.github/workflows/deploy.yaml

name: Deploy to Hugging Face

on:
  workflow_run:
    workflows: ["CI"]          # doit correspondre à name: CI dans ton CI
    branches: [ main ]         # base branch concernée
    types: [completed]
  workflow_dispatch: {}

concurrency:
  group: deploy-${{ github.event.workflow_run.head_branch || 'main' }}
  cancel-in-progress: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    # ⬇️ NE se lance que si la CI a réussi ET si c'était une CI déclenchée par un PUSH (donc après merge)
    if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' }}

    # on expose les secrets en env (utilisables dans les steps)
    env:
      HF_TOKEN: ${{ secrets.HF_TOKEN }}
      HF_SPACE_URL: ${{ secrets.HF_SPACE_URL }}
      HF_GIT_EMAIL: ${{ secrets.HF_GIT_EMAIL || 'actions@github.com' }}
      HF_GIT_NAME:  ${{ secrets.HF_GIT_NAME  || 'github-actions' }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true  

      # garde-fou: si secrets manquants, on sort proprement
      - name: Guard secrets
        if: ${{ !env.HF_TOKEN || !env.HF_SPACE_URL }}
        run: |
          echo "HF secrets manquants, on skip le déploiement."
          exit 0

      - name: Configure Git identity (local)
        shell: bash
        run: |
          git config user.email "${HF_GIT_EMAIL:-actions@github.com}"
          git config user.name  "${HF_GIT_NAME:-github-actions}"

      - name: Prepare snapshot (no history, no binaries)
        shell: bash
        run: |
          # 1) Branche orpheline
          git switch --orphan hfdeploy
          git reset

          # 2) Ignore les artefacts ML
          printf "\n# ML artifacts\n*.joblib\n*.pkl\n*.pt\n*.onnx\n" >> .gitignore

          # 3) Retire de l'index si jamais ça match (silencieux sinon)
          git rm -r --cached --ignore-unmatch -- notebook/*.joblib

          # 4) Commit de la snapshot
          git add -A
          git commit -m "Space deploy snapshot ${GITHUB_SHA}"

      - name: Configure Git
        run: |
          git config --global user.email "${HF_GIT_EMAIL}"
          git config --global user.name  "${HF_GIT_NAME}"

      - name: Push to Space
        run: |
          SPACE_URL_AUTH=$(echo "$HF_SPACE_URL" | sed "s#https://#https://user:${HF_TOKEN}@#")
          git remote add space "$SPACE_URL_AUTH" || git remote set-url space "$SPACE_URL_AUTH"
          git push space HEAD:main --force