cms.fellies.org/.gitea/workflows/deploy.yml

name: CMS Deploy

on:
  workflow_dispatch:
    inputs:
      environment:
        description: "Target environment"
        required: true
        type: choice
        options:
          - staging
          - production
      image_tag:
        description: "Image tag to deploy (e.g. v0.1.0)"
        required: true
      rollback_tag:
        description: "Optional rollback tag"
        required: false

jobs:
  deploy:
    name: Deploy Compose Stack
    runs-on: node22-bun
    steps:
      - name: Resolve deployment target
        id: target
        run: |
          if [ "${{ github.event.inputs.environment }}" = "staging" ]; then
            echo "host=${{ secrets.CMS_STAGING_HOST }}" >> "$GITHUB_OUTPUT"
            echo "user=${{ secrets.CMS_STAGING_USER }}" >> "$GITHUB_OUTPUT"
            echo "compose=docker-compose.staging.yml" >> "$GITHUB_OUTPUT"
          else
            echo "host=${{ secrets.CMS_PRODUCTION_HOST }}" >> "$GITHUB_OUTPUT"
            echo "user=${{ secrets.CMS_PRODUCTION_USER }}" >> "$GITHUB_OUTPUT"
            echo "compose=docker-compose.production.yml" >> "$GITHUB_OUTPUT"
          fi

      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.CMS_DEPLOY_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan -H "${{ steps.target.outputs.host }}" >> ~/.ssh/known_hosts

      - name: Deploy image tag
        run: |
          ssh "${{ steps.target.outputs.user }}@${{ steps.target.outputs.host }}" \
            "cd ${{ secrets.CMS_REMOTE_DEPLOY_PATH }} && CMS_IMAGE_TAG=${{ github.event.inputs.image_tag }} docker compose -f ${{ steps.target.outputs.compose }} up -d"

      - name: Optional rollback
        if: github.event.inputs.rollback_tag != ''
        run: |
          ssh "${{ steps.target.outputs.user }}@${{ steps.target.outputs.host }}" \
            "cd ${{ secrets.CMS_REMOTE_DEPLOY_PATH }} && CMS_IMAGE_TAG=${{ github.event.inputs.rollback_tag }} docker compose -f ${{ steps.target.outputs.compose }} up -d"