name: Deploy and verify

# Backward-compatible alias for deploy.yml — prefer deploy.yml for new integrations.
# Public copy: https://proxyhawk.io/guard-ci/workflows/deploy-wait.yml

on:
  workflow_call:
    inputs:
      platform:
        description: "render | railway | deploy-hook | verify-only"
        required: true
        type: string
      expected_sha:
        description: Git commit SHA expected to be live
        required: true
        type: string
      api_url:
        description: Base URL of deployed API
        required: true
        type: string
      health_path:
        description: Health check path
        required: false
        type: string
        default: "/api/health"
      environment_label:
        description: staging | production
        required: false
        type: string
        default: ""
      railway_service:
        description: Railway service name
        required: false
        type: string
        default: ""
    secrets:
      DEPLOY_HOOK:
        required: false
      DEPLOY_API_KEY:
        required: false
      RAILWAY_TOKEN:
        required: false
    outputs:
      deployed_sha:
        description: "Commit SHA verified live"
        value: ${{ jobs.deploy.outputs.deployed_sha }}

jobs:
  deploy:
    uses: ./.github/workflows/deploy.yml
    with:
      platform: ${{ inputs.platform }}
      expected_sha: ${{ inputs.expected_sha }}
      api_url: ${{ inputs.api_url }}
      health_path: ${{ inputs.health_path }}
      environment_label: ${{ inputs.environment_label }}
      railway_service: ${{ inputs.railway_service }}
    secrets:
      DEPLOY_HOOK: ${{ secrets.DEPLOY_HOOK }}
      DEPLOY_API_KEY: ${{ secrets.DEPLOY_API_KEY }}
      RAILWAY_TOKEN: ${{ secrets.RAILWAY_TOKEN }}