name: Build & Deploy KLZ Cables on: push: branches: [main] jobs: build-and-deploy: # ──────────────────────────────────────────────── # WICHTIG: Kein "docker" mehr – sondern eines der neuen Labels runs-on: docker steps: - name: Checkout repository uses: actions/checkout@v4 - name: Login to private registry run: | echo "${{ secrets.REGISTRY_PASS }}" | \ docker login registry.infra.mintel.me \ -u "${{ secrets.REGISTRY_USER }}" --password-stdin - name: Build Docker image run: | docker buildx build \ --pull \ --platform linux/arm64 \ --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \ --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL="${{ secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL }}" \ --build-arg NEXT_PUBLIC_SENTRY_DSN="${{ secrets.SENTRY_DSN }}" \ -t registry.infra.mintel.me/mintel/klz-cables.com:latest \ --push . # Alternative ohne Buildx (wenn du kein Multi-Platform brauchst): # docker build \ # --pull \ # --build-arg ... \ # -t registry.infra.mintel.me/mintel/klz-cables.com:latest . # docker push registry.infra.mintel.me/mintel/klz-cables.com:latest - name: Deploy to production server run: | mkdir -p ~/.ssh echo "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null ssh -o StrictHostKeyChecking=accept-new deploy@alpha.mintel.me << 'EOF' docker login registry.infra.mintel.me \ -u "${{ secrets.REGISTRY_USER }}" \ -p "${{ secrets.REGISTRY_PASS }}" cd /home/deploy/sites/klz-cables.com docker compose pull docker compose up -d --force-recreate --remove-orphans docker image prune -f EOF