watch-party/.gitea/workflows/ci.yaml

name: Build and Deploy

on:
  push:
    branches:
      - main

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        run: |
          git config --global http.sslCAInfo /certs/ca.crt
          rm -rf $GITEA_WORKSPACE
          mkdir -p $GITEA_WORKSPACE
          git clone https://gitea.home.arpa/nik/watch-party $GITEA_WORKSPACE
        env:
          GIT_SSL_CAINFO: /certs/ca.crt

      - name: Write deploy key
        run: |
          echo "${{ secrets.DEPLOY_KEY }}" > /tmp/deploy_key
          chmod 600 /tmp/deploy_key

      - name: Log in to Gitea registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.home.arpa \
            --username ${{ secrets.REGISTRY_USERNAME }} \
            --password-stdin
        env:
          GIT_SSL_CAINFO: /certs/ca.crt

      - name: Build and push backend
        run: |
          docker build \
            --platform linux/amd64 \
            -t gitea.home.arpa/nik/watch-party-backend:latest \
            $GITEA_WORKSPACE/backend
          docker push gitea.home.arpa/nik/watch-party-backend:latest

      - name: Build and push frontend
        run: |
          docker build \
            --platform linux/amd64 \
            -t gitea.home.arpa/nik/watch-party-frontend:latest \
            $GITEA_WORKSPACE/frontend
          docker push gitea.home.arpa/nik/watch-party-frontend:latest

      - name: Deploy to Mac Mini
        run: |
          ssh -o StrictHostKeyChecking=no \
            -i /tmp/deploy_key \
            ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
            "cd ~/repo/watch-party && \
             docker login gitea.home.arpa -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }} && \
             docker compose pull && \
             docker compose up -d"