name: Deploy to production on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 2 - name: Detect vocab course changes id: vocab_course_changes shell: bash run: | set -euo pipefail BASE="${{ gitea.event.before }}" HEAD="${{ gitea.sha }}" if [ -z "$BASE" ] || [[ "$BASE" =~ ^0+$ ]] || ! git cat-file -e "$BASE^{commit}" 2>/dev/null; then BASE="HEAD~1" fi git diff --name-only "$BASE" "$HEAD" > changed-files.txt cat changed-files.txt if grep -E '^(backend/scripts/.*(bisaya|course|didactics|vocab)|backend/sql/.*vocab|backend/migrations/.*vocab|docs/.*(COURSE|VOCAB|BISAYA|GERMAN_FOR_BISAYA))' changed-files.txt; then echo "changed=true" >> "$GITHUB_OUTPUT" else echo "changed=false" >> "$GITHUB_OUTPUT" fi - name: Prepare SSH run: | mkdir -p ~/.ssh printf "%s" "${{ secrets.PROD_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -p "${{ secrets.PROD_PORT }}" "${{ secrets.PROD_HOST }}" >> ~/.ssh/known_hosts - name: Test SSH connection run: | ssh -i ~/.ssh/id_ed25519 \ -o StrictHostKeyChecking=no \ -o BatchMode=yes \ -p "${{ secrets.PROD_PORT }}" \ "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ "echo SSH OK" - name: Run deployment script run: | ssh -i ~/.ssh/id_ed25519 \ -p "${{ secrets.PROD_PORT }}" \ "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ "/home/tsschulz/deploy-yourpart-bluegreen.sh" - name: Sync vocab course content if: steps.vocab_course_changes.outputs.changed == 'true' run: | ssh -i ~/.ssh/id_ed25519 \ -p "${{ secrets.PROD_PORT }}" \ "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ "cd /opt/yourpart && npm --prefix backend run sync:vocab-courses"