name: Auto-Deploy on Push

on:
  push:
    branches:
      - main
    paths:
      - 'apps/**'
      - 'clusters/**'
      - '.gitea/workflows/**'

jobs:
  verify-and-notify:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      
      - name: Check YAML Syntax
        run: |
          echo "🔍 Validating YAML files..."
          find apps clusters -name "*.yaml" -type f | while read file; do
            if ! grep -q "^apiVersion:" "$file"; then
              echo "⚠️ Warning: $file may not be a valid K8s manifest"
            fi
          done
          echo "✅ YAML validation passed"
      
      - name: Check for SOPS Encryption
        run: |
          echo "🔐 Checking SOPS status..."
          for file in $(git diff --name-only origin/main...HEAD -- '**/secret*.yaml' '**/credentials*.yaml'); do
            if grep -q "ENC\[" "$file"; then
              echo "✅ $file is encrypted"
            else
              echo "⚠️ WARNING: $file may not be encrypted!"
            fi
          done
      
      - name: Create Deployment Notification
        run: |
          echo "📤 Flux will reconcile changes within 1 minute"
          echo "🔗 Monitor in Gitea: Projects → Releases (check tags)"
          
      - name: List Changed Files
        run: |
          echo "📋 Files changed in this push:"
          git diff --name-only origin/main...HEAD