diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..1eabf35 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,55 @@ +name: Deploy miriamgemeinde + +on: + push: + branches: + - main + +jobs: + deploy: + runs-on: ubuntu-latest + + env: + SSH_HOST: ${{ vars.PROD_HOST }} + SSH_PORT: ${{ vars.PROD_PORT }} + SSH_USER: ${{ vars.PROD_USER }} + + steps: + - name: Show resolved non-secret config + run: | + echo "SSH_HOST=$SSH_HOST" + echo "SSH_PORT=$SSH_PORT" + echo "SSH_USER=$SSH_USER" + + - name: Prepare SSH + run: | + set -e + mkdir -p ~/.ssh + printf '%s' "${{ secrets.PROD_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_deploy + chmod 600 ~/.ssh/id_deploy + ssh-keygen -l -f ~/.ssh/id_deploy + ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts + + - name: Test SSH connection + run: | + set -e + ssh -i ~/.ssh/id_deploy \ + -o StrictHostKeyChecking=no \ + -o BatchMode=yes \ + -o ConnectTimeout=10 \ + -p "$SSH_PORT" \ + "$SSH_USER@$SSH_HOST" \ + "echo SSH OK" + + # If you need server-side preparation (e.g. ensure /var/... exists/permissions), + # add it in the remote command before running the update script. + - name: Run deployment script + run: | + set -e + ssh -i ~/.ssh/id_deploy \ + -o StrictHostKeyChecking=no \ + -o BatchMode=yes \ + -o ConnectTimeout=10 \ + -p "$SSH_PORT" \ + "$SSH_USER@$SSH_HOST" \ + "bash -lc 'set -euo pipefail; TS=\$(date +\"%Y-%m-%d_%H%M%S\"); SRC=\"/var/www/miriamgemeinde/public/images\"; DEST_BASE=\"/home/torsten/miriamgemeinde/backup/\$TS\"; mkdir -p \"\$DEST_BASE\"; if [ -d \"\$SRC\" ]; then cp -a \"\$SRC\" \"\$DEST_BASE/\"; echo \"Backed up \$SRC -> \$DEST_BASE/images\"; else echo \"WARN: \$SRC does not exist; skipping backup\"; fi; /home/torsten/update-miriamgemeinde.sh'" diff --git a/.gitignore b/.gitignore index c6d04ad..e0d383e 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ public/**/*.map public/images/uploads/ actualize.sh files/uploads/GD 24.08.2025-04.01.2026 Stand 12.08.2025.docx +.codex