# .gitea/workflows/deploy.yml # Triggered on push to main. # Uses no external actions — all steps are plain shell commands. # # Required Gitea secrets (Settings → Secrets → Actions): # DEPLOY_HOST — droplet IP or hostname # DEPLOY_USER — SSH user (e.g. root) # DEPLOY_SSH_KEY — private key (contents of ~/.ssh/deploy_key) # DEPLOY_PORT — SSH port (usually 22) name: Deploy on: push: branches: - main jobs: # ── Stage 1: CI ───────────────────────────────────────────────────────────── build: name: Check & Build runs-on: ubuntu-latest steps: - name: Checkout run: | git clone ${{ gitea.server_url }}/${{ gitea.repository }}.git . git checkout ${{ gitea.sha }} - name: Verify Node.js run: node --version && npm --version - name: Install dependencies run: npm ci - name: JS syntax check run: | find src -name "*.js" | xargs -I{} node --check {} echo "✓ JS syntax OK" - name: Svelte check run: npx svelte-check 2>&1 | tail -10 - name: Build run: npm run build env: DATABASE_URL: ./dummy.db RATE_LIMIT_PUBLISH: '5' RATE_LIMIT_READ: '100' PUBLIC_BASE_URL: 'https://example.com' # ── Stage 2: Deploy ────────────────────────────────────────────────────────── deploy: name: Deploy to Production runs-on: ubuntu-latest needs: build steps: - name: Deploy via SSH run: | # Write the private key to a temp file mkdir -p ~/.ssh echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key chmod 600 ~/.ssh/deploy_key # Disable strict host checking so first connection doesn't hang echo "StrictHostKeyChecking no" >> ~/.ssh/config # SSH in and run the redeploy script ssh -i ~/.ssh/deploy_key \ -p ${{ secrets.DEPLOY_PORT }} \ ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \ "bash /opt/etc-prs/app/scripts/redeploy.sh" # Clean up rm -f ~/.ssh/deploy_key