name: 部署到群晖

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    # 清除可能存在的代理环境变量，防止 Docker 通过代理拉取镜像
    env:
      HTTP_PROXY: ""
      HTTPS_PROXY: ""
      http_proxy: ""
      https_proxy: ""
      NO_PROXY: "*"
      no_proxy: "*"
    steps:
      - name: 安装 Docker CLI
        run: |
          # === 彻底清零 Docker 代理，避免 daemon 拉 daocloud 时走 socks5 被 reset ===
          # 局域网 socks5 代理（192.168.1.119:1080）只供应用容器内部使用，
          # 这里把 daemon 自己的代理一律置空，让它直连国内 docker mirror。
          # 1) systemd drop-in：dockerd 启动时强制覆盖环境变量为空
          mkdir -p /etc/systemd/system/docker.service.d
          cat > /etc/systemd/system/docker.service.d/no-proxy.conf <<'EOF'
          [Service]
          Environment="HTTP_PROXY="
          Environment="HTTPS_PROXY="
          Environment="NO_PROXY=*"
          EOF
          # 2) daemon.json 显式声明空 proxies（双保险，覆盖任何外部继承）
          mkdir -p /etc/docker
          cat > /etc/docker/daemon.json <<'EOF'
          {
            "proxies": {
              "http-proxy": "",
              "https-proxy": "",
              "no-proxy": "*"
            }
          }
          EOF
          # 3) docker 客户端配置：影响 docker build/buildx 自身走的代理
          mkdir -p /root/.docker
          cat > /root/.docker/config.json <<'EOF'
          {
            "proxies": {
              "default": {
                "httpProxy": "",
                "httpsProxy": "",
                "noProxy": "*"
              }
            }
          }
          EOF
          # 替换 Debian 源为清华镜像，避免国内连 deb.debian.org 超时
          sed -i 's|deb.debian.org|mirrors.tuna.tsinghua.edu.cn|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
          sed -i 's|security.debian.org|mirrors.tuna.tsinghua.edu.cn/debian-security|g' /etc/apt/sources.list /etc/apt/sources.list.d/*.list 2>/dev/null || true
          apt-get update -qq
          # 顺手装 git：拉取代码那步要用，ubuntu-latest 默认不带
          apt-get install -y -qq docker.io git ca-certificates
          # 装完之后让 daemon 重新读上面三处配置；不同启动方式都试一遍
          systemctl daemon-reload 2>/dev/null || true
          systemctl restart docker 2>/dev/null || service docker restart 2>/dev/null || true
          # 给 daemon 一点时间就绪，否则紧接着 docker build 会连不上 socket
          sleep 3

      - name: 拉取代码
        # 直接走宿主 IP+端口，避免 act job 容器解析不了 git.ymxixi.space 内网域名
        run: |
          git init
          git remote add origin http://192.168.1.66:3000/adminym/telegram-downloader.git
          # 优先按本次触发的 commit SHA 拉，确保部署的是 push 上来的那次
          git fetch --depth 1 origin "$GITHUB_SHA"
          git checkout FETCH_HEAD

      - name: 构建镜像
        run: docker build -t telegram-downloader:latest .

      - name: 停止旧容器
        run: |
          docker stop telegram-downloader 2>/dev/null || true
          docker rm telegram-downloader 2>/dev/null || true

      - name: 启动新容器
        run: |
          docker run -d \
            --name telegram-downloader \
            --restart unless-stopped \
            -p 15001:5001 \
            -v /volume1/docker/apps/telegram-downloader/appdata:/app/appdata \
            -v /volume2/save/tgdowload:/app/downloads \
            telegram-downloader:latest

      - name: 部署完成提示
        run: |
          echo "✅ 部署完成，浏览器访问 http://192.168.1.66:15001 查看"