name: sync-to-gitea

on:
  push:
    branches:
      - high-performance

jobs:
  sync:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Sync to Gitea
        env:
          GITEA_TOKEN_PRIMARY: ${{ secrets.GITEA_TOKEN }}
          GITEA_TOKEN_FALLBACK: ${{ secrets.GITEA_SECRET }}
          GITEA_USERNAME: ${{ secrets.GITEA_USERNAME }}
          REPO: ${{ github.event.repository.name }}
          BRANCH: ${{ github.ref_name }}
        run: |
          set -euo pipefail

          GITEA_TOKEN="${GITEA_TOKEN_PRIMARY:-${GITEA_TOKEN_FALLBACK:-}}"
          if [ -z "${GITEA_TOKEN}" ]; then
            echo "Missing token secret: set GITEA_TOKEN (preferred) or GITEA_SECRET"
            exit 1
          fi

          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"

          GITEA_USER="$(curl -fsS -H "Authorization: token ${GITEA_TOKEN}" https://ci.nxtgauge.com/api/v1/user 2>/dev/null | jq -r '.login // empty' || true)"
          if [ -z "$GITEA_USER" ]; then
            GITEA_USER="${GITEA_USERNAME:-Admin}"
          fi
          TARGET="https://ci.nxtgauge.com/Admin/${REPO}.git"
          AUTH="$(printf '%s' "${GITEA_USER}:${GITEA_TOKEN}" | base64 | tr -d '\n')"

          echo "Using Gitea user: ${GITEA_USER}"
          echo "Sync target: Admin/${REPO}.git"

          curl -fsS -H "Authorization: Basic ${AUTH}" "${TARGET}/info/refs?service=git-receive-pack" >/dev/null
          git -c http.extraheader="Authorization: Basic ${AUTH}" ls-remote "${TARGET}" >/dev/null

          git remote remove gitea 2>/dev/null || true
          git remote add gitea "${TARGET}"

          git -c http.extraheader="Authorization: Basic ${AUTH}" push gitea "HEAD:${BRANCH}" --force
          git -c http.extraheader="Authorization: Basic ${AUTH}" push gitea --tags --force