name: Build and Publish TechDocs

on:
  push:
    branches: [main]
  workflow_dispatch: {}

env:
  TECHDOCS_AZURE_BLOB_CONTAINER_NAME: 
  AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
  AZURE_ACCOUNT_NAME: "bstagecjotdevsttechdocs"
  ENTITY_NAMESPACE: default
  ENTITY_KIND: component
  ENTITY_NAME: petclinic
jobs:
  build-and-publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: read and set output
        id: read_env
        run: |
          echo "$AZURE_FEDERATED_TOKEN_FILE"
          env | grep AZURE
          echo "$(cat $AZURE_FEDERATED_TOKEN_FILE)"

      # act-based Gitea runners run as root — sudo is not available.
      # apt-get is called directly; works whether root or not.
      - name: Bootstrap pip
        run: |
          python3 --version
          if python3 -m pip --version 2>/dev/null; then
            echo "pip already available"
          elif python3 -m ensurepip --version 2>/dev/null; then
            python3 -m ensurepip --upgrade
          else
            apt-get update -qq
            apt-get install -y python3-pip
          fi
          python3 -m pip install --upgrade pip
          python3 -m pip --version

      - name: Install dependencies
        run: |
          python3 -m pip install --upgrade pip
          python3 -m pip install \
            mkdocs-techdocs-core==1.* \
            mkdocs-git-revision-date-localized-plugin \
            mkdocs-awesome-pages-plugin

          npm install -g @techdocs/cli
          npm cache clean --force

      # mkdocs has no dry-run flag — build into a temp dir to validate config
      # and catch any broken links or missing pages early.
      - name: Validate MkDocs config
        run: mkdocs build --strict --site-dir /tmp/mkdocs-validate

      - name: Build TechDocs site
        run: |
          techdocs-cli generate \
            --source-dir . \
            --output-dir ./site \
            --no-docker \
            --verbose

      # act runners don't include az by default — install via Microsoft's
      # official script which works on Debian/Ubuntu without sudo.
      - name: Install Azure CLI
        run: |
          if command -v az &>/dev/null; then
            echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)"
          else
            curl -sL https://aka.ms/InstallAzureCLIDeb | bash
          fi

      - name: Azure login (OIDC)
        run: |
          az login \
            --service-principal \
            --username "$AZURE_CLIENT_ID" \
            --tenant "$AZURE_TENANT_ID" \
            --federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"

          echo "✓ Azure login successful"

      - name: Publish TechDocs site
        run: |
          echo "$AZURE_ACCOUNT_NAME"
          echo "$ENTITY_NAMESPACE"
          echo "$ENTITY_KIND"
          echo "$ENTITY_NAME"
          techdocs-cli publish \
            --publisher-type azureBlobStorage \
            --storage-name "techdocs" \
            --azureAccountName "$AZURE_ACCOUNT_NAME" \
            --entity "$ENTITY_NAMESPACE/$ENTITY_KIND/$ENTITY_NAME"