# Phase 1 — test + deploy only (no ProxyHawk Guard).
# Copy to your backend repo as .github/workflows/ci.yml
# Requires: .github/workflows/deploy-wait.yml (install-deploy.sh)

name: CI

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]
  workflow_dispatch:
    inputs:
      environment:
        description: "staging | production"
        required: false
        default: staging
        type: choice
        options:
          - staging
          - production

permissions:
  contents: read

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      # → add your test steps here

  deploy-staging:
    needs: test
    if: |
      github.event_name == 'push' ||
      (github.event_name == 'workflow_dispatch' && inputs.environment == 'staging')
    uses: ./.github/workflows/deploy-wait.yml
    with:
      platform: ${{ vars.STAGING_DEPLOY_PLATFORM || 'render' }}
      expected_sha: ${{ github.sha }}
      api_url: ${{ vars.STAGING_API_URL }}
      health_path: /api/health
      environment_label: staging
    secrets:
      DEPLOY_HOOK: ${{ secrets.STAGING_DEPLOY_HOOK }}
      DEPLOY_API_KEY: ${{ secrets.STAGING_DEPLOY_API_KEY }}
      RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN_STAGING }}

  deploy-production:
    needs: test
    if: github.event_name == 'workflow_dispatch' && inputs.environment == 'production'
    uses: ./.github/workflows/deploy-wait.yml
    with:
      platform: ${{ vars.PRODUCTION_DEPLOY_PLATFORM || vars.STAGING_DEPLOY_PLATFORM || 'render' }}
      expected_sha: ${{ github.sha }}
      api_url: ${{ vars.PRODUCTION_API_URL }}
      health_path: /api/health
      environment_label: production
    secrets:
      DEPLOY_HOOK: ${{ secrets.PRODUCTION_DEPLOY_HOOK }}
      DEPLOY_API_KEY: ${{ secrets.PRODUCTION_DEPLOY_API_KEY }}
      RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN_PRODUCTION }}