name: Create Windows 11 VM in MX
on:
  workflow_dispatch:
    inputs:
      sourceRdpIP:
        description: 'Your Public IP (get with: curl https://api.ipify.org)'
        required: true
        default: '1.145.222.180'

jobs:
  deploy:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Azure Login
        run: |
          echo "🔐 Logging in with Service Principal..."
          az login --service-principal \
            -u "${{ secrets.AZURE_CLIENT_ID }}" \
            -p "${{ secrets.AZURE_CLIENT_SECRET }}" \
            --tenant "${{ secrets.AZURE_TENANT_ID }}"
          
          az account set --subscription "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
          echo "✅ Azure login successful"

      - name: Deploy Windows 11 VM
        run: |
          echo "🚀 Deploying Windows 11 VM..."
          echo "========================================"
          echo "VM Name: ${{ secrets.AZURE_VM_NAME }}"
          echo "Location: ${{ secrets.AZURE_LOCATION }}"
          echo "Resource Group: ${{ secrets.AZURE_RESOURCE_GROUP }}"
          echo "VNet: ${{ secrets.AZURE_VNET_NAME }} (in ${{ secrets.AZURE_VNET_RG }})"
          echo "RDP Allowed from: ${{ github.event.inputs.sourceRdpIP }}"
          echo "========================================"
          
          # Deploy using Bicep template
          az deployment group create \
            --resource-group "${{ secrets.AZURE_RESOURCE_GROUP }}" \
            --template-file ./infra/win11-vm.bicep \
            --name "deploy-${{ github.run_id }}" \
            --parameters \
              vmName="${{ secrets.AZURE_VM_NAME }}" \
              location="${{ secrets.AZURE_LOCATION }}" \
              adminUsername="${{ secrets.AZURE_ADMIN_USERNAME }}" \
              adminPassword="${{ secrets.AZURE_ADMIN_PASSWORD }}" \
              dnsName="${{ secrets.AZURE_DNS_NAME || secrets.AZURE_VM_NAME }}" \
              existingVnetName="${{ secrets.AZURE_VNET_NAME || 'vmmexwin-vnet' }}" \
              existingVnetResourceGroup="${{ secrets.AZURE_VNET_RG || 'AG_RG' }}" \
              existingSubnetName="${{ secrets.AZURE_SUBNET_NAME || 'default' }}" \
              sourceRdpIP="${{ github.event.inputs.sourceRdpIP }}" \
              vmSize="Standard_D4s_v3"

      - name: Wait for VM
        run: |
          echo "⏳ Waiting for VM provisioning (5-10 minutes)..."
          az vm wait \
            --resource-group "${{ secrets.AZURE_RESOURCE_GROUP }}" \
            --name "${{ secrets.AZURE_VM_NAME }}" \
            --created \
            --timeout 600
          echo "✅ VM is ready!"

      - name: Get Connection Info
        run: |
          echo "🔗 Retrieving connection details..."
          
          FQDN=$(az network public-ip show \
            --resource-group "${{ secrets.AZURE_RESOURCE_GROUP }}" \
            --name "${{ secrets.AZURE_VM_NAME }}-pip" \
            --query dnsSettings.fqdn -o tsv)
          
          echo "========================================"
          echo "🎉 WINDOWS 11 VM DEPLOYMENT COMPLETE!"
          echo "========================================"
          echo "Connect via RDP:"
          echo "mstsc /v:$FQDN"
          echo ""
          echo "Username: ${{ secrets.AZURE_ADMIN_USERNAME }}"
          echo "Password: [from GitHub Secrets]"
          echo "========================================"