# Add this at the end of the file, replacing the deploy-swarm section

  deploy-swarm:
    image: alpine:3
    environment:
      SSH_PRIVATE_KEY:
        from_secret: ssh_private_key
      SSH_KNOWN_HOSTS:
        from_secret: ssh_known_hosts
      PORTAINER_URL:
        from_secret: portainer_url
      PORTAINER_API_KEY:
        from_secret: portainer_api_key
    commands:
      - apk add --no-cache curl
      - |
        set -e
        echo "🚀 Deploying via Portainer API..."
        
        # Redeploy mosaic-stack (ID 121)
        curl -sk -X POST \
          -H "X-API-Key: $PORTAINER_API_KEY" \
          "$PORTAINER_URL/api/stacks/121/git/redeploy" \
          -H "Content-Type: application/json" \
          -d '{"prune": false}' || \
        
        # Fallback: Force service updates via SSH
        echo "Trying SSH fallback..."
        apk add --no-cache openssh-client
        mkdir -p ~/.ssh
        echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
        chmod 600 ~/.ssh/known_hosts
        echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519
        
        ssh -o StrictHostKeyChecking=no localadmin@10.1.1.45 \
          "docker service update --force mosaic_api && \
           docker service update --force mosaic_web && \
           docker service update --force mosaic_orchestrator && \
           docker service update --force mosaic_coordinator && \
           echo '✅ Services updated'"
    when:
      - branch: [main]
        event: [push, manual, tag]
    depends_on:
      - link-packages