INSIGHT-MVP/.forgejo/workflows/deploy.yml

# ============================================================
# INSIGHT MVP - Deploy Pipeline
# ============================================================
# Baut Docker-Images, pusht sie in die Forgejo Registry
# und deployed auf den insight-dev-01 Server.
#
# Wird nur bei Push auf 'main' oder 'develop' ausgefuehrt.
# ============================================================

name: Deploy

on:
  push:
    branches: [main, develop]

jobs:
  # --------------------------------------------------------
  # Docker Images bauen und in Registry pushen
  # --------------------------------------------------------
  build-and-push:
    name: Build & Push Images
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Determine Tag
        id: tag
        run: |
          if [ "${{ github.ref_name }}" = "main" ]; then
            echo "tag=latest" >> $GITHUB_OUTPUT
          else
            echo "tag=develop" >> $GITHUB_OUTPUT
          fi

      - name: Login to Container Registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
            docker login git.xinion.lan -u ${{ secrets.REGISTRY_USER }} --password-stdin

      # Core-Service Image
      - name: Build Core-Service
        run: |
          docker build \
            -t git.xinion.lan/gitadmin/insight-core:${{ steps.tag.outputs.tag }} \
            -f packages/core-service/Dockerfile \
            --target production \
            packages/core-service

      - name: Push Core-Service
        run: docker push git.xinion.lan/gitadmin/insight-core:${{ steps.tag.outputs.tag }}

      # Frontend Image
      - name: Build Frontend
        run: |
          docker build \
            -t git.xinion.lan/gitadmin/insight-frontend:${{ steps.tag.outputs.tag }} \
            -f packages/frontend/Dockerfile \
            --target production \
            packages/frontend

      - name: Push Frontend
        run: docker push git.xinion.lan/gitadmin/insight-frontend:${{ steps.tag.outputs.tag }}

  # --------------------------------------------------------
  # Auf Server deployen
  # --------------------------------------------------------
  deploy:
    name: Deploy to Server
    runs-on: ubuntu-latest
    needs: build-and-push

    steps:
      - name: Deploy via SSH
        run: |
          # SSH-Key vorbereiten
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_DEPLOY_KEY }}" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts

          # Deploy-Befehle auf dem Server ausfuehren
          ssh -i ~/.ssh/deploy_key ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} << 'DEPLOY'
            cd ~/insight

            # Registry Login
            echo "${{ secrets.REGISTRY_PASSWORD }}" | \
              docker login git.xinion.lan -u ${{ secrets.REGISTRY_USER }} --password-stdin

            # Neue Images pullen
            docker compose pull core frontend

            # Services mit neuem Image starten
            docker compose up -d core frontend

            # Health-Check warten
            sleep 10
            curl -f http://localhost:3000/health || echo "WARNUNG: Health-Check fehlgeschlagen"

            # Alte Images aufraeumen
            docker image prune -f
          DEPLOY

      - name: Verify Deployment
        run: |
          ssh -i ~/.ssh/deploy_key ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
            "docker compose ps && echo '--- Deployment erfolgreich ---'"