fix(ci): consolidate deploy SSH into single multiplexed session to avoid rate limiting

.gitea/workflows/deploy.yml

@@ -348,6 +348,16 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
           ssh-keyscan -H alpha.mintel.me >> ~/.ssh/known_hosts 2>/dev/null
 
+          # SSH multiplexing: reuse a single connection for all commands
+          cat >> ~/.ssh/config <<SSHEOF
+          Host alpha.mintel.me
+            ControlMaster auto
+            ControlPath /tmp/ssh-%r@%h:%p
+            ControlPersist 120
+            ServerAliveInterval 15
+            ServerAliveCountMax 3
+          SSHEOF
+
           if [[ "$TARGET" == "production" ]]; then
             SITE_DIR="/home/deploy/sites/mintel.me"
           elif [[ "$TARGET" == "testing" ]]; then
@@ -358,23 +368,31 @@ jobs:
             SITE_DIR="/home/deploy/sites/branch.mintel.me/${SLUG:-unknown}"
           fi
 
+          # Open persistent connection
+          ssh -fN root@alpha.mintel.me
+
+          # Upload files (reuses existing connection)
           ssh root@alpha.mintel.me "mkdir -p $SITE_DIR/directus/schema $SITE_DIR/directus/uploads $SITE_DIR/directus/extensions"
           scp .env.deploy root@alpha.mintel.me:$SITE_DIR/$ENV_FILE
           scp docker-compose.yml root@alpha.mintel.me:$SITE_DIR/docker-compose.yml
 
-          ssh root@alpha.mintel.me "docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true"
-          ssh root@alpha.mintel.me "docker volume create 'mintel-me_payload-db-data' || true"
-
-          ssh root@alpha.mintel.me "cd $SITE_DIR && echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin"
-          ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull"
-          ssh root@alpha.mintel.me "cd $SITE_DIR && docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans"
-
-          # Migration Sanitization
+          # Deploy (single SSH session for all docker commands)
           DB_CONTAINER="${{ needs.prepare.outputs.project_name }}-postgres-db-1"
+          ssh root@alpha.mintel.me bash <<DEPLOYEOF
+          set -e
+          docker network create '${{ needs.prepare.outputs.project_name }}-internal' || true
+          docker volume create 'mintel-me_payload-db-data' || true
+          echo '${{ secrets.REGISTRY_PASS }}' | docker login registry.infra.mintel.me -u '${{ secrets.REGISTRY_USER }}' --password-stdin
+          cd $SITE_DIR
+          docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' pull
+          docker compose -p '${{ needs.prepare.outputs.project_name }}' --env-file '$ENV_FILE' up -d --remove-orphans
           echo "🔧 Sanitizing payload_migrations table..."
-          ssh root@alpha.mintel.me "docker exec $DB_CONTAINER psql -U $postgres_DB_USER -d $postgres_DB_NAME -c \"DELETE FROM payload_migrations WHERE batch = -1;\" 2>/dev/null || true"
+          docker exec $DB_CONTAINER psql -U $postgres_DB_USER -d $postgres_DB_NAME -c "DELETE FROM payload_migrations WHERE batch = -1;" 2>/dev/null || true
+          docker system prune -f --filter 'until=24h'
+          DEPLOYEOF
 
-          ssh root@alpha.mintel.me "docker system prune -f --filter 'until=24h'"
+          # Cleanup multiplexed connection
+          ssh -O exit root@alpha.mintel.me 2>/dev/null || true
 
       - name: 🧹 Post-Deploy Cleanup (Runner)
         if: always()