name: Deploy to my-vpn

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy via SSH
        env:
          VPN_HOST: ${{ secrets.VPN_HOST }}
          VPN_USER: ${{ secrets.VPN_USER }}
          VPN_SSH_KEY: ${{ secrets.TEST_KEY }}
        run: |
          set -euo pipefail
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          printf '%s' "$VPN_SSH_KEY" > ~/.ssh/id_ci_runner
          chmod 600 ~/.ssh/id_ci_runner
          VPN_USER="$(printf '%s' "$VPN_USER" | tr -d '\r\n')"
          VPN_HOST="$(printf '%s' "$VPN_HOST" | tr -d '\r\n')"
          echo "using user=${VPN_USER} host=${VPN_HOST}"
          ssh-keyscan -H "$VPN_HOST" >> ~/.ssh/known_hosts || true
          ssh-keygen -lf ~/.ssh/id_ci_runner
          ssh -vvv -o BatchMode=yes -o ConnectTimeout=10 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_ci_runner "${VPN_USER}@${VPN_HOST}" "echo ok"

          ssh -o BatchMode=yes -o ConnectTimeout=10 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_ci_runner "${VPN_USER}@${VPN_HOST}" "cd /srv/ip-ua && git fetch --all && git reset --hard origin/main && bash deploy/my-vpn/deploy.sh"