matrix-ai-agent/.gitea/workflows/deploy.yml

name: Build & Deploy
on:
  push:
    branches: [main]
    paths-ignore: ['**.md', 'docs/**']
env:
  REGISTRY: gitea.agiliton.internal:3000
  IMAGE: gitea.agiliton.internal:3000/christian/matrix-ai-agent
  TARGET_VM: matrix.agiliton.internal
  DEPLOY_PATH: /opt/matrix-ai-agent
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - name: Install dependencies
        run: pip install -r requirements.txt -r requirements-test.txt
      - name: Run tests
        env:
          MATRIX_HOMESERVER: https://test.local
          MATRIX_BOT_USER: "@test:test.local"
          MATRIX_BOT_PASSWORD: test
          LIVEKIT_URL: wss://test.local
          LIVEKIT_API_KEY: test
          LIVEKIT_API_SECRET: test
        run: pytest tests/ -v --cov=device_trust --cov-report=term
  build-and-deploy:
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh && chmod 700 ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -p 2222 gitea-ssh.agiliton.internal >> ~/.ssh/known_hosts 2>/dev/null || true
          ssh-keyscan -H ${{ env.TARGET_VM }} >> ~/.ssh/known_hosts 2>/dev/null || true
      - uses: actions/checkout@v4
        with:
          submodules: true
      - name: Login & Build & Push
        run: |
          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u christian --password-stdin
          DOCKER_BUILDKIT=1 docker build --pull -t ${{ env.IMAGE }}:latest .
          docker push ${{ env.IMAGE }}:latest
      - name: Deploy
        run: |
          ssh root@${{ env.TARGET_VM }} << 'EOF'
          cd ${{ env.DEPLOY_PATH }} && git pull origin main --ff-only 2>/dev/null || true
          docker pull ${{ env.IMAGE }}:latest
          docker compose up -d --force-recreate --remove-orphans
          EOF
      - name: Smoke test
        run: |
          ssh root@${{ env.TARGET_VM }} << 'EOF'
          sleep 15
          docker exec matrix-ai-agent-bot-1 python3 -c "
          from bot import BOT_USER
          print(f'Bot user: {BOT_USER}')
          print('Smoke test passed')
          " || exit 1
          EOF
      - name: Cleanup
        if: always()
        run: docker builder prune -f --filter "until=24h" 2>/dev/null || true