name: "☁️ 2048 › Deploy"

on:
  push:
    branches: [ main ]

permissions:
  id-token: write
  contents: read

jobs:
  deploy:
    name: "📦 Build & Deploy"
    runs-on: ubuntu-latest
    steps:
      - name: "Checkout"
        uses: actions/checkout@v4

      - name: "Setup Node"
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: "Install Dependencies"
        run: npm ci

      - name: "Build"
        run: npm run build

      - name: "Configure AWS Credentials"
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: us-east-1

      - name: "Sync to S3"
        run: |
          aws s3 sync dist/ s3://${{ secrets.S3_BUCKET_NAME }}/ --delete --cache-control "public, max-age=31536000"

      - name: "Invalidate CloudFront"
        run: |
          aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*"