mitlist/.gitea/workflows/deploy-prod.yml

name: Deploy to Production

on:
  push:
    branches:
      - main # Trigger deployment only on pushes to main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log in to Docker Hub (or your registry)
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
        # For Gitea Container Registry, you might use:
        # registry: your-gitea-instance.com:5000
        # username: ${{ gitea.actor }}
        # password: ${{ secrets.GITEA_TOKEN }} 

      - name: Build and push backend image
        uses: docker/build-push-action@v4
        with:
          context: ./be
          file: ./be/Dockerfile.prod
          push: true
          tags: ${{ secrets.DOCKER_USERNAME }}/mitlist-backend:latest # Replace with your image name
          # Gitea registry example: your-gitea-instance.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest

      - name: Build and push frontend image
        uses: docker/build-push-action@v4
        with:
          context: ./fe
          file: ./fe/Dockerfile.prod
          push: true
          tags: ${{ secrets.DOCKER_USERNAME }}/mitlist-frontend:latest # Replace with your image name
          # Gitea registry example: your-gitea-instance.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest
          build-args: |
            VITE_API_URL=${{ secrets.VITE_API_URL }} 
            VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}            

      - name: Deploy to server
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SERVER_HOST }}
          username: ${{ secrets.SERVER_USERNAME }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          port: ${{ secrets.SERVER_PORT || 22 }}
          script: |
            cd /path/to/your/app # e.g., /srv/mitlist
            echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" > .env.production
            echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> .env.production
            echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> .env.production
            echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> .env.production
            echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> .env.production
            echo "SESSION_SECRET_KEY=${{ secrets.SESSION_SECRET_KEY }}" >> .env.production
            echo "GEMINI_API_KEY=${{ secrets.GEMINI_API_KEY }}" >> .env.production
            echo "REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}" >> .env.production
            echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env.production
            echo "CORS_ORIGINS=${{ secrets.CORS_ORIGINS }}" >> .env.production
            echo "FRONTEND_URL=${{ secrets.FRONTEND_URL }}" >> .env.production
            echo "VITE_API_URL=${{ secrets.VITE_API_URL }}" >> .env.production
            echo "VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}" >> .env.production
            echo "ENVIRONMENT=production" >> .env.production
            echo "LOG_LEVEL=INFO" >> .env.production
            
            # Ensure docker-compose.prod.yml is present on the server or copy it
            # git pull # If repo is cloned on server
            docker-compose -f docker-compose.prod.yml pull
            docker-compose -f docker-compose.prod.yml up -d --remove-orphans
            docker image prune -af