From 874ed70d6680c05fcfb90c78a16d232655a9d90a Mon Sep 17 00:00:00 2001
From: Christian Gick <service@agiliton.eu>
Date: Fri, 27 Mar 2026 10:12:54 +0200
Subject: [PATCH] feat: Add Gitea Actions deploy workflow (CF-2646)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .gitea/workflows/deploy.yml

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..6cc9b08
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,36 @@
+name: Build & Deploy
+on:
+  push:
+    branches: [main]
+    paths-ignore: ['**.md', 'docs/**']
+env:
+  REGISTRY: gitea.agiliton.internal:3000
+  IMAGE: gitea.agiliton.internal:3000/christian/matrix-ai-agent
+  TARGET_VM: matrix.agiliton.internal
+  DEPLOY_PATH: /opt/matrix-ai-agent
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh && chmod 700 ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H ${{ env.TARGET_VM }} >> ~/.ssh/known_hosts 2>/dev/null || true
+      - name: Login & Build & Push
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u christian --password-stdin
+          DOCKER_BUILDKIT=1 docker build --pull -t ${{ env.IMAGE }}:latest .
+          docker push ${{ env.IMAGE }}:latest
+      - name: Deploy
+        run: |
+          ssh root@${{ env.TARGET_VM }} << 'EOF'
+          cd ${{ env.DEPLOY_PATH }} && git pull origin main --ff-only 2>/dev/null || true
+          docker pull ${{ env.IMAGE }}:latest
+          docker compose up -d --force-recreate --remove-orphans
+          EOF
+      - name: Cleanup
+        if: always()
+        run: docker builder prune -f --filter "until=24h" 2>/dev/null || true