From f2366b5a38e356a8ab9a5e7cba0a8c505abdecd2 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Thu, 5 Feb 2026 14:19:57 +0100 Subject: [PATCH] fix(ci): refactor SSH deployment to manual ssh/scp (aligned with klz-2026) --- .gitea/workflows/deploy.yml | 71 ++++++++++++++++++++++--------------- 1 file changed, 43 insertions(+), 28 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 111f81d..59a5d9a 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -157,42 +157,57 @@ jobs: container: image: catthehacker/ubuntu:act-latest steps: - - name: 🚀 Deploy via SSH - uses: appleboy/ssh-action@master + - name: Checkout repository + uses: actions/checkout@v4 with: - host: ${{ secrets.SSH_HOST }} - username: root - key: ${{ secrets.SSH_PRIVATE_KEY }} - script: | + fetch-depth: 1 + + - name: 🚀 Deploy via SSH + shell: bash + run: | + echo "Deploying to alpha.mintel.me" + + mkdir -p ~/.ssh + echo "${{ secrets.ALPHA_SSH_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null + + # Generate Environment File + cat > .env.deploy << EOF + IMAGE_TAG=${{ needs.prepare.outputs.image_tag }} + TRAEFIK_HOST=${{ needs.prepare.outputs.traefik_host }} + PROJECT_NAME=${{ needs.prepare.outputs.project_name }} + NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }} + + # Directus + DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} + DIRECTUS_HOST=${{ needs.prepare.outputs.directus_host }} + DIRECTUS_API_TOKEN=${{ secrets.DIRECTUS_API_TOKEN }} + DIRECTUS_ADMIN_EMAIL=${{ secrets.DIRECTUS_ADMIN_EMAIL || 'admin@mintel.me' }} + DIRECTUS_ADMIN_PASSWORD=${{ secrets.DIRECTUS_ADMIN_PASSWORD }} + DIRECTUS_DB_NAME=${{ secrets.DIRECTUS_DB_NAME || 'directus' }} + DIRECTUS_DB_USER=${{ secrets.DIRECTUS_DB_USER || 'directus' }} + DIRECTUS_DB_PASSWORD=${{ secrets.DIRECTUS_DB_PASSWORD }} + DIRECTUS_KEY=${{ secrets.DIRECTUS_KEY }} + DIRECTUS_SECRET=${{ secrets.DIRECTUS_SECRET }} + EOF + + APP_DIR="/home/deploy/sites/mb-grid-solutions.com" + ssh -o StrictHostKeyChecking=accept-new root@alpha.mintel.me "mkdir -p $APP_DIR" + + scp -o StrictHostKeyChecking=accept-new .env.deploy root@alpha.mintel.me:$APP_DIR/${{ needs.prepare.outputs.env_file }} + scp -o StrictHostKeyChecking=accept-new docker-compose.yml root@alpha.mintel.me:$APP_DIR/docker-compose.yml + + ssh -o StrictHostKeyChecking=accept-new root@alpha.mintel.me bash << 'EOF' + set -e APP_DIR="/home/deploy/sites/mb-grid-solutions.com" - mkdir -p $APP_DIR cd $APP_DIR - # Update Environment - cat > ${{ needs.prepare.outputs.env_file }} << EOF - IMAGE_TAG=${{ needs.prepare.outputs.image_tag }} - TRAEFIK_HOST=${{ needs.prepare.outputs.traefik_host }} - PROJECT_NAME=${{ needs.prepare.outputs.project_name }} - NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }} - - # Directus - DIRECTUS_URL=${{ needs.prepare.outputs.directus_url }} - DIRECTUS_HOST=${{ needs.prepare.outputs.directus_host }} - DIRECTUS_API_TOKEN=${{ secrets.DIRECTUS_API_TOKEN }} - DIRECTUS_ADMIN_EMAIL=${{ secrets.DIRECTUS_ADMIN_EMAIL || 'admin@mintel.me' }} - DIRECTUS_ADMIN_PASSWORD=${{ secrets.DIRECTUS_ADMIN_PASSWORD }} - DIRECTUS_DB_NAME=${{ secrets.DIRECTUS_DB_NAME || 'directus' }} - DIRECTUS_DB_USER=${{ secrets.DIRECTUS_DB_USER || 'directus' }} - DIRECTUS_DB_PASSWORD=${{ secrets.DIRECTUS_DB_PASSWORD }} - DIRECTUS_KEY=${{ secrets.DIRECTUS_KEY }} - DIRECTUS_SECRET=${{ secrets.DIRECTUS_SECRET }} - EOF - - # Sync docker-compose echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin docker compose -p "${{ needs.prepare.outputs.project_name }}" --env-file ${{ needs.prepare.outputs.env_file }} pull docker compose -p "${{ needs.prepare.outputs.project_name }}" --env-file ${{ needs.prepare.outputs.env_file }} up -d --remove-orphans docker system prune -f --filter "until=24h" + EOF notifications: name: 🔔 Notifications