From 5d6e7f7a806eb8c648e595d9ac827dc842d70b26 Mon Sep 17 00:00:00 2001
From: Christian Gick <service@agiliton.eu>
Date: Fri, 10 Apr 2026 23:11:19 +0300
Subject: [PATCH] ci: add Gitea Actions build & deploy workflow

Builds on push to main, deploys to infra VM via SSH, health-checks
the /health endpoint after restart.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .gitea/workflows/deploy.yml

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..be40b08
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,34 @@
+name: Build & Deploy
+on:
+  push:
+    branches: [main]
+    paths-ignore: ['**.md', 'docs/**']
+
+env:
+  TARGET_VM: infra.agiliton.internal
+  DEPLOY_PATH: /opt/apps/agiliton-account
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh && chmod 700 ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H ${{ env.TARGET_VM }} >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Build & deploy on infra
+        run: |
+          ssh root@${{ env.TARGET_VM }} << 'EOF'
+          cd /opt/apps/agiliton-account && git pull origin main --ff-only
+          docker compose build --pull
+          docker compose up -d --force-recreate --remove-orphans
+          docker builder prune -f --filter "until=24h" 2>/dev/null || true
+          EOF
+
+      - name: Health check
+        run: |
+          sleep 5
+          curl -sf http://${{ env.TARGET_VM }}:4100/health | grep '"status":"ok"'