name: 'Setup SFP CLI and SSH'
description: 'Pulls the SFP server Docker image and configures SSH access. The CLI is used directly from inside the container.'

inputs:
  docker-registry:
    description: 'Docker registry hostname (e.g., ghcr.io, source.flxbl.io)'
    required: true
  docker-registry-token:
    description: 'Token for authenticating with the Docker registry'
    required: true
  docker-registry-user:
    description: 'Username for Docker registry authentication'
    required: false
    default: 'sfp'
  image-fqdn:
    description: 'Full Docker image path (e.g., ghcr.io/flxbl-io/sfp-server-rc)'
    required: true
  image-tag:
    description: 'Docker image tag'
    required: false
    default: 'latest'
  ssh-private-key:
    description: 'SSH private key for connecting to the remote server'
    required: true
  ssh-host:
    description: 'Hostname or IP of the target server'
    required: true

outputs:
  sfp-image:
    description: 'Full Docker image reference that was pulled'
    value: ${{ steps.pull.outputs.image }}

runs:
  using: 'composite'
  steps:
    - name: Pull SFP server image
      id: pull
      shell: bash
      env:
        DOCKER_REGISTRY: ${{ inputs.docker-registry }}
        DOCKER_REGISTRY_TOKEN: ${{ inputs.docker-registry-token }}
        DOCKER_REGISTRY_USER: ${{ inputs.docker-registry-user }}
        IMAGE_FQDN: ${{ inputs.image-fqdn }}
        IMAGE_TAG: ${{ inputs.image-tag }}
      run: |
        echo "::group::Pull SFP server image"

        echo "Logging in to $DOCKER_REGISTRY..."
        echo "$DOCKER_REGISTRY_TOKEN" | docker login "$DOCKER_REGISTRY" -u "$DOCKER_REGISTRY_USER" --password-stdin

        IMAGE="${IMAGE_FQDN}:${IMAGE_TAG}"
        echo "Pulling $IMAGE..."
        docker pull "$IMAGE"

        echo "Verifying sfp CLI inside image..."
        docker run --rm "$IMAGE" sfp --version

        echo "image=$IMAGE" >> $GITHUB_OUTPUT
        echo "::endgroup::"

    - name: Setup SSH
      shell: bash
      env:
        SSH_PRIVATE_KEY: ${{ inputs.ssh-private-key }}
        SSH_HOST: ${{ inputs.ssh-host }}
      run: |
        echo "::group::Setup SSH"

        mkdir -p ~/.ssh
        echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
        chmod 600 ~/.ssh/deploy_key

        echo "Adding $SSH_HOST to known hosts..."
        ssh-keyscan -H "$SSH_HOST" >> ~/.ssh/known_hosts 2>/dev/null

        echo "SSH configured for $SSH_HOST"
        echo "::endgroup::"