name: Deploy LightRAG to Azure Container Apps

on:
  push:
    branches:
      - main
    paths:
      - "Dockerfile"
      - "Dockerfile.lite"
      - ".github/workflows/azure-aca-deploy.yml"
      - "lightrag/**"
      - "lightrag-api/**"
      - "lightrag_webui/**"
      - "pyproject.toml"
      - "setup.py"
      - "uv.lock"
      - "requirements-*.txt"
  workflow_dispatch:

concurrency:
  group: lightrag-aca-deploy
  cancel-in-progress: true

jobs:
  build-and-deploy:
    name: Build and Deploy Container App
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    env:
      IMAGE_NAME: ${{ vars.IMAGE_NAME }}
      CONTAINER_APP_NAME: ${{ vars.AZURE_CONTAINER_APP_NAME }}
      AZURE_RESOURCE_GROUP: ${{ vars.AZURE_RESOURCE_GROUP }}
      REGISTRY_LOGIN_SERVER: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}
      AZURE_REGISTRY_USERNAME: ${{ secrets.AZURE_REGISTRY_USERNAME }}
      AZURE_REGISTRY_PASSWORD: ${{ secrets.AZURE_REGISTRY_PASSWORD }}
      AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Azure
        uses: azure/login@v2
        with:
          creds: ${{ env.AZURE_CREDENTIALS }}

      - name: Log in to Azure Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY_LOGIN_SERVER }}
          username: ${{ env.AZURE_REGISTRY_USERNAME }}
          password: ${{ env.AZURE_REGISTRY_PASSWORD }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile.lite
          push: true
          tags: |
            ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
            ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:latest
          cache-from: type=registry,ref=${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:buildcache
          cache-to: type=registry,ref=${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:buildcache,mode=max

      - name: Deploy to Azure Container Apps
        uses: azure/container-apps-deploy-action@v1
        with:
          resourceGroup: ${{ env.AZURE_RESOURCE_GROUP }}
          containerAppName: ${{ env.CONTAINER_APP_NAME }}
          imageToDeploy: ${{ env.REGISTRY_LOGIN_SERVER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
          registryLoginServer: ${{ env.REGISTRY_LOGIN_SERVER }}
          registryUsername: ${{ env.AZURE_REGISTRY_USERNAME }}
          registryPassword: ${{ env.AZURE_REGISTRY_PASSWORD }}