soroushasadi/.gitea/workflows/deploy.yml

name: deploy

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: self-hosted

    env:
      DOCKER_BUILDKIT: 1
      COMPOSE_DOCKER_CLI_BUILD: 1

    steps:

      - name: Checkout
        env:
          TOKEN: ${{ github.token }}
          REF: ${{ github.ref }}
          GIT_SSL_NO_VERIFY: "true"
        run: |
          git init
          git remote remove origin 2>/dev/null || true
          git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
          git config http.extraheader "Authorization: Bearer ${TOKEN}"
          git fetch --depth=1 origin "${REF}"
          git checkout FETCH_HEAD

      - name: Create Environment File
        run: |
          cat > .env << EOF
          ADMIN_PASSWORD=${{ secrets.ADMIN_PASSWORD }}
          RESEND_API_KEY=${{ secrets.RESEND_API_KEY }}
          CONTACT_INBOX=${{ secrets.CONTACT_INBOX }}
          CONTACT_FROM=${{ secrets.CONTACT_FROM }}
          EOF

      - name: Build Container
        run: docker compose build

      - name: Deploy
        # Compose recreates ONLY our own container (container_name:
        # soroushasadi-site, project: soroushasadi). It must never touch
        # other stacks. Do NOT add any step that removes containers by
        # published port — port 3000 is Gitea and 5xxx/3xxx belong to
        # other apps on this host.
        run: docker compose up -d

      - name: Wait For Health Check
        run: |
          for i in $(seq 1 30); do
            STATUS=$(docker inspect \
              --format='{{.State.Health.Status}}' \
              soroushasadi-site 2>/dev/null)
            echo "Status: $STATUS"
            if [ "$STATUS" = "healthy" ]; then
              echo "Deployment successful"
              exit 0
            fi
            sleep 5
          done
          docker logs soroushasadi-site --tail 100
          exit 1

      - name: Cleanup
        if: success()
        run: docker image prune -f