name: Deploy XIP

# Auto-deploy on every push to main. The runner SSHes into the xip-app CT
# (Echelon CT502) and runs scripts/deploy.sh, which pulls + rebuilds the stack.
on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Set up SSH
        run: |
          command -v ssh >/dev/null 2>&1 || (apt-get update && apt-get install -y --no-install-recommends openssh-client)
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.XIP_DEPLOY_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -H "${{ secrets.XIP_DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true

      - name: Deploy over SSH
        run: |
          ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no \
            "${{ secrets.XIP_DEPLOY_USER }}@${{ secrets.XIP_DEPLOY_HOST }}" \
            'bash /opt/xip/scripts/deploy.sh'