# .gitea/workflows/deploy.yml # Triggered on push to main. # Runs CI checks first, then deploys to production. # # Required Gitea secrets (Settings → Secrets → Actions): # DEPLOY_HOST — droplet IP or hostname # DEPLOY_USER — SSH user (e.g. root) # DEPLOY_SSH_KEY — private key (contents of ~/.ssh/deploy_key) # DEPLOY_PORT — SSH port (usually 22) name: Deploy on: push: branches: - main jobs: # ── Stage 1: CI ───────────────────────────────────────────────────────────── build: name: Check & Build runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Verify Node.js run: node --version && npm --version - name: Install dependencies run: npm ci - name: JS syntax check run: | find src -name "*.js" | xargs -I{} node --check {} echo "✓ JS syntax OK" - name: Svelte check run: npx svelte-check 2>&1 | tail -10 - name: Build run: npm run build env: DATABASE_URL: ./dummy.db RATE_LIMIT_PUBLISH: '5' RATE_LIMIT_READ: '100' PUBLIC_BASE_URL: 'https://example.com' # ── Stage 2: Deploy ────────────────────────────────────────────────────────── deploy: name: Deploy to Production runs-on: ubuntu-latest needs: build steps: - name: Deploy via SSH uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.DEPLOY_HOST }} username: ${{ secrets.DEPLOY_USER }} key: ${{ secrets.DEPLOY_SSH_KEY }} port: ${{ secrets.DEPLOY_PORT }} script: | set -e APP_DIR=/opt/etc-prs/app APP_USER=prs echo "▸ Pulling latest code…" cd "$APP_DIR" && git pull echo "▸ Installing dependencies…" npm install --quiet echo "▸ Building…" npm run build echo "▸ Fixing ownership…" chown -R "${APP_USER}:${APP_USER}" "$APP_DIR" echo "▸ Reloading PM2…" pm2 reload etc-prs echo "✓ Deploy complete"