name: Smoke (SSH + layout)

on:
  workflow_dispatch:
  push:
    branches: [ "ci/smoke" ]

jobs:
  smoke:
    runs-on: [ mainhost, docker ]

    env:
      APP_ROOT: /var/www/stellaamor
      UPLOADS_DIR: uploads

    steps:
      - name: Checkout (pure git)
        run: |
          git init
          git remote add origin "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
          git fetch --depth=1 origin "$GITHUB_SHA"
          git checkout -q "$GITHUB_SHA"

      - name: Write SSH key
        run: |
          set -eu
          install -d -m 700 ~/.ssh
          printf '%s\n' "${{ secrets.SSH_KEY }}" > ~/.ssh/id_ed25519
          # normalize (fix CRLF)
          sed -i 's/\r$//' ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          if [ -n "${{ secrets.SSH_KNOWN_HOSTS }}" ]; then
            printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
            chmod 644 ~/.ssh/known_hosts
          else
            printf 'StrictHostKeyChecking no\n' >> ~/.ssh/config
          fi



      - name: Ping server
        run: ssh -i ~/.ssh/id_ed25519 ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} 'echo ok'

      - name: Ensure layout (no deploy yet)
        run: |
          ssh -i ~/.ssh/id_ed25519 ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "
            set -e
            install -d -m 755 ${APP_ROOT}/releases ${APP_ROOT}/shared ${APP_ROOT}/shared/${UPLOADS_DIR}
            echo smoke-$(date -u +%FT%TZ) > ${APP_ROOT}/shared/ci-smoke.txt
            ls -la ${APP_ROOT} ${APP_ROOT}/shared
          "