nuzlocke-tracker/.github/workflows/deploy.yml

name: Deploy

on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          persist-credentials: false

      - name: Login to Gitea registry
        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.nerdboden.de -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin

      - name: Build and push API image
        run: |
          docker build --platform linux/amd64 \
            -t gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest \
            -f backend/Dockerfile.prod ./backend
          docker push gitea.nerdboden.de/thefurya/nuzlocke-tracker-api:latest

      - name: Build and push frontend image
        run: |
          docker build --platform linux/amd64 \
            --build-arg VITE_API_URL=${{ secrets.VITE_API_URL }} \
            --build-arg VITE_SUPABASE_URL=${{ secrets.VITE_SUPABASE_URL }} \
            --build-arg VITE_SUPABASE_ANON_KEY=${{ secrets.VITE_SUPABASE_ANON_KEY }} \
            -t gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest \
            -f frontend/Dockerfile.prod ./frontend
          docker push gitea.nerdboden.de/thefurya/nuzlocke-tracker-frontend:latest

      - name: Deploy to Unraid
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          SSH_CMD="ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@192.168.1.10"
          SCP_CMD="scp -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key"
          DEPLOY_DIR="/mnt/user/appdata/nuzlocke-tracker"

          # Write .env from secrets (overwrites any existing file)
          printf '%s\n' \
            "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" \
            "SUPABASE_URL=${{ secrets.SUPABASE_URL }}" \
          | $SSH_CMD "cat > '${DEPLOY_DIR}/.env'"

          $SCP_CMD docker-compose.prod.yml "root@192.168.1.10:${DEPLOY_DIR}/docker-compose.yml"
          $SCP_CMD backup.sh "root@192.168.1.10:${DEPLOY_DIR}/backup.sh"
          $SSH_CMD "chmod +x '${DEPLOY_DIR}/backup.sh'"
          $SSH_CMD "cd '${DEPLOY_DIR}' && docker compose pull && docker compose up -d"