From 3e5aceca50375496f305be1cabda4381de112eb5 Mon Sep 17 00:00:00 2001
From: roberto <roby9115@gmail.com>
Date: Tue, 3 Mar 2026 17:54:31 +0100
Subject: [PATCH] Update deployment workflow to use SSH for deployment and
 modify .env file handling in docker-compose

---
 .gitea/workflows/deploy.yaml | 105 +++++++++++++++--------------------
 docker-compose.yml           |   3 +-
 2 files changed, 47 insertions(+), 61 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index ac64f1c..cd850f0 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -33,75 +33,60 @@ jobs:
       - name: Run Tests
         run: pytest tests/ -v --tb=short
 
-  # ── 2. Deploy to Docker LXC (only main branch & tags) ─────────────
+  # ── 2. Deploy to Docker LXC via SSH ─────────────────────────────────
   deploy:
     needs: test
     runs-on: ubuntu-latest
     if: gitea.event_name == 'push'
 
     steps:
-      - name: Checkout Code
-        run: |
-          cd /tmp
-          rm -rf adiuva-api-deploy
-          git clone --depth 1 "http://10.0.0.119:3000/${GITHUB_REPOSITORY}.git" adiuva-api-deploy || \
-          git clone --depth 1 "http://10.0.0.119:3000/${GITHUB_REPOSITORY}.git" adiuva-api-deploy
-          cd adiuva-api-deploy && git checkout "${GITHUB_SHA}" 2>/dev/null || true
+      - name: Deploy via SSH
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            set -e
+            DEPLOY_DIR="/opt/adiuva-api"
+            REPO_URL="http://10.0.0.119:3000/${{ gitea.repository }}.git"
+            TAG="${GITHUB_REF_NAME}"
 
-      - name: Sync to deploy directory
-        run: |
-          DEPLOY_DIR="/opt/adiuva-api"
-          SRC="/tmp/adiuva-api-deploy"
-          mkdir -p "$DEPLOY_DIR"
+            # ── Pull latest code ──
+            cd /tmp && rm -rf adiuva-api-deploy
+            git clone --depth 1 --branch "${TAG}" "${REPO_URL}" adiuva-api-deploy
 
-          # Sync source, preserve .env and volumes
-          cp -rf "$SRC/app/" "$SRC/alembic/" "$SRC/alembic.ini" "$SRC/Dockerfile" "$SRC/docker-compose.yml" "$SRC/requirements.txt" "$DEPLOY_DIR/"
+            # ── Sync source (preserve .env) ──
+            cp -rf /tmp/adiuva-api-deploy/app/ \
+                   /tmp/adiuva-api-deploy/alembic/ \
+                   /tmp/adiuva-api-deploy/alembic.ini \
+                   /tmp/adiuva-api-deploy/Dockerfile \
+                   /tmp/adiuva-api-deploy/docker-compose.yml \
+                   /tmp/adiuva-api-deploy/requirements.txt \
+                   "$DEPLOY_DIR/"
+            rm -rf /tmp/adiuva-api-deploy
 
-      - name: Build & restart services
-        run: |
-          cd /opt/adiuva-api
-          docker compose up -d --build --remove-orphans
+            # ── Verify .env ──
+            if [ ! -f "$DEPLOY_DIR/.env" ]; then
+              echo "❌ $DEPLOY_DIR/.env not found. Create it before deploying."
+              exit 1
+            fi
 
-      - name: Run database migrations
-        run: |
-          cd /opt/adiuva-api
-          docker compose exec -T app alembic upgrade head
+            # ── Build & restart ──
+            cd "$DEPLOY_DIR"
+            docker compose up -d --build --remove-orphans
 
-      - name: Verify deployment
-        run: |
-          echo "Waiting for app to be ready..."
-          sleep 5
+            # ── Migrations ──
+            docker compose exec -T app alembic upgrade head
 
-          HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8000/api/v1/health)
-          if [ "$HTTP_CODE" -eq 200 ]; then
-            echo "✅ API is healthy (HTTP ${HTTP_CODE})"
-          else
-            echo "❌ Health check failed (HTTP ${HTTP_CODE})"
-            docker compose -f /opt/adiuva-api/docker-compose.yml logs app --tail=50
-            exit 1
-          fi
-
-      - name: Create Gitea Release (tags only)
-        if: startsWith(gitea.ref, 'refs/tags/')
-        run: |
-          GITEA_URL="http://10.0.0.119:3000"
-          TAG="${GITHUB_REF_NAME}"
-          REPO="${GITHUB_REPOSITORY}"
-          TOKEN="${{ gitea.token }}"
-
-          RELEASE_ID=$(curl -sf \
-            -H "Authorization: token ${TOKEN}" \
-            "${GITEA_URL}/api/v1/repos/${REPO}/releases/tags/${TAG}" \
-            | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
-
-          if [ -z "$RELEASE_ID" ]; then
-            curl -sf \
-              -X POST \
-              -H "Authorization: token ${TOKEN}" \
-              -H "Content-Type: application/json" \
-              -d "{\"tag_name\":\"${TAG}\",\"name\":\"Adiuva API ${TAG}\",\"body\":\"Deployed to Docker LXC\"}" \
-              "${GITEA_URL}/api/v1/repos/${REPO}/releases"
-            echo "✅ Release ${TAG} created"
-          else
-            echo "ℹ️  Release ${TAG} already exists (ID: ${RELEASE_ID})"
-          fi
\ No newline at end of file
+            # ── Health check ──
+            echo "Waiting for app..."
+            sleep 5
+            HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8000/api/v1/health)
+            if [ "$HTTP_CODE" -eq 200 ]; then
+              echo "✅ API is healthy (HTTP ${HTTP_CODE})"
+            else
+              echo "❌ Health check failed (HTTP ${HTTP_CODE})"
+              docker compose logs app --tail=50
+              exit 1
+            fi
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 67bf99f..7b1c3f1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,7 +4,8 @@ services:
     ports:
       - "8000:8000"
     env_file:
-      - .env
+      - path: .env
+        required: false
     environment:
       DATABASE_URL: postgresql+asyncpg://postgres:postgres@db:5432/adiuva
     depends_on: