cv-site/.github/workflows/deploy.yml

name: Deploy CV Server

on:
  push:
    branches:
      - main
  workflow_dispatch: #  Allow manual deployment from GitHub UI

jobs:
  deploy:
    name: Pull and Restart
    runs-on: ubuntu-latest

    steps:
      - name: Deploy to server
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_PORT: ${{ secrets.SSH_PORT || '22' }}
          SERVICE_NAME: ${{ secrets.SERVICE_NAME || 'cv' }}
          REPO_PATH: ${{ secrets.REPO_PATH || '/home/txeo/Git/yo/cv' }}
        run: |
          echo "🚀 Deploying to server..."

          # Setup SSH
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          # Write SSH key with proper formatting
          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key

          # Validate SSH key format
          echo "🔍 Validating SSH key..."
          if ! ssh-keygen -l -f ~/.ssh/deploy_key >/dev/null 2>&1; then
            echo "❌ Invalid SSH key format!"
            echo "Key preview (first 50 chars):"
            head -c 50 ~/.ssh/deploy_key
            echo ""
            exit 1
          fi
          echo "✅ SSH key validation passed"

          # Add host to known_hosts
          ssh-keyscan -p $SSH_PORT -H $SSH_HOST >> ~/.ssh/known_hosts 2>/dev/null

          # Pull latest code and restart service
          echo "🔄 Pulling latest code and restarting service..."
          ssh -i ~/.ssh/deploy_key -p $SSH_PORT $SSH_USER@$SSH_HOST << ENDSSH
            set -e

            echo "📥 Pulling latest changes..."
            cd $REPO_PATH
            git pull origin main

            echo "🔄 Restarting service..."
            sudo systemctl restart $SERVICE_NAME

            echo "⏳ Waiting for service to start..."
            sleep 3

            # Check service status
            if sudo systemctl is-active --quiet $SERVICE_NAME; then
              echo "✅ Service restarted successfully"
              sudo systemctl status $SERVICE_NAME --no-pager -l
            else
              echo "❌ Service failed to start"
              sudo journalctl -u $SERVICE_NAME -n 50 --no-pager
              exit 1
            fi
          ENDSSH

          # Cleanup
          rm ~/.ssh/deploy_key

          echo "✅ Deployment completed successfully!"

      - name: Verify deployment
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_PORT: ${{ secrets.SSH_PORT || '22' }}
        run: |
          echo "🔍 Verifying deployment..."

          # Setup SSH for verification
          printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key

          # Test health endpoint
          ssh -i ~/.ssh/deploy_key -p $SSH_PORT $SSH_USER@$SSH_HOST << 'ENDSSH'
            echo "Testing health endpoint..."
            sleep 2
            if curl -f http://localhost:1999/health > /dev/null 2>&1; then
              echo "✅ Health check passed"
              curl http://localhost:1999/health
            else
              echo "❌ Health check failed"
              exit 1
            fi
          ENDSSH

          rm ~/.ssh/deploy_key
          echo "✅ Deployment verification complete!"