name: Deploy Production
run-name: Triggered by ${{ github.actor }} on ${{ github.event_name }}
on:
  workflow_dispatch:
    inputs:
      confirmation:
        description: "Are you SURE you want to deploy all changes from the selected commit to production?"
        type: boolean
      tag:
        description: "Image tag to deploy. Defaults to the last commit SHA in the branch."
        type: string
        required: false

concurrency:
  group: "deploy-production-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: false

jobs:
  # This is *not* run in CI on main in order to allow
  # breaking changes to be merged as administrator and have the
  # resulting CI green on main.
  # So run them here.
  compatibility-tests:
    uses: ./.github/workflows/_integration_tests.yml
    secrets: inherit
    with:
      relay_image: "us-east1-docker.pkg.dev/firezone-staging/firezone/relay"
      gateway_image: "ghcr.io/firezone/gateway"
      gateway_tag: "latest"
      client_image: "ghcr.io/firezone/client"
      client_tag: "latest"

  deploy-production:
    if: ${{ inputs.confirmation }}
    needs: compatibility-tests
    secrets: inherit
    uses: ./.github/workflows/_deploy_production.yml
    with:
      tag: ${{ inputs.tag || github.sha }}