name: Deploy to production on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 2 - name: Detect vocab course changes id: vocab_course_changes shell: bash run: | set -euo pipefail BASE="${{ gitea.event.before }}" HEAD="${{ gitea.sha }}" if [ -z "$BASE" ] || [[ "$BASE" =~ ^0+$ ]] || ! git cat-file -e "$BASE^{commit}" 2>/dev/null; then BASE="HEAD~1" fi git diff --name-only "$BASE" "$HEAD" > changed-files.txt cat changed-files.txt COMMIT_MESSAGE="$(git log -1 --pretty=%B "$HEAD" || true)" if echo "$COMMIT_MESSAGE" | grep -qi '\[force-deploy\]'; then echo "force_deploy=true" >> "$GITHUB_OUTPUT" else echo "force_deploy=false" >> "$GITHUB_OUTPUT" fi if grep -E '^(backend/scripts/.*(bisaya|course|didactics|vocab)|backend/sql/.*vocab|backend/migrations/.*vocab|docs/.*(COURSE|VOCAB|BISAYA|GERMAN_FOR_BISAYA))' changed-files.txt; then echo "changed=true" >> "$GITHUB_OUTPUT" else echo "changed=false" >> "$GITHUB_OUTPUT" fi if grep -E '^frontend/' changed-files.txt >/dev/null; then echo "frontend_changed=true" >> "$GITHUB_OUTPUT" else echo "frontend_changed=false" >> "$GITHUB_OUTPUT" fi if grep -E '^backend/' changed-files.txt \ | grep -Ev '^(backend/scripts/.*(bisaya|course|didactics|vocab)|backend/sql/.*vocab|backend/migrations/.*vocab)$' >/dev/null; then echo "backend_app_changed=true" >> "$GITHUB_OUTPUT" else echo "backend_app_changed=false" >> "$GITHUB_OUTPUT" fi # App-Code-Änderungen, die einen echten Deploy benötigen # (Frontend oder Backend außerhalb reiner Kurs-/Dokument-Sync-Dateien) if grep -E '^(frontend/|backend/)' changed-files.txt \ | grep -Ev '^(backend/scripts/.*(bisaya|course|didactics|vocab)|backend/sql/.*vocab|backend/migrations/.*vocab|docs/.*(COURSE|VOCAB|BISAYA|GERMAN_FOR_BISAYA))'; then echo "app_changed=true" >> "$GITHUB_OUTPUT" else echo "app_changed=false" >> "$GITHUB_OUTPUT" fi - name: Prepare SSH run: | mkdir -p ~/.ssh printf "%s" "${{ secrets.PROD_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -p "${{ secrets.PROD_PORT }}" "${{ secrets.PROD_HOST }}" >> ~/.ssh/known_hosts - name: Test SSH connection run: | ssh -i ~/.ssh/id_ed25519 \ -o StrictHostKeyChecking=no \ -o BatchMode=yes \ -p "${{ secrets.PROD_PORT }}" \ "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ "echo SSH OK" - name: Run deployment script if: steps.vocab_course_changes.outputs.app_changed == 'true' || steps.vocab_course_changes.outputs.force_deploy == 'true' run: | DEPLOY_FLAGS="" if [ "${{ steps.vocab_course_changes.outputs.force_deploy }}" = "true" ]; then DEPLOY_FLAGS="" elif [ "${{ steps.vocab_course_changes.outputs.backend_app_changed }}" = "true" ] && [ "${{ steps.vocab_course_changes.outputs.frontend_changed }}" != "true" ]; then DEPLOY_FLAGS="--skip-frontend" elif [ "${{ steps.vocab_course_changes.outputs.frontend_changed }}" = "true" ] && [ "${{ steps.vocab_course_changes.outputs.backend_app_changed }}" != "true" ]; then DEPLOY_FLAGS="--skip-backend" fi DEPLOY_TARGET="${{ secrets.PROD_DEPLOY_TARGET }}" if [ -z "$DEPLOY_TARGET" ]; then DEPLOY_TARGET="/opt/yourpart-green" fi echo "Deploy-Flags: ${DEPLOY_FLAGS:-}" echo "Deploy-Target: $DEPLOY_TARGET" ssh -i ~/.ssh/id_ed25519 \ -p "${{ secrets.PROD_PORT }}" \ "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ "/home/tsschulz/deploy-yourpart-bluegreen.sh ${DEPLOY_TARGET} ${DEPLOY_FLAGS}" - name: Skip full deployment (no app changes) if: steps.vocab_course_changes.outputs.app_changed != 'true' && steps.vocab_course_changes.outputs.force_deploy != 'true' run: | echo "Kein Full-Deploy: Es wurden keine Frontend/Backend-App-Dateien geändert." - name: Sync vocab course content if: steps.vocab_course_changes.outputs.changed == 'true' || steps.vocab_course_changes.outputs.force_deploy == 'true' run: | ssh -i ~/.ssh/id_ed25519 \ -p "${{ secrets.PROD_PORT }}" \ "${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}" \ "cd /opt/yourpart && npm --prefix backend run sync:vocab-courses"