name: Deploy DNS Records
on:
  push:
    branches: [main]
    paths:
      - records.yaml
      - svc-records.yaml

jobs:
  deploy:
    runs-on: self-hosted
    steps:
      - name: Checkout
        run: |
          rm -rf dns-records
          git clone ${{ gitea.server_url }}/${{ gitea.repository }}.git dns-records
          cd dns-records
          git checkout ${{ github.sha }}

      - name: Setup kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config

      - name: Install kubectl
        run: |
          if ! command -v kubectl &>/dev/null; then
            curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
            sudo install kubectl /usr/local/bin/kubectl
          fi

      - name: Apply internal CoreDNS records
        run: |
          cd dns-records
          chmod +x generate.sh
          ./generate.sh records.yaml > /tmp/coredns-custom.yaml
          cat /tmp/coredns-custom.yaml
          kubectl apply -f /tmp/coredns-custom.yaml
          kubectl rollout restart deployment/coredns -n kube-system
          kubectl rollout status deployment/coredns -n kube-system --timeout=60s
          echo "Internal DNS records applied"

      - name: Apply authoritative zone records
        run: |
          cd dns-records
          chmod +x generate-zone.sh
          ./generate-zone.sh svc-records.yaml > /tmp/coredns-auth-zone.yaml
          cat /tmp/coredns-auth-zone.yaml
          kubectl apply -f /tmp/coredns-auth-zone.yaml
          kubectl rollout restart deployment/coredns-auth -n authoritative-dns
          kubectl rollout status deployment/coredns-auth -n authoritative-dns --timeout=60s
          echo "Authoritative zone records applied"