name: Host Maintenance

on:
  schedule:
    - cron: "0 3 * * *"   # täglich 03:00
  workflow_dispatch:      # manuell startbar

jobs:
  maintenance:
    name: Update host system
    runs-on: host   # MUSS exakt zum Runner-Label passen

    steps:
      # --- Debug / Sicherheit ---
      - name: Show workflow context
        run: |
          echo "Branch:   $GITEA_REF_NAME"
          echo "Commit:   $GITEA_SHA"
          echo "Runner:   $(hostname)"
          echo "User:     $(whoami)"
          echo "Date:     $(date)"
          echo "Kernel:   $(uname -a)"

      # --- Sicherheitsbremse ---
      - name: Ensure correct branch
        run: |
          if [ "$GITEA_REF_NAME" != "main" ]; then
            echo "❌ This workflow must run on main only"
            exit 1
          fi

      # --- System Update ---
      - name: Update packages
        run: |
          sudo apt update
          sudo apt -y upgrade

      # --- Optional: Aufräumen ---
      - name: Cleanup
        run: |
          sudo apt -y autoremove
          sudo apt -y autoclean