# ============================================
# .github/workflows/deploy.yml
# 코드 push → 테스트 → 빌드 → 이미지 push → K8s 배포
# ============================================
name: Deploy
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write          # OIDC 용

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node
        uses: actions/setup-node@v4
        with: { node-version: '20' }

      - run: npm ci
      - run: npm test
      - run: npm run build

      # Docker 이미지 빌드 + push
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: \${{ github.actor }}
          password: \${{ secrets.GITHUB_TOKEN }}

      - uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ghcr.io/\${{ github.repository }}:\${{ github.sha }}

      # AWS OIDC (장기 키 없이)
      - uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::123:role/github-deploy
          aws-region: ap-northeast-2

      # K8s 배포
      - uses: azure/setup-kubectl@v3
      - run: |
          aws eks update-kubeconfig --name prod-cluster
          kubectl set image deployment/web web=ghcr.io/myorg/web:\${{ github.sha }}
          kubectl rollout status deployment/web --timeout=5m

# ============================================
# 실용 kubectl 명령
# ============================================
# kubectl get all                          # 모든 리소스
# kubectl describe pod <name>              # 상세 (이벤트·문제 진단)
# kubectl logs -f <pod> -c <container>     # 멀티 컨테이너
# kubectl port-forward svc/web 8080:80     # 로컬 → 클러스터
# kubectl scale deployment web --replicas=5
# kubectl rollout history deployment web   # 배포 이력
# kubectl rollout undo deployment web      # 직전으로
# kubectl top pods                         # CPU·MEM 사용
# kubectl drain node-1 --ignore-daemonsets # 노드 비우기