solution-erp/.gitea/workflows/deploy.yml

# Gitea Actions CI/CD — build + deploy SOLUTION_ERP lên IIS Windows Server.
# Trigger: push vào branch main, hoặc manual.
#
# Chạy trên Windows self-hosted runner (vì cần IIS + Word COM cho .doc convert optional).
# Secrets cần set trong Gitea repo settings:
#   - IIS_HOST          (hostname hoặc IP)
#   - IIS_USER          (Windows user có admin + WinRM)
#   - IIS_PASSWORD
#   - JWT_SECRET        (64+ chars random — dùng trong appsettings.Production.json)
#   - DB_CONNECTION     (connection string production)

name: Deploy SOLUTION_ERP

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  build-backend:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup .NET 10
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: '10.0.x'

      - name: Restore + Build BE
        run: |
          dotnet restore SolutionErp.slnx
          dotnet build SolutionErp.slnx --no-restore --configuration Release

      - name: Publish Api
        run: >
          dotnet publish src/Backend/SolutionErp.Api/SolutionErp.Api.csproj
          --no-build --configuration Release
          --output artifacts/api
          --runtime win-x64 --self-contained false

      - uses: actions/upload-artifact@v4
        with:
          name: backend-api
          path: artifacts/api/

  build-fe-admin:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: 'fe-admin/.nvmrc'   # pin 20.x (gotcha NamGroup)
          cache: 'npm'
          cache-dependency-path: 'fe-admin/package-lock.json'
      - run: npm ci
        working-directory: fe-admin
      - run: npm run build
        working-directory: fe-admin
      - uses: actions/upload-artifact@v4
        with:
          name: fe-admin-dist
          path: fe-admin/dist/

  build-fe-user:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: 'fe-user/.nvmrc'
          cache: 'npm'
          cache-dependency-path: 'fe-user/package-lock.json'
      - run: npm ci
        working-directory: fe-user
      - run: npm run build
        working-directory: fe-user
      - uses: actions/upload-artifact@v4
        with:
          name: fe-user-dist
          path: fe-user/dist/

  deploy-iis:
    needs: [build-backend, build-fe-admin, build-fe-user]
    runs-on: windows-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/download-artifact@v4
        with:
          path: artifacts/

      - name: Zip artifacts
        shell: pwsh
        run: |
          Compress-Archive -Path artifacts/backend-api/* -DestinationPath api.zip -Force
          Compress-Archive -Path artifacts/fe-admin-dist/* -DestinationPath fe-admin.zip -Force
          Compress-Archive -Path artifacts/fe-user-dist/* -DestinationPath fe-user.zip -Force

      - name: Copy + deploy via WinRM
        shell: pwsh
        env:
          IIS_HOST: ${{ secrets.IIS_HOST }}
          IIS_USER: ${{ secrets.IIS_USER }}
          IIS_PASSWORD: ${{ secrets.IIS_PASSWORD }}
        run: |
          $secure = ConvertTo-SecureString $env:IIS_PASSWORD -AsPlainText -Force
          $cred = New-Object PSCredential($env:IIS_USER, $secure)
          $session = New-PSSession -ComputerName $env:IIS_HOST -Credential $cred

          Copy-Item -Path api.zip, fe-admin.zip, fe-user.zip -Destination "C:\Deploy\" -ToSession $session

          Invoke-Command -Session $session -ScriptBlock {
              & C:\Deploy\scripts\deploy-iis.ps1 -Artifact "C:\Deploy\api.zip" -Site "SolutionErpApi"
              Expand-Archive "C:\Deploy\fe-admin.zip" "C:\inetpub\solution-erp\fe-admin" -Force
              Expand-Archive "C:\Deploy\fe-user.zip"  "C:\inetpub\solution-erp\fe-user" -Force
          }

          Remove-PSSession $session