internetforkids/.gitea/workflows/deploy.yml

name: Build & Deploy
on:
  push:
    branches: [main]
    paths-ignore: ['**.md']
env:
  REGISTRY: gitea.agiliton.internal:3000
  IMAGE: gitea.agiliton.internal:3000/christian/internetforkids
  TARGET_VM: infra.agiliton.internal
  DEPLOY_PATH: /opt/apps/internetforkids
jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh && chmod 700 ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -H ${{ env.TARGET_VM }} >> ~/.ssh/known_hosts 2>/dev/null || true
      - name: Login & Build & Push
        run: |
          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u christian --password-stdin
          DOCKER_BUILDKIT=1 docker build --pull -t ${{ env.IMAGE }}:latest .
          docker push ${{ env.IMAGE }}:latest
      - name: Deploy
        run: |
          ssh root@${{ env.TARGET_VM }} << 'EOF'
          mkdir -p /opt/apps/internetforkids
          cd /opt/apps/internetforkids
          cat > docker-compose.yml << 'COMPOSE'
          services:
            internetforkids:
              image: gitea.agiliton.internal:3000/christian/internetforkids:latest
              container_name: internetforkids
              restart: unless-stopped
              ports:
                - "3006:80"
              labels:
                - "com.centurylinklabs.watchtower.enable=true"
          COMPOSE
          docker pull gitea.agiliton.internal:3000/christian/internetforkids:latest
          docker compose up -d --force-recreate --remove-orphans
          EOF
      - name: Cleanup
        if: always()
        run: docker builder prune -f --filter "until=24h" 2>/dev/null || true