stages: [install, build, deploy]

variables:
  NODE_ENV: production

cache:
  paths:
    - node_modules/

install:
  stage: install
  image: node:20-bullseye   # robuster als alpine für viele Packages
  script:
    - node -v
    - npm -v
    - corepack enable
    - corepack prepare pnpm@9.12.0 --activate
    - pnpm -v
    # Debug: Netzwerk & DNS
    - echo "nameserver 1.1.1.1" | tee /etc/resolv.conf || true
    - ping -c 1 registry.npmjs.org || true
    - npm config get registry
    # Robustere PNPM-Settings gegen Hänger
    - pnpm config set network-timeout 600000
    - pnpm config set fetch-retries 5
    - pnpm config set prefer-offline false
    # Falls Git-Abhängigkeiten vorkommen:
    - apt-get update && apt-get install -y git openssh-client
    # Wenn du ein pnpm-lock.yaml hast: nutze --frozen-lockfile, sonst ohne
    - if [ -f pnpm-lock.yaml ]; then pnpm install --frozen-lockfile --reporter=append-only; else pnpm install --reporter=append-only; fi


build:
  stage: build
  image: node:20-alpine
  script:
    - pnpm build
  artifacts:
    paths:
      - dist/

.deploy_template: &deploy
  stage: deploy
  image: alpine:3.20
  before_script:
    - apk add --no-cache openssh-client rsync
    - mkdir -p ~/.ssh
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_ed25519
    - chmod 600 ~/.ssh/id_ed25519
  script:
    - rsync -az --delete dist/ "$DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH"
  only: []

deploy:staging:
  <<: *deploy
  variables:
    DEPLOY_PATH: $DEPLOY_PATH_STAGING
  environment:
    name: staging
    url: https://staging.usbcheck.it
  only:
    - develop
    - merge_requests

deploy:production:
  <<: *deploy
  variables:
    DEPLOY_PATH: $DEPLOY_PATH_PROD
  environment:
    name: production
    url: https://usbcheck.it
  only:
    - main
  when: manual