.github/workflows/publish-das-components-image.yml

name: Build and Publish POC Components

on:
  push:
    branches:
      - master
      - das-287

jobs:
  build:
    runs-on: self-hosted
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Build Binaries
        run: make build-all

      - name: Upload Binaries as Artifacts
        uses: actions/upload-artifact@v4
        with:
          name: binaries
          path: src/bin
          if-no-files-found: "error"

  publish_wheels: 
    runs-on: self-hosted
    needs: build
    strategy:
      matrix:
        target: [hyperon_das_atomdb_cpp, hyperon_das_atomdb, hyperon_das_node, hyperon_das]

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Download Binaries Artifacts
        uses: actions/download-artifact@v4
        with:
          name: binaries
          path: src/bin

      - name: Install twine
        run: pip3 install twine==6.1.0

      - name: Publish to PyPI
        env:
          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
        run: |
          WHEEL_FILE=$(find . -name "${{ matrix.target }}-*.whl" | head -n 1)
          if [ -z "$WHEEL_FILE" ]; then
            echo "No wheel file found for target ${{ matrix.target }}"
            exit 1
          fi
          echo "Publishing $WHEEL_FILE..."

          python3 -m twine upload "$WHEEL_FILE" 2>&1 | tee /tmp/upload.log || {
            if grep -q "File already exists" /tmp/upload.log; then
              echo "Version already exists on PyPI. Skipping upload."
              exit 0
            else
              echo "Failed to upload $WHEEL_FILE"
              echo "Upload log:"
              cat /tmp/upload.log
              exit 1
            fi
          }

  build_and_publish_images:
    runs-on: self-hosted
    needs: build
    strategy:
      matrix:
        target: [attention-broker, query-agent, link-creation-agent, link-creation-client]

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Download Binaries Artifacts
        uses: actions/download-artifact@v4
        with:
          name: binaries
          path: src/bin

      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build and Push Docker Image
        uses: docker/build-push-action@v4
        with:
          context: .
          file: .docker/poc/Dockerfile
          push: true
          target: ${{ matrix.target }}
          tags: trueagi/das:${{ matrix.target }}-poc

  deploy_ensemble_to_server:
    runs-on: self-hosted
    needs: build_and_publish_images
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up SSH key
        run: |
          echo "Setting up SSH key..."
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          eval "$(ssh-agent -s)"
          ssh-add ~/.ssh/id_rsa

      - name: Copy script to server using SCP
        run: |
          echo "Copying script to server..."
          scp -o StrictHostKeyChecking=no src/scripts/refresh-nunet-deployment.sh ${{ secrets.SSH_USER }}@${{ secrets.SERVER_HOST }}:/tmp/refresh-nunet-deployment.sh

      - name: Encode ensemble.yaml and store in environment
        id: load_ensemble
        run: |
          ENSEMBLE_CONTENT=$(base64 -w 0 < src/assets/ensemble.yaml)
          echo "ENSEMBLE_CONTENT=$ENSEMBLE_CONTENT" >> $GITHUB_ENV
          echo "ensemble.yaml content encoded successfully."

      - name: Process ensemble.yaml and execute deployment script on remote server
        run: |
          echo "Running deployment script on the remote server..."
          ssh -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SERVER_HOST }} << 'EOF'
            export DMS_PASSPHRASE="${{ secrets.DMS_PASSPHRASE }}"

            PEER_ID=$(nunet actor cmd /dms/node/peers/self -c user | jq -r '.id')
            
            if [ -z "$PEER_ID" ]; then
              echo "Error: Could not get the peer ID"
              exit 1
            fi
            echo "Peer ID: $PEER_ID"

            ENSEMBLE_FILE=$(mktemp /tmp/ensemble.XXXXXX.yaml)
            echo "${{ env.ENSEMBLE_CONTENT }}" | base64 --decode | sed "s#\${PEER_ID}#$PEER_ID#g" > $ENSEMBLE_FILE

            bash +x /tmp/refresh-nunet-deployment.sh $ENSEMBLE_FILE
          EOF