From c2eeeafd56806c7aa916e069722a9eef9107d8c7 Mon Sep 17 00:00:00 2001
From: Marc Mintel <marc@mintel.me>
Date: Mon, 26 Jan 2026 01:45:10 +0100
Subject: [PATCH] deploy

---
 .gitea/workflows/deploy.yml | 28 +++++++---------------------
 Dockerfile                  |  6 ++++--
 2 files changed, 11 insertions(+), 23 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 5885e5e6..25e70153 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -26,7 +26,8 @@ jobs:
             --pull \
             --platform linux/arm64 \
             --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
-            --build-arg SENTRY_DSN="${{ secrets.SENTRY_DSN }}" \
+            --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL="${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }}" \
+            --build-arg NEXT_PUBLIC_SENTRY_DSN="${{ secrets.SENTRY_DSN }}" \
             -t registry.infra.mintel.me/mintel/klz-cables.com:latest \
             --push .
 
@@ -44,29 +45,14 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           
           ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
-          chmod 644 ~/.ssh/known_hosts
 
-          # Create .env file for remote deployment
-          echo "NEXT_PUBLIC_UMAMI_WEBSITE_ID=${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" > .env.remote
-          echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env.remote
-          echo "REDIS_URL=${{ secrets.REDIS_URL }}" >> .env.remote
-          echo "REDIS_KEY_PREFIX=${{ secrets.REDIS_KEY_PREFIX }}" >> .env.remote
-
-          # Create remote directory and .env file, then run deployment in a single SSH session
-          # This avoids multiple connections and potential rate limiting/zombie process issues
-          ssh -o StrictHostKeyChecking=accept-new -i ~/.ssh/id_ed25519 deploy@alpha.mintel.me << EOF
-            mkdir -p /home/deploy/sites/klz-cables.com
-            echo "NEXT_PUBLIC_UMAMI_WEBSITE_ID=${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" > /home/deploy/sites/klz-cables.com/.env
-            echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> /home/deploy/sites/klz-cables.com/.env
-            echo "REDIS_URL=${{ secrets.REDIS_URL }}" >> /home/deploy/sites/klz-cables.com/.env
-            echo "REDIS_KEY_PREFIX=${{ secrets.REDIS_KEY_PREFIX }}" >> /home/deploy/sites/klz-cables.com/.env
-            
-            docker login registry.infra.mintel.me \
-              -u "${{ secrets.REGISTRY_USER }}" \
-              -p "${{ secrets.REGISTRY_PASS }}"
+          ssh -o StrictHostKeyChecking=accept-new deploy@alpha.mintel.me << EOF
+            set -e
+            echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me \
+              -u "${{ secrets.REGISTRY_USER }}" --password-stdin
             
             cd /home/deploy/sites/klz-cables.com
             docker compose pull
             docker compose up -d --force-recreate --remove-orphans
             docker image prune -f
-EOF
\ No newline at end of file
+          EOF
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 50455cbf..1cbb576b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,9 +23,11 @@ COPY . .
 ENV NEXT_TELEMETRY_DISABLED 1
 
 ARG NEXT_PUBLIC_UMAMI_WEBSITE_ID
-ARG SENTRY_DSN
+ARG NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ARG NEXT_PUBLIC_SENTRY_DSN
 ENV NEXT_PUBLIC_UMAMI_WEBSITE_ID=$NEXT_PUBLIC_UMAMI_WEBSITE_ID
-ENV SENTRY_DSN=$SENTRY_DSN
+ENV NEXT_PUBLIC_UMAMI_SCRIPT_URL=$NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ENV NEXT_PUBLIC_SENTRY_DSN=$NEXT_PUBLIC_SENTRY_DSN
 
 RUN npm run build