# .gitea/workflows/deploy.yml # Triggered on push to main. # Runs the full CI suite first, then deploys to the production droplet. # # Required Gitea secrets (Settings → Secrets): # DEPLOY_HOST — droplet IP or hostname (e.g. 192.168.1.1) # DEPLOY_USER — SSH user (e.g. root) # DEPLOY_SSH_KEY — private key contents (the output of: cat ~/.ssh/deploy_key) # DEPLOY_PORT — SSH port (usually 22) name: Deploy on: push: branches: - main jobs: # ── Stage 1: CI ───────────────────────────────────────────────────────────── build: name: Check & Build runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' cache: 'npm' - name: Install dependencies run: npm ci - name: JS syntax check run: | find src -name "*.js" | xargs -I{} node --check {} echo "✓ JS syntax OK" - name: Svelte check run: npx svelte-check --tsconfig ./jsconfig.json 2>&1 | tail -5 - name: Build run: npm run build env: DATABASE_URL: ./dummy.db RATE_LIMIT_PUBLISH: '5' RATE_LIMIT_READ: '100' PUBLIC_BASE_URL: 'https://example.com' # ── Stage 2: Deploy ────────────────────────────────────────────────────────── deploy: name: Deploy to Production runs-on: ubuntu-latest needs: build # only runs if build job passes steps: - name: Deploy via SSH uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.DEPLOY_HOST }} username: ${{ secrets.DEPLOY_USER }} key: ${{ secrets.DEPLOY_SSH_KEY }} port: ${{ secrets.DEPLOY_PORT }} script: | set -e APP_DIR=/opt/etc-prs/app APP_USER=prs echo "▸ Pulling latest code…" cd "$APP_DIR" git pull echo "▸ Installing dependencies…" npm install --quiet echo "▸ Building…" npm run build echo "▸ Fixing ownership…" chown -R "${APP_USER}:${APP_USER}" "$APP_DIR" echo "▸ Reloading PM2…" pm2 reload etc-prs echo "✓ Deploy complete"