add deploy actions

2026-03-18 04:42:25 -06:00
parent c3d9c52129
commit 5db9a81355
3 changed files with 270 additions and 0 deletions
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,89 @@
+# .gitea/workflows/deploy.yml
+# Triggered on push to main.
+# Runs the full CI suite first, then deploys to the production droplet.
+#
+# Required Gitea secrets (Settings → Secrets):
+#   DEPLOY_HOST       — droplet IP or hostname (e.g. 192.168.1.1)
+#   DEPLOY_USER       — SSH user (e.g. root)
+#   DEPLOY_SSH_KEY    — private key contents (the output of: cat ~/.ssh/deploy_key)
+#   DEPLOY_PORT       — SSH port (usually 22)
+
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  # ── Stage 1: CI ─────────────────────────────────────────────────────────────
+  build:
+    name: Check & Build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: JS syntax check
+        run: |
+          find src -name "*.js" | xargs -I{} node --check {}
+          echo "✓ JS syntax OK"
+
+      - name: Svelte check
+        run: npx svelte-check --tsconfig ./jsconfig.json 2>&1 | tail -5
+
+      - name: Build
+        run: npm run build
+        env:
+          DATABASE_URL: ./dummy.db
+          RATE_LIMIT_PUBLISH: '5'
+          RATE_LIMIT_READ: '100'
+          PUBLIC_BASE_URL: 'https://example.com'
+
+  # ── Stage 2: Deploy ──────────────────────────────────────────────────────────
+  deploy:
+    name: Deploy to Production
+    runs-on: ubuntu-latest
+    needs: build   # only runs if build job passes
+
+    steps:
+      - name: Deploy via SSH
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host:     ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USER }}
+          key:      ${{ secrets.DEPLOY_SSH_KEY }}
+          port:     ${{ secrets.DEPLOY_PORT }}
+          script: |
+            set -e
+
+            APP_DIR=/opt/etc-prs/app
+            APP_USER=prs
+
+            echo "▸ Pulling latest code…"
+            cd "$APP_DIR"
+            git pull
+
+            echo "▸ Installing dependencies…"
+            npm install --quiet
+
+            echo "▸ Building…"
+            npm run build
+
+            echo "▸ Fixing ownership…"
+            chown -R "${APP_USER}:${APP_USER}" "$APP_DIR"
+
+            echo "▸ Reloading PM2…"
+            pm2 reload etc-prs
+
+            echo "✓ Deploy complete"