name: 'Checkout and Config Injection'
description: 'Clones the project via SSH and injects configs from a separate repo'
inputs:
  ssh_key:
    description: 'SSH Private Key'
    required: true
  config_repo:
    description: 'Configuration Repository Path (e.g., dev-ops/configs.git)'
    required: false
    default: ''
  config_repo_branch:
    description: 'Configuration Repository Branch'
    required: false
    default: 'main'
  app_key:
    description: 'Application Key in the config repo'
    required: true
  gitea_host:
    description: 'Gitea Hostname'
    required: false
    default: 'gitea.hclife.co'
  gitea_port:
    description: 'Gitea SSH Port'
    required: false
    default: '2222'
runs:
  using: 'composite'
  steps:
    - name: Checkout and Config
      shell: bash
      env:
        SSH_KEY: ${{ inputs.ssh_key }}
        CONFIG_REPO: ${{ inputs.config_repo }}
        CONFIG_REPO_BRANCH: ${{ inputs.config_repo_branch }}
        APP_KEY: ${{ inputs.app_key }}
        GITEA_HOST: ${{ inputs.gitea_host }}
        GITEA_PORT: ${{ inputs.gitea_port }}
      run: |
        set -eu
        
        SSH_TMP_DIR=$(mktemp -d)
        trap 'rm -rf "$SSH_TMP_DIR"' EXIT
        
        echo "$SSH_KEY" > "$SSH_TMP_DIR/id_rsa"
        chmod 600 "$SSH_TMP_DIR/id_rsa"
        ssh-keyscan -p "$GITEA_PORT" "$GITEA_HOST" > "$SSH_TMP_DIR/known_hosts"
        
        export GIT_SSH_COMMAND="ssh -i $SSH_TMP_DIR/id_rsa -o UserKnownHostsFile=$SSH_TMP_DIR/known_hosts -o StrictHostKeyChecking=yes"
        
        echo "Initializing project repository..."
        git init
        git config --global --add safe.directory "$GITHUB_WORKSPACE"
        if git remote get-url origin >/dev/null 2>&1; then
          git remote set-url origin "ssh://git@$GITEA_HOST:$GITEA_PORT/${{ github.repository }}.git"
        else
          git remote add origin "ssh://git@$GITEA_HOST:$GITEA_PORT/${{ github.repository }}.git"
        fi
        git fetch --depth 1 origin "${{ github.sha }}"
        git checkout FETCH_HEAD
        
        if [ -n "$CONFIG_REPO" ]; then
          echo "Fetching optional config repository..."
          echo "Config repo: $CONFIG_REPO"
          echo "Config repo branch: $CONFIG_REPO_BRANCH"
          echo "Expected config app key: $APP_KEY"
          git clone -b "$CONFIG_REPO_BRANCH" "ssh://git@$GITEA_HOST:$GITEA_PORT/$CONFIG_REPO" configs
          
          echo "Config repo top-level entries:"
          find configs -maxdepth 2 -mindepth 1 | sort
          
          CONFIG_SOURCE_DIR="configs/${APP_KEY}"
          if [ -d "$CONFIG_SOURCE_DIR" ]; then
            echo "Applying config tree from '$CONFIG_SOURCE_DIR'..."
            cp -Rv "$CONFIG_SOURCE_DIR"/. .
            rm -rf configs
          else
            echo "Error: '$CONFIG_SOURCE_DIR' not found in config repository"
            echo "Available directories under configs/:"
            find configs -maxdepth 3 -type d | sort
            exit 1
          fi
        else
          echo "No config repository configured; skipping config injection."
        fi