name: Build Bootstrap Bundle

on:
  push:
    branches: [main]
    paths:
      - 'bootstrap.yml'
      - 'roles/**'
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.14.3'
          cache: 'pip'

      - name: Install dependencies
        run: |
          pip install ansible ansible-bundler

      - name: Verify playbook syntax
        run: |
          ansible-playbook --syntax-check bootstrap.yml -e 'user_pubkey="test"'

      - name: Build bundle
        run: |
          ansible-bundler bootstrap.yml -o bootstrap.run

      - name: Generate checksums
        run: |
          sha256sum bootstrap.run > bootstrap.run.sha256
          md5sum bootstrap.run > bootstrap.run.md5

      - name: Upload to release storage
        run: |
          # Option 1: Upload to Gitea generic packages
          curl -X PUT \
            -H "Authorization: token ${{ secrets.DEPLOY_TOKEN }}" \
            -T bootstrap.run \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/bootstrap.run"

          curl -X PUT \
            -H "Authorization: token ${{ secrets.DEPLOY_TOKEN }}" \
            -T bootstrap.run.sha256 \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/bootstrap.run.sha256"

      # Alternative: Upload as artifact (for manual download)
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: bootstrap-bundle
          path: |
            bootstrap.run
            bootstrap.run.sha256
          retention-days: 90