klz-cables.com/.gitea/workflows/deploy.yml

name: Build & Deploy KLZ Cables

on:
  push:
    branches: [main]

jobs:
  build-and-deploy:
    # ────────────────────────────────────────────────
    # WICHTIG: Kein "docker" mehr – sondern eines der neuen Labels
    runs-on: docker

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Login to private registry
        run: |
          echo "${{ secrets.REGISTRY_PASS }}" | \
            docker login registry.infra.mintel.me \
              -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Build Docker image
        run: |
          docker buildx build \
            --pull \
            --platform linux/arm64 \
            --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID="${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" \
            --build-arg SENTRY_DSN="${{ secrets.SENTRY_DSN }}" \
            -t registry.infra.mintel.me/mintel/klz-cables.com:latest \
            --push .

      # Alternative ohne Buildx (wenn du kein Multi-Platform brauchst):
      #   docker build \
      #     --pull \
      #     --build-arg ... \
      #     -t registry.infra.mintel.me/mintel/klz-cables.com:latest .
      #   docker push registry.infra.mintel.me/mintel/klz-cables.com:latest

      - name: Deploy to production server
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          
          ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
          chmod 644 ~/.ssh/known_hosts

          # Create .env file for remote deployment
          echo "NEXT_PUBLIC_UMAMI_WEBSITE_ID=${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }}" > .env.remote
          echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env.remote
          echo "REDIS_URL=${{ secrets.REDIS_URL }}" >> .env.remote
          echo "REDIS_KEY_PREFIX=${{ secrets.REDIS_KEY_PREFIX }}" >> .env.remote

          # Create remote directory if it doesn't exist
          ssh -o StrictHostKeyChecking=accept-new -i ~/.ssh/id_ed25519 deploy@alpha.mintel.me "mkdir -p /home/deploy/sites/klz-cables.com"

          # Copy .env file to remote server using cat over ssh to bypass scp/sftp issues
          cat .env.remote | ssh -o StrictHostKeyChecking=accept-new -i ~/.ssh/id_ed25519 deploy@alpha.mintel.me "cat > /home/deploy/sites/klz-cables.com/.env"

          ssh -o StrictHostKeyChecking=accept-new -i ~/.ssh/id_ed25519 deploy@alpha.mintel.me << 'EOF'
            docker login registry.infra.mintel.me \
              -u "${{ secrets.REGISTRY_USER }}" \
              -p "${{ secrets.REGISTRY_PASS }}"
            
            cd /home/deploy/sites/klz-cables.com
            docker compose pull
            docker compose up -d --force-recreate --remove-orphans
            docker image prune -f
          EOF