From 9b3898e43c52560c7e7ca2f3a2dfbe4b82f2a78c Mon Sep 17 00:00:00 2001
From: "Torsten Schulz (local)" <tsschulz@gmx.net>
Date: Tue, 31 Mar 2026 10:14:09 +0200
Subject: [PATCH] refactor(deploy): update deployment workflow for production

- Renamed workflow from "Deploy yourpart (blue-green)" to "Deploy to production" for clarity.
- Removed environment variables for SSH configuration and replaced them with direct references to secrets for improved security.
- Updated SSH connection and deployment script steps to utilize secrets for host, port, and user, enhancing the deployment process.
---
 .gitea/workflows/deploy.yml | 32 +++++++-------------------------
 1 file changed, 7 insertions(+), 25 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index f3f4db0..c659f9f 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1,4 +1,4 @@
-name: Deploy yourpart (blue-green)
+name: Deploy to production
 
 on:
   push:
@@ -9,44 +9,26 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
 
-    env:
-      SSH_HOST: ${{ vars.PROD_HOST }}
-      SSH_PORT: ${{ vars.PROD_PORT }}
-      SSH_USER: ${{ vars.PROD_USER }}
-
     steps:
-      - name: Show resolved non-secret config
-        run: |
-          echo "SSH_HOST=$SSH_HOST"
-          echo "SSH_PORT=$SSH_PORT"
-          echo "SSH_USER=$SSH_USER"
-
       - name: Prepare SSH
         run: |
-          set -e
           mkdir -p ~/.ssh
           printf "%s" "${{ secrets.PROD_SSH_KEY }}" > ~/.ssh/id_ed25519
           chmod 600 ~/.ssh/id_ed25519
-          ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts
+          ssh-keyscan -p "${{ secrets.PROD_PORT }}" "${{ secrets.PROD_HOST }}" >> ~/.ssh/known_hosts
 
       - name: Test SSH connection
         run: |
-          set -e
           ssh -i ~/.ssh/id_ed25519 \
             -o StrictHostKeyChecking=no \
             -o BatchMode=yes \
-            -o ConnectTimeout=10 \
-            -p "$SSH_PORT" \
-            "$SSH_USER@$SSH_HOST" \
+            -p "${{ secrets.PROD_PORT }}" \
+            "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \
             "echo SSH OK"
 
-      - name: Run blue-green deployment
+      - name: Run deployment script
         run: |
-          set -e
           ssh -i ~/.ssh/id_ed25519 \
-            -o StrictHostKeyChecking=no \
-            -o BatchMode=yes \
-            -o ConnectTimeout=10 \
-            -p "$SSH_PORT" \
-            "$SSH_USER@$SSH_HOST" \
+            -p "${{ secrets.PROD_PORT }}" \
+            "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \
             "/home/tsschulz/deploy-yourpart-bluegreen.sh"
\ No newline at end of file