# 正式服（huiwings）E2E 联通性验收
# 仅手动触发 + 每日定时，不跟随 push/PR 自动执行。
name: production Smoke

on:
  workflow_dispatch:
    inputs:
      base_url:
        description: H5 基址
        required: false
        default: "https://music-room.huiwings.cn"
        type: string
      kc_base_url:
        description: htykc 反代基址
        required: false
        default: "https://admin.huiwings.cn"
        type: string
      prod_org_id:
        description: 正式服机构 ID
        required: false
        default: "b79d09b0-0b65-44fb-936c-dcebf01097ba"
        type: string
  schedule:
    # 每天 05:00 UTC（北京时间 13:00）跑一次
    - cron: "0 5 * * *"

concurrency:
  group: huike-e2e-production-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  smoke:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v4

      - name: 解析环境变量
        run: |
          BASE="${{ inputs.base_url }}"
          KC="${{ inputs.kc_base_url }}"
          ORG="${{ inputs.prod_org_id }}"
          echo "HUIKE_FRONT_BASE_URL=${BASE:-https://music-room.huiwings.cn}" >> "$GITHUB_ENV"
          echo "KC_BASE_URL=${KC:-https://admin.huiwings.cn}" >> "$GITHUB_ENV"
          echo "PROD_ORG_ID=${ORG:-b79d09b0-0b65-44fb-936c-dcebf01097ba}" >> "$GITHUB_ENV"
          echo "Using BASE=$BASE KC=$KC ORG=$ORG"

      - uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"
          cache-dependency-path: package-lock.json

      - name: 依赖与 Chromium
        run: |
          npm ci
          npx playwright install chromium --with-deps

      - name: Playwright — 基础联通性与访客测试
        run: |
          npx playwright test \
            tests/smoke-http.spec.ts \
            tests/guest-onboarding.spec.ts \
            tests/home-shell.spec.ts \
            tests/course-package-store.spec.ts \
            --grep-invert "已登录|权限与预览"

      - name: 正式服 SSH 只读校验（若已配置密钥）
        env:
          PROD_SSH_HOST: alchemy-studio.cn
          SSH_USER: ${{ secrets.PROD_SSH_USER }}
          SSH_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
          SSH_KNOWN_HOSTS: ${{ secrets.PROD_SSH_KNOWN_HOSTS }}
        run: |
          if [ -z "$SSH_USER" ] || [ -z "$SSH_KEY" ]; then
            echo "PROD_SSH_USER / PROD_SSH_PRIVATE_KEY 未配置，跳过 SSH 校验"
            exit 0
          fi
          set -euo pipefail
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
          printf '%s\n' "$SSH_KEY" > ~/.ssh/prod_ci
          chmod 600 ~/.ssh/prod_ci
          ssh -i ~/.ssh/prod_ci \
            -o StrictHostKeyChecking=yes \
            -o IdentitiesOnly=yes \
            "${SSH_USER}@${PROD_SSH_HOST}" \
            'bash -s' < scripts/production-remote-check.sh