name: Build and Deploy to ACR

on:
  push:
    branches:
      - main
  workflow_dispatch:

env:
  IMAGE_NAME: teams-browser-bot
  RESOURCE_GROUP: resource-core
  CONTAINER_APP_NAME: cae-poweron-shared

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Log in to Azure Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.ACR_LOGIN_SERVER }}
          username: ${{ secrets.ACR_USERNAME }}
          password: ${{ secrets.ACR_PASSWORD }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            ${{ secrets.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:latest
            ${{ secrets.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}

      - name: Azure Login
        uses: azure/login@v2
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Deploy to Container App
        uses: azure/cli@v2
        with:
          azcliversion: latest
          inlineScript: |
            SUFFIX=$(echo "${{ github.sha }}" | cut -c1-8)

            # Update image AND ensure minReplicas=1 so the container actually starts.
            # Without --min-replicas 1, Azure scales to zero and the bot never boots.
            az containerapp update \
              --name ${{ env.CONTAINER_APP_NAME }} \
              --resource-group ${{ env.RESOURCE_GROUP }} \
              --image ${{ secrets.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \
              --revision-suffix "deploy-${SUFFIX}" \
              --min-replicas 1 \
              --max-replicas 1

      - name: Verify deployment
        uses: azure/cli@v2
        with:
          azcliversion: latest
          inlineScript: |
            sleep 15

            # Get the revision we just deployed (sorted by creation date, newest first)
            EXPECTED_SUFFIX="deploy-$(echo "${{ github.sha }}" | cut -c1-8)"
            LATEST_REVISION=$(az containerapp revision list \
              --name ${{ env.CONTAINER_APP_NAME }} \
              --resource-group ${{ env.RESOURCE_GROUP }} \
              --query "sort_by(@, &properties.createdTime) | [-1].name" -o tsv)
            echo "Latest revision: $LATEST_REVISION"

            # Check provisioning state
            STATE=$(az containerapp revision show \
              --name ${{ env.CONTAINER_APP_NAME }} \
              --resource-group ${{ env.RESOURCE_GROUP }} \
              --revision "$LATEST_REVISION" \
              --query "properties.runningState" -o tsv 2>/dev/null || echo "unknown")
            echo "Revision state: $STATE"

            # Activate revision if not running, then restart
            if [ "$STATE" != "Running" ]; then
              echo "Revision not running yet, activating..."
              az containerapp revision activate \
                --name ${{ env.CONTAINER_APP_NAME }} \
                --resource-group ${{ env.RESOURCE_GROUP }} \
                --revision "$LATEST_REVISION" || true
              sleep 5
            fi

            az containerapp revision restart \
              --name ${{ env.CONTAINER_APP_NAME }} \
              --resource-group ${{ env.RESOURCE_GROUP }} \
              --revision "$LATEST_REVISION" || true

            # Final status check
            sleep 10
            REPLICAS=$(az containerapp revision show \
              --name ${{ env.CONTAINER_APP_NAME }} \
              --resource-group ${{ env.RESOURCE_GROUP }} \
              --revision "$LATEST_REVISION" \
              --query "properties.replicas" -o tsv 2>/dev/null || echo "0")
            echo "Running replicas: $REPLICAS"

      - name: Summary
        run: |
          echo "### Deployed successfully! :rocket:" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
          echo "Image: \`${{ secrets.ACR_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY