name: Deploy Stack via Docker Compose

on:
  push:
    branches: [ main ]

jobs:
  deploy-compose:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Recreate Environment File
        # This safely injects your hidden production secrets into the pipeline
        run: |
          echo "${{ secrets.WATCHTOWER_ENV_FILE }}" > .env

      - name: Deploy Stack using Compose
        # This targets the host's Docker daemon via the mounted socket
        run: |
          docker compose down
          docker compose up -d --remove-orphans