From 0f11c2d20193725ae61747cc99629aabe4e21bc1 Mon Sep 17 00:00:00 2001
From: Vadym Samoilenko <vadymsamoilenko@oliver.agency>
Date: Sat, 23 May 2026 18:54:57 +0100
Subject: [PATCH] =?UTF-8?q?CI/CD:=20use=20host-mode=20runner=20=E2=80=94?=
 =?UTF-8?q?=20direct=20deploy=20without=20SSH=20action?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Runner runs directly on aimpress server (ubuntu-latest:host).
No need for appleboy/ssh-action Docker container.
Each step runs shell commands directly on the deploy server.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 56 +++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 30 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 7a8084a6..0e84ffed 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -9,37 +9,33 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - name: Deploy via SSH
-        uses: appleboy/ssh-action@v1.0.3
-        with:
-          host: ${{ secrets.DEPLOY_HOST }}
-          username: ${{ secrets.DEPLOY_USER }}
-          key: ${{ secrets.DEPLOY_SSH_KEY }}
-          port: ${{ secrets.DEPLOY_PORT }}
-          script: |
-            set -euo pipefail
-            DEPLOY_DIR="/opt/03-business/cohorta"
+      - name: Pull latest code
+        run: |
+          set -euo pipefail
+          echo "=== Pulling latest code ==="
+          git -C /opt/03-business/cohorta pull --ff-only
+          git -C /opt/03-business/cohorta log --oneline -3
 
-            echo "=== Cohorta — auto deploy ==="
+      - name: Ensure traefik-public network
+        run: |
+          docker network ls --format '{{.Name}}' | grep -q '^traefik-public$' \
+            || docker network create traefik-public
 
-            # Pull latest code
-            git -C "$DEPLOY_DIR" pull --ff-only
+      - name: Build and restart containers
+        run: |
+          set -euo pipefail
+          cd /opt/03-business/cohorta
+          docker compose build --no-cache frontend backend
+          docker compose up -d --remove-orphans
 
-            # Ensure traefik-public network exists
-            docker network ls --format '{{.Name}}' | grep -q '^traefik-public$' \
-              || docker network create traefik-public
+      - name: Health check
+        run: |
+          echo "Waiting for backend..."
+          for i in $(seq 1 30); do
+            curl -sf http://localhost:5137/api/health > /dev/null 2>&1 && echo "✓ Backend healthy" && break
+            sleep 3
+          done
+          docker compose -f /opt/03-business/cohorta/docker-compose.yml ps
 
-            # Build and restart containers
-            cd "$DEPLOY_DIR"
-            docker compose build --no-cache frontend backend
-            docker compose up -d --remove-orphans
-
-            # Health check
-            for i in $(seq 1 30); do
-              curl -sf http://localhost:5137/api/health > /dev/null 2>&1 && echo "✓ Backend healthy" && break
-              sleep 3
-            done
-
-            docker compose ps
-            echo "=== Deploy complete ==="
-            echo "  https://cohorta.ai-impress.com"
+      - name: Done
+        run: echo "=== Deploy complete === https://cohorta.ai-impress.com"