name: 'Publish to prod'

on:
  push:
    tags: v[0-9]+.[0-9]+.[0-9]+

permissions:
  id-token: write
  contents: read

jobs:
  upload-prod:
    runs-on: ubuntu-latest
    permissions:
      contents: 'read'
      id-token: 'write'

    steps:
      - uses: 'actions/checkout@v3'
      - name: Upload
        env:
          FTP_SERVER: ${{ secrets.FTP_SERVER }}
          FTP_USERNAME: ${{ secrets.FTP_USERNAME }}
          FTP_PASSWORD: ${{ secrets.FTP_PASSWORD }}
          DB_DSN: ${{ secrets.DB_DSN }}
          DB_SCHEMA: ${{ secrets.DB_SCHEMA }}
          DB_USERNAME: ${{ secrets.DB_USERNAME }}
          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
        run: |
          sudo apt install lftp
          rm -rf .git .github
          pushd bin
          ./fetch-dependencies.sh
          popd
          cp credentials.templ.php credentials.php
          sed -i -e "s/{DB_DSN}/${DB_DSN}/g" credentials.php
          sed -i -e "s/{DB_SCHEMA}/${DB_SCHEMA}/g" credentials.php
          sed -i -e "s/{DB_USERNAME}/${DB_USERNAME}/g" credentials.php
          sed -i -e "s/{DB_PASSWORD}/${DB_PASSWORD}/g" credentials.php
          mv maintenance.php maintenance-real.php
          sed -e 's/false/true/g' maintenance-real.php > maintenance.php
          lftp -e "
            set sftp:auto-confirm yes;
            set ssl:verify-certificate no;
            open -u ${FTP_USERNAME},${FTP_PASSWORD} sftp://${FTP_SERVER};
            put maintenance.php -o maintenance.php;
            mirror --exclude=maintenance-real.php -e -R ./ ./;
            put maintenance-real.php -o maintenance.php;
            quit;
          "