From 510cfd39f96b17da328cdc41a9c1b419902302df Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Wed, 15 Apr 2026 21:30:09 +0200 Subject: [PATCH] Update code-analysis workflow to include production deployment steps and rename workflow for clarity. Add SSH setup and connection testing for secure deployment to production environment. --- .gitea/workflows/code-analysis.yml | 33 +++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/code-analysis.yml b/.gitea/workflows/code-analysis.yml index bbbe5cf..f3fe56c 100644 --- a/.gitea/workflows/code-analysis.yml +++ b/.gitea/workflows/code-analysis.yml @@ -1,4 +1,4 @@ -name: Code Analysis (JS/Vue) +name: Code Analysis and Production Deploy on: pull_request: @@ -88,3 +88,34 @@ jobs: ./osv-scanner --version test -f ./package-lock.json ./osv-scanner --lockfile ./package-lock.json + + deploy-production: + runs-on: ubuntu-latest + needs: analyze + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + steps: + - name: Prepare SSH + run: | + set -euo pipefail + + mkdir -p ~/.ssh + printf "%s" "${{ secrets.PROD_SSH_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan -p "${{ secrets.PROD_PORT }}" "${{ secrets.PROD_HOST }}" >> ~/.ssh/known_hosts + + - name: Test SSH connection + run: | + ssh -i ~/.ssh/id_ed25519 \ + -o StrictHostKeyChecking=no \ + -o BatchMode=yes \ + -p "${{ secrets.PROD_PORT }}" \ + "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ + "echo SSH OK" + + - name: Run production deployment script + run: | + ssh -i ~/.ssh/id_ed25519 \ + -o BatchMode=yes \ + -p "${{ secrets.PROD_PORT }}" \ + "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ + "bash -lc 'cd /var/www/harheimertc && ./deploy-production.sh'"