From 5dec3ca86114d91ad1ef649741c799648e998256 Mon Sep 17 00:00:00 2001
From: janis <janis@jakach.ch>
Date: Thu, 23 Apr 2026 18:53:27 +0000
Subject: [PATCH] =?UTF-8?q?.gitea/workflows/delpoy.yml=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/delpoy.yml | 63 +++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 .gitea/workflows/delpoy.yml

diff --git a/.gitea/workflows/delpoy.yml b/.gitea/workflows/delpoy.yml
new file mode 100644
index 0000000..afca836
--- /dev/null
+++ b/.gitea/workflows/delpoy.yml
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Required env vars:
+#   SSH_KEY      -> private SSH key content
+#   SSH_USER     -> remote SSH user
+#   SSH_IP       -> remote host/IP
+#   GIT_USER     -> Gitea username
+#   GIT_TOKEN    -> Gitea personal access token
+#
+# Optional env vars:
+#   APP_DIR      -> remote app directory
+#   GIT_HOST     -> git.jakach.ch
+#   GIT_REPO     -> Jakach/your-repo.git
+#   GIT_BRANCH   -> main
+
+: "${SSH_KEY:?SSH_KEY is required}"
+: "${SSH_USER:?SSH_USER is required}"
+: "${SSH_IP:?SSH_IP is required}"
+: "${GIT_USER:?GIT_USER is required}"
+: "${GIT_TOKEN:?GIT_TOKEN is required}"
+
+APP_DIR="/srv/systems/jakach-login"
+GIT_HOST="${GIT_HOST:-git.jakach.ch}"
+GIT_REPO="${GIT_REPO:-Jakach/jakach-login.git}"
+GIT_BRANCH="${GIT_BRANCH:-main}"
+
+mkdir -p ~/.ssh
+chmod 700 ~/.ssh
+
+# Write SSH key
+printf '%s\n' "$SSH_KEY" | tr -d '\r' > ~/.ssh/deploy_key
+chmod 600 ~/.ssh/deploy_key
+
+# Trust remote host
+ssh-keyscan -H "$SSH_IP" >> ~/.ssh/known_hosts 2>/dev/null || true
+
+ssh -i ~/.ssh/deploy_key \
+  -o StrictHostKeyChecking=yes \
+  -o IdentitiesOnly=yes \
+  "$SSH_USER@$SSH_IP" \
+  "export APP_DIR='$APP_DIR' GIT_HOST='$GIT_HOST' GIT_REPO='$GIT_REPO' GIT_BRANCH='$GIT_BRANCH' GIT_USER='$GIT_USER' GIT_TOKEN='$GIT_TOKEN'; bash -s" <<'REMOTE'
+set -Eeuo pipefail
+
+: "${APP_DIR:?}"
+: "${GIT_HOST:?}"
+: "${GIT_REPO:?}"
+: "${GIT_BRANCH:?}"
+: "${GIT_USER:?}"
+: "${GIT_TOKEN:?}"
+
+cd "$APP_DIR"
+
+# Ensure origin uses HTTPS with token auth
+git remote set-url origin "https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}"
+
+git fetch origin "$GIT_BRANCH"
+git checkout "$GIT_BRANCH"
+git pull origin "$GIT_BRANCH"
+
+docker compose down
+docker compose up -d --build
+REMOTE
\ No newline at end of file