#!/usr/bin/env bash
set -euo pipefail

: "${SERVER_HOST:?SERVER_HOST non impostata}"
: "${SSH_USER:?SSH_USER non impostata}"
: "${BITBUCKET_SSH_KEY_B64:?BITBUCKET_SSH_KEY_B64 non impostata}"
: "${DEPLOY_PATH:?DEPLOY_PATH non impostata}"

APP_ROOT="$DEPLOY_PATH"
RELEASES_DIR="$APP_ROOT/releases"

mkdir -p ~/.ssh
chmod 700 ~/.ssh

printf '%s' "$BITBUCKET_SSH_KEY_B64" | base64 -d | tr -d '\r' > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa

cat > ~/.ssh/config <<EOF
Host deploy-target
  HostName $SERVER_HOST
  User $SSH_USER
  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes
  StrictHostKeyChecking yes
EOF

chmod 600 ~/.ssh/config
ssh-keyscan -H "$SERVER_HOST" >> ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts

ssh deploy-target "
  set -euo pipefail

  if [ ! -d '$RELEASES_DIR' ]; then
    echo 'Releases directory not found'
    exit 1
  fi

  cd '$RELEASES_DIR'

  PREVIOUS=\$(ls -1dt */ | sed -n '2p' | tr -d '/')

  if [ -z \"\$PREVIOUS\" ]; then
    echo 'No previous release found'
    exit 1
  fi

  echo \"Rolling back to: \$PREVIOUS\"

  sudo ln -sfn '$RELEASES_DIR'/\$PREVIOUS '$APP_ROOT/latest_tmp'
  sudo mv -Tf '$APP_ROOT/latest_tmp' '$APP_ROOT/latest'

  echo 'Rollback completed. Current live release:'
  readlink -f '$APP_ROOT/latest'
"