infra-controller/.forgejo/workflows/deploy.yml

name: Deploy

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: docker
    steps:
      # Checkout code
      - name: Checkout
        uses: actions/checkout@v4

      # Setup SSH for services server
      - name: Setup SSH
        shell: bash
        env:
          SERVICE_SSH_KEY: ${{ secrets.SERVICE_SSH_KEY }}
          SERVICE_HOST: ${{ secrets.SERVICE_HOST }}
        run: |
          set -euo pipefail
          mkdir -p ~/.ssh
          printf '%s\n' "$SERVICE_SSH_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -H "$SERVICE_HOST" >> ~/.ssh/known_hosts          

      # Deploy app locally on the runner host
      - name: Deploy App (Docker Compose)
        shell: bash
        run: |
          set -euo pipefail
          APP_NAME="${{ github.event.repository.name }}"
          APP_PATH="/srv/apps/$APP_NAME"
          echo "Deploying $APP_NAME from $APP_PATH..."
          cd "$APP_PATH"
          docker compose pull
          docker compose up -d          

      # Register app on the services server (triggers infra-controller.path)
      - name: Register App Requirements
        shell: bash
        env:
          SERVICE_HOST: ${{ secrets.SERVICE_HOST }}
          SERVICE_USER: ${{ secrets.SERVICE_USER }}
        run: |
          set -euo pipefail
          APP_NAME="${{ github.event.repository.name }}"
          echo "Registering app $APP_NAME with infra-controller..."
          if [[ -f .infra.toml ]]; then
            ssh -i ~/.ssh/id_ed25519 "$SERVICE_USER@$SERVICE_HOST" infra-register-stdin "$APP_NAME" < .infra.toml
          else
            ssh -i ~/.ssh/id_ed25519 "$SERVICE_USER@$SERVICE_HOST" infra-deregister "$APP_NAME"
          fi