From 61cbbc784476b5b2e6398a592febe3171af51357 Mon Sep 17 00:00:00 2001
From: Christian Gick <service@agiliton.eu>
Date: Thu, 2 Apr 2026 19:20:54 +0300
Subject: [PATCH] ci: add Gitea Actions workflow for auto build+deploy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Docker build on push to main, deploy to infra VM on port 3006.
Gateway nginx updated to proxy internetforkids.ong → infra:3006.

IFK-6

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 50 +++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 .gitea/workflows/deploy.yml

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..72d6a27
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,50 @@
+name: Build & Deploy
+on:
+  push:
+    branches: [main]
+    paths-ignore: ['**.md']
+env:
+  REGISTRY: gitea.agiliton.internal:3000
+  IMAGE: gitea.agiliton.internal:3000/christian/internetforkids
+  TARGET_VM: infra.agiliton.internal
+  DEPLOY_PATH: /opt/apps/internetforkids
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh && chmod 700 ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H ${{ env.TARGET_VM }} >> ~/.ssh/known_hosts 2>/dev/null || true
+      - name: Login & Build & Push
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u christian --password-stdin
+          DOCKER_BUILDKIT=1 docker build --pull -t ${{ env.IMAGE }}:latest .
+          docker push ${{ env.IMAGE }}:latest
+      - name: Deploy
+        run: |
+          ssh root@${{ env.TARGET_VM }} << 'EOF'
+          mkdir -p /opt/apps/internetforkids
+          cd /opt/apps/internetforkids
+          cat > docker-compose.yml << 'COMPOSE'
+          services:
+            internetforkids:
+              image: gitea.agiliton.internal:3000/christian/internetforkids:latest
+              container_name: internetforkids
+              restart: unless-stopped
+              ports:
+                - "3006:80"
+              labels:
+                - "com.centurylinklabs.watchtower.enable=true"
+          COMPOSE
+          docker pull gitea.agiliton.internal:3000/christian/internetforkids:latest
+          docker compose up -d --force-recreate --remove-orphans
+          EOF
+      - name: Cleanup
+        if: always()
+        run: docker builder prune -f --filter "until=24h" 2>/dev/null || true