name: Backup

on:
  schedule:
    - cron: '0 2 * * *'   # Täglich 02:00 UTC

jobs:
  backup:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.SEBAS }}

      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.PI_SSH_KEY }}" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          ssh-keyscan -p 10022 localhost >> ~/.ssh/known_hosts

      - name: Pull backups from Pi
        run: |
          mkdir -p backup/data backup/config
          scp -i ~/.ssh/deploy_key -P 10022 \
            "deploy@localhost:/opt/nazarick/data/*.sqlite" \
            backup/data/ || true
          scp -i ~/.ssh/deploy_key -P 10022 \
            deploy@localhost:/opt/nazarick/config/config.toml \
            backup/config/config.toml || true
          ssh -i ~/.ssh/deploy_key -p 10022 deploy@localhost \
            'find /opt/nazarick/crates/*/config -type f -name "*.md"' | while read f; do
            RELATIVE=${f#/opt/nazarick/}
            mkdir -p "backup/$(dirname $RELATIVE)"
            scp -i ~/.ssh/deploy_key -P 10022 \
              "deploy@localhost:$f" "backup/$RELATIVE" || true
          done

      - name: Commit and push
        run: |
          git config user.name "Nazarick Backup Bot"
          git config user.email "backup@nazarick"
          git add backup/
          git diff --staged --quiet || git commit -m "chore: daily backup $(date +%Y-%m-%d)"
          git push origin master