# ===============================================================================================================
# bitbucket-pipelines.yml - Pipeline CI/CD para proyectosacc
# Descripción:
#       Pipeline de 7 pasos estándar de CCsoft para desplegar el frontend
#       React (S3+CloudFront) y la API backend (EC2) de SACC.
#
# Autor: Área de Tecnología y Desarrollo - CCsoft
# ===============================================================================================================

image: atlassian/default-image:5

definitions:
  steps:
    - step: &notify-start
        name: Notify Start
        script:
          - export TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN}"
          - export TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID}"
          - bash ci-cd-commons/telegram_alert.sh "🚀 Iniciando pipeline de proyectosacc (${BITBUCKET_BRANCH})"

    - step: &notify-fail
        name: Notify Failure
        script:
          - export TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN}"
          - export TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID}"
          - bash ci-cd-commons/telegram_alert.sh "❌ Pipeline de proyectosacc falló en el paso ${BITBUCKET_STEP_KEY}"

pipelines:
  default:
    - step:
        name: 04_build
        script:
          - set -euo pipefail
          - echo "=== Build de proyectosacc (sin deploy) ==="
          - npm ci
          - npm run build
          - ./gradlew clean bootJar

  branches:
    developer:
      - step:
          name: 01_image-setup
          script:
            - set -euo pipefail
            - apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli
            - mkdir -p ~/.ssh
            - echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
            - chmod 600 ~/.ssh/sacc4_key
            - ssh-keyscan -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" "${DEV_SERVER_IP_PROYECTOSACC}" >> ~/.ssh/known_hosts 2>/dev/null || true
            - export TELEGRAM_BOT_TOKEN="${DEV_TELEGRAM_BOT_TOKEN}"
            - export TELEGRAM_CHAT_ID="${DEV_TELEGRAM_CHAT_ID}"
            - bash ci-cd-commons/telegram_alert.sh "🚀 Iniciando pipeline DEV de proyectosacc"

      - step:
          name: 02_repo-config
          script:
            - set -euo pipefail
            - git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-commons.git" ci-cd-commons
            - git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-saac4.git" ci-cd-saac4

      - step:
          name: 03_dependencies
          script:
            - set -euo pipefail
            - npm ci
            - ./gradlew dependencies

      - step:
          name: 04_build
          script:
            - set -euo pipefail
            - npm ci
            - npm run build
            - ./gradlew clean bootJar
          artifacts:
            - build/**
            - build/libs/*.jar

      - step:
          name: 05_publish
          script:
            - set -euo pipefail
            - aws s3 sync build/ "s3://${DEV_S3_FRONTEND_BUCKET}/" --delete
            - aws s3 cp build/libs/*.jar "s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar"

      - step:
          name: 06_install
          script:
            - set -euo pipefail
            - echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
            - chmod 600 ~/.ssh/sacc4_key
            - |
              ssh -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" \
                -i ~/.ssh/sacc4_key \
                -o StrictHostKeyChecking=no \
                "${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \
                "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"

      - step:
          name: 07_deploy
          script:
            - set -euo pipefail
            - echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
            - chmod 600 ~/.ssh/sacc4_key
            - |
              ssh -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" \
                -i ~/.ssh/sacc4_key \
                -o StrictHostKeyChecking=no \
                "${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \
                "bash /home/thoth/deploy/setup/deploy.sh"
            - aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
            - bash ci-cd-commons/telegram_alert.sh "✅ Deploy DEV de proyectosacc completado exitosamente"

    master:
      - step:
          name: 01_image-setup
          script:
            - set -euo pipefail
            - apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli
            - mkdir -p ~/.ssh
            - echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
            - chmod 600 ~/.ssh/sacc4_key
            - ssh-keyscan -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" "${PROD_SERVER_IP_PROYECTOSACC}" >> ~/.ssh/known_hosts 2>/dev/null || true
            - export TELEGRAM_BOT_TOKEN="${PROD_TELEGRAM_BOT_TOKEN}"
            - export TELEGRAM_CHAT_ID="${PROD_TELEGRAM_CHAT_ID}"
            - bash ci-cd-commons/telegram_alert.sh "🚀 Iniciando pipeline PROD de proyectosacc"

      - step:
          name: 02_repo-config
          script:
            - set -euo pipefail
            - git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-commons.git" ci-cd-commons
            - git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-saac4.git" ci-cd-saac4

      - step:
          name: 03_dependencies
          script:
            - set -euo pipefail
            - npm ci
            - ./gradlew dependencies

      - step:
          name: 04_build
          script:
            - set -euo pipefail
            - npm ci
            - npm run build
            - ./gradlew clean bootJar
          artifacts:
            - build/**
            - build/libs/*.jar

      - step:
          name: 05_publish
          script:
            - set -euo pipefail
            - aws s3 sync build/ "s3://${PROD_S3_FRONTEND_BUCKET}/" --delete
            - aws s3 cp build/libs/*.jar "s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar"

      - step:
          name: 06_install
          script:
            - set -euo pipefail
            - echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
            - chmod 600 ~/.ssh/sacc4_key
            - |
              ssh -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" \
                -i ~/.ssh/sacc4_key \
                -o StrictHostKeyChecking=no \
                "${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
                "bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"

      - step:
          name: 07_deploy
          script:
            - set -euo pipefail
            - echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
            - chmod 600 ~/.ssh/sacc4_key
            - |
              ssh -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" \
                -i ~/.ssh/sacc4_key \
                -o StrictHostKeyChecking=no \
                "${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
                "bash /home/thoth/deploy/setup/deploy.sh"
            - aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
            - bash ci-cd-commons/telegram_alert.sh "✅ Deploy PROD de proyectosacc completado exitosamente"