From 8e2b8af6d706190a80d95b64224a8fcd89a9566d Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Mon, 23 Feb 2026 10:14:01 +0000
Subject: [PATCH] Add CI workflow for build and deploy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 81 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 .gitea/workflows/ci.yml

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
new file mode 100644
index 0000000..a6599e6
--- /dev/null
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,81 @@
+name: Build and Deploy
+
+on:
+  push:
+    branches: [main, master]
+
+env:
+  REGISTRY: registry.rose-ash.com:5000
+  IMAGE: account
+  REPO_DIR: /root/rose-ash/account
+  COOP_DIR: /root/rose-ash
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: |
+          apt-get update && apt-get install -y --no-install-recommends openssh-client
+
+      - name: Set up SSH
+        env:
+          SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Pull latest code on server
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          ssh "root@$DEPLOY_HOST" "
+            cd ${{ env.REPO_DIR }}
+            git fetch origin ${{ github.ref_name }}
+            git reset --hard origin/${{ github.ref_name }}
+            git submodule update --init --recursive
+            # Clean ALL sibling dirs (including stale self-copies from previous runs)
+            for sibling in blog market cart events federation; do
+              rm -rf \$sibling
+            done
+            # Copy non-self sibling models for cross-domain imports
+            for sibling in blog market cart events federation; do
+              repo=/root/rose-ash/\$sibling
+              if [ -d \$repo/.git ]; then
+                git -C \$repo fetch origin 2>/dev/null || true
+                mkdir -p \$sibling
+                git -C \$repo archive HEAD -- __init__.py models/ 2>/dev/null | tar -x -C \$sibling/ || true
+              fi
+            done
+          "
+
+      - name: Build and push image
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          ssh "root@$DEPLOY_HOST" "
+            cd ${{ env.REPO_DIR }}
+            docker build --build-arg CACHEBUST=\$(date +%s) \
+              -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest \
+              -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }} .
+            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
+            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
+          "
+
+      - name: Deploy stack
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          ssh "root@$DEPLOY_HOST" "
+            cd ${{ env.COOP_DIR }}
+            source .env
+            docker stack deploy -c docker-compose.yml coop
+            echo 'Waiting for services to update...'
+            sleep 10
+            docker stack services coop
+          "