activity-pub/.gitea/workflows/ci.yml

name: Build and Deploy

on:
  push:
    branches: [main]

env:
  REGISTRY: registry.rose-ash.com:5000
  IMAGE: l2-server

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install tools
        run: |
          apt-get update && apt-get install -y --no-install-recommends openssh-client

      - name: Set up SSH
        env:
          SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true

      - name: Pull latest code on server
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd /root/art-dag/activity-pub
            git fetch origin main
            git reset --hard origin/main
          "

      - name: Build and push image
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd /root/art-dag/activity-pub
            docker build --build-arg CACHEBUST=\$(date +%s) -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }} .
            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
          "

      - name: Deploy stack
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
        run: |
          ssh "root@$DEPLOY_HOST" "
            cd /root/art-dag/activity-pub
            docker stack deploy -c docker-compose.yml activitypub
            echo 'Waiting for services to update...'
            sleep 10
            docker stack services activitypub
          "