:
          ref: 'coop-prod'

      - name: Download Build Artifact
        uses: actions/download-artifact@v3
        with:
          name: build-artifacts
          path: ./

      - name: Deploy to Payara
        env:
          SERVER_IP: ${{ secrets.COOP_PROD_SERVER_IP }}
          SERVER_USER: ${{ secrets.COOP_PROD_SERVER_USER }}
          SSH_PRIVATE_KEY: ${{ secrets.COOP_PROD_SSH_PRIVATE_KEY }}
          PAYARA_ADMIN_PASS: ${{ secrets.COOP_PROD_PAYARA_ADMIN_PASS }}
        run: |
          # Add SSH private key to the SSH agent
          echo "$SSH_PRIVATE_KEY" > private_key.pem
          chmod 600 private_key.pem

          # Variables
          WAR_NAME="coop.war"
          WAR_DIR="/home/appuser/app/latest"
          APP_NAME="coop"

          # Ensure deployment directory exists
          ssh -i private_key.pem -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "
            sudo mkdir -p $WAR_DIR
            sudo chown -R appuser:appuser /home/appuser/app
            sudo su - appuser
            cd $WAR_DIR

            # Remove old backup if it exists
            if [ -f $WAR_NAME.old ]; then
              rm $WAR_NAME.old
            fi

            # If the current WAR file exists, back it up
            if [ -f $WAR_NAME ]; then
              mv $WAR_NAME $WAR_NAME.old
            fi
          "

          # Copy new WAR file to the server
          rsync -aL --progress -e "ssh -i private_key.pem" ./*.war $SERVER_USER@$SERVER_IP:/tmp/$WAR_NAME

          # Move the file to /home/appuser/app/latest/ and set permissions
          ssh -i private_key.pem -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "
            sudo mv /tmp/$WAR_NAME $WAR_DIR/
            sudo chown appuser:appuser $WAR_DIR/$WAR_NAME
          "

          # Deploy the WAR using asadmin
          ssh -i private_key.pem -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "
            sudo su - appuser
            echo 'AS_ADMIN_PASSWORD=${{ secrets.COOP_PROD_PAYARA_ADMIN_PASS }}' > /tmp/payara-admin-pass.txt
            /opt/payara5/bin/asadmin --user admin --passwordfile /tmp/payara-admin-pass.txt undeploy $APP_NAME || true
            /opt/payara5/bin/asadmin --user admin --passwordfile /tmp/payara-admin-pass.txt deploy --force=true --contextroot $APP_NAME $WAR_DIR/$WAR_NAME
            rm /tmp/payara-admin-pass.txt
          "

          # Validate if the application is running
          ssh -i private_key.pem -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "
            sudo su - appuser
            echo 'AS_ADMIN_PASSWORD=${{ secrets.COOP_PROD_PAYARA_ADMIN_PASS }}' > /tmp/payara-admin-pass.txt
            if /opt/payara5/bin/asadmin --user admin --passwordfile /tmp/payara-admin-pass.txt list-applications | grep -q '$APP_NAME'; then
              echo 'Application is running.'
            else
              echo 'Application failed to start.'
            fi
            rm /tmp/payara-admin-pass.txt
          "

          # Check if the application is reachable
          for i in {1..5}; do
            RESPONSE_CODE=$(curl -s -o /dev/null -w "%{http_code}" https://$APP_NAME.carecode.org/$APP_NAME/faces/index1.xhtml)
            if [ "$RESPONSE_CODE" == "200" ]; then
              echo "Application is reachable and healthy."
              break
            elif [ "$i" == "5" ]; then
              echo "Application is not reachable or unhealthy at https://$APP_NAME.carecode.org/$APP_NAME (HTTP $RESPONSE_CODE)"
              break
            fi
            sleep 10
          done

          # Cleanup
          rm -f private_key.pem