name: 构建并部署
run-name: ${{ gitea.actor }} 正在部署 Quant Speed Page 🚀

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu
    container:
      image: catthehacker/ubuntu:act-latest
    steps:
      - name: 检出代码
        run: |
          pwd
          ls -la

      # 1. 登录 Docker Registry (已跳过，无密码模式)1
      # - name: 登录到私有 Registry
      #   uses: docker/login-action@v2
      #   with:
      #     registry: 121.43.104.161:6500
      #     username: ${{ secrets.DOCKER_REGISTRY_USER }}
      #     password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}

      # 2. 构建并推送镜像
      - name: 配置 Buildx
        run: |
          cat > buildkitd.toml << 'EOF'
          [registry."docker.io"]
            mirrors = ["https://docker.m.daocloud.io", "https://dockerproxy.com"]
          [registry."121.43.104.161:6500"]
            http = true
            insecure = true
          EOF
          docker buildx create --name ci-builder --use --driver docker-container --driver-opt network=host --buildkitd-flags "--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host" --config ./buildkitd.toml
          docker buildx inspect --bootstrap

      - name: 构建并推送 Docker 镜像
        run: |
          docker buildx build --push --tag 121.43.104.161:6500/quant-speed-page:latest --allow security.insecure --allow network.host .

      # 3. 部署到服务器
      - name: 部署到服务器
        env:
          QUANT_PASSWORD: ${{ secrets.QUANT_PASSWORD }}
        run: |
          apt-get update -y
          apt-get install -y sshpass
          sshpass -p "$QUANT_PASSWORD" ssh -o StrictHostKeyChecking=no -p 22 root@121.40.192.128 '
            docker stop quant-speed-page || true
            docker rm quant-speed-page || true
            docker pull 121.43.104.161:6500/quant-speed-page:latest
            docker run -d --name quant-speed-page --restart unless-stopped -p 8080:80 121.43.104.161:6500/quant-speed-page:latest
          '