deploy:
  rules: !reference [.rules:release, rules]
  stage: deploy
  image: debian:${DEBIAN_VERSION}-slim
  id_tokens:
    TBOT_GITLAB_JWT:
      aud: tp.unjx.de
  script:
    - apt-get update && apt-get install curl -y
    - cd /tmp
    - 'curl -O https://cdn.teleport.dev/teleport-v${TELEPORT_VERSION}-linux-amd64-bin.tar.gz'
    - tar -xvf teleport-v${TELEPORT_VERSION}-linux-amd64-bin.tar.gz
    - ./teleport/install
    - 'tbot start --token=gitlab --destination-dir=/tmp/tbot-user --data-dir=/tmp/tbot-data --auth-server=tp.unjx.de:443 --join-method=gitlab --oneshot'
    - 'tsh -i /tmp/tbot-user/identity --proxy tp.unjx.de:443 ssh gitlab@berg "docker compose -f /opt/docker/helper/compose.yml up home -d --pull always"'
    - 'tsh -i /tmp/tbot-user/identity --proxy tp.unjx.de:443 ssh gitlab@berg "docker system prune --force"'
  environment:
    name: production
    url: $PRODUCTION_URL