deploy

.gitea/workflows/deploy.yml

@@ -5,39 +5,55 @@ on:
     branches: [main]
 
 jobs:
-  deploy:
-    runs-on: docker
+  build-and-deploy:
+    # ────────────────────────────────────────────────
+    # WICHTIG: Kein "docker" mehr – sondern eines der neuen Labels
+    runs-on: ubuntu-22.04
+    # Alternativen: ubuntu-latest, node:20, node:18
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: Login registry
+      - name: Login to private registry
         run: |
           echo "${{ secrets.REGISTRY_PASS }}" | \
-          docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+            docker login registry.infra.mintel.me \
+              -u "${{ secrets.REGISTRY_USER }}" --password-stdin
 
-      - name: Build image
+      - name: Build Docker image
         run: |
-          docker build \
+          docker buildx create --use --driver docker-container || true
+          docker buildx build \
             --pull \
-            --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID=${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} \
-            --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL=${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }} \
-            --build-arg NEXT_PUBLIC_SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
-            -t registry.infra.mintel.me/mintel/klz-cables.com:latest .
+            --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
+            --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL="${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }}" \
+            --build-arg NEXT_PUBLIC_SENTRY_DSN="${{ secrets.SENTRY_DSN }}" \
+            -t registry.infra.mintel.me/mintel/klz-cables.com:latest \
+            --push .
 
-      - name: Push image
-        run: |
-          docker push registry.infra.mintel.me/mintel/klz-cables.com:latest
+      # Alternative ohne Buildx (wenn du kein Multi-Platform brauchst):
+      #   docker build \
+      #     --pull \
+      #     --build-arg ... \
+      #     -t registry.infra.mintel.me/mintel/klz-cables.com:latest .
+      #   docker push registry.infra.mintel.me/mintel/klz-cables.com:latest
 
-      - name: Deploy
+      - name: Deploy to production server
         run: |
           mkdir -p ~/.ssh
-          printf "%s\n" "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519
+          echo "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519
           chmod 600 ~/.ssh/id_ed25519
-          ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts
+          
+          ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
 
-          ssh deploy@alpha.mintel.me '
-            docker pull registry.infra.mintel.me/mintel/klz-cables.com:latest
+          ssh -o StrictHostKeyChecking=accept-new deploy@alpha.mintel.me << 'EOF'
+            docker login registry.infra.mintel.me \
+              -u "${{ secrets.REGISTRY_USER }}" \
+              -p "${{ secrets.REGISTRY_PASS }}"
+            
             cd /home/deploy/sites/klz-cables.com
-            docker compose up -d --force-recreate
-          '
+            docker compose pull
+            docker compose up -d --force-recreate --remove-orphans
+            docker image prune -f
+          EOF