Fix CI: remove checkout step, runner can't resolve gitea hostname

The build happens on the staging server via SSH, not in the runner container, so checkout is unnecessary. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix CI/CD: use SSH-based build instead of Docker-in-Docker
2026-04-07 19:51:54 -04:00 · 2026-04-07 19:49:35 -04:00
2 changed files with 29 additions and 50 deletions
--- a/.gitea/workflows/deploy-prod.yml
+++ b/.gitea/workflows/deploy-prod.yml
@@ -7,9 +7,6 @@ on:
        description: 'Release tag to deploy (e.g. v3.3.0)'
        required: true
 env:
  IMAGE: git.adlee.work/alee/golfgame
 jobs:
  deploy:
    runs-on: ubuntu-latest
@@ -20,19 +17,21 @@ jobs:
          host: ${{ secrets.PROD_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          envs: IMAGE
          script: |
            set -e
            TAG="${{ github.event.inputs.tag }}"
            IMAGE="git.adlee.work/alee/golfgame"
            cd /opt/golfgame
-            # Pull the same image that passed staging
+            # Pull the image that passed staging
-            docker login git.adlee.work -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }}
+            echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.adlee.work -u "${{ secrets.REGISTRY_USER }}" --password-stdin
-            docker pull $IMAGE:${{ github.event.inputs.tag }}
+            docker pull "$IMAGE:$TAG"
            docker tag "$IMAGE:$TAG" golfgame-app:latest
-            # Tag it so compose uses it
+            # Update code for compose/env changes
-            docker tag $IMAGE:${{ github.event.inputs.tag }} golfgame-app:latest
+            git fetch origin
-
+            git checkout "$TAG"
            # Update code (for compose file / env changes)
            git fetch origin && git checkout ${{ github.event.inputs.tag }}
            # Restart app
            docker compose -f docker-compose.prod.yml up -d app
@@ -41,7 +40,7 @@ jobs:
            echo "Waiting for health check..."
            for i in $(seq 1 30); do
              if docker compose -f docker-compose.prod.yml ps app | grep -q "healthy"; then
-                echo "Production deploy successful — ${{ github.event.inputs.tag }}"
+                echo "Production deploy successful — $TAG"
                exit 0
              fi
              sleep 2
--- a/.gitea/workflows/deploy-staging.yml
+++ b/.gitea/workflows/deploy-staging.yml
@@ -4,63 +4,43 @@ on:
  release:
    types: [published]
 env:
  IMAGE: git.adlee.work/alee/golfgame
 jobs:
-  build:
+  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - name: Build, push, and deploy to staging
      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: git.adlee.work
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build and push image
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          tags: |
            ${{ env.IMAGE }}:${{ github.ref_name }}
            ${{ env.IMAGE }}:latest
  deploy:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Deploy to staging
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.STAGING_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          envs: IMAGE
          script: |
            set -e
            TAG="${{ github.ref_name }}"
            IMAGE="git.adlee.work/alee/golfgame"
            cd /opt/golfgame
-            # Pull the pre-built image
+            # Pull latest code and checkout the release tag
-            docker login git.adlee.work -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }}
+            git fetch origin
-            docker pull $IMAGE:${{ github.ref_name }}
+            git checkout "$TAG"
-            # Tag it so compose uses it
+            # Build the image
-            docker tag $IMAGE:${{ github.ref_name }} golfgame-app:latest
+            docker build -t "$IMAGE:$TAG" -t "$IMAGE:latest" -t golfgame-app:latest .
-            # Update code (for compose file / env changes)
+            # Push to Gitea container registry
-            git fetch origin && git checkout ${{ github.ref_name }}
+            echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.adlee.work -u "${{ secrets.REGISTRY_USER }}" --password-stdin
            docker push "$IMAGE:$TAG"
            docker push "$IMAGE:latest"
-            # Restart app (no --build, image is pre-built)
+            # Restart app (no --build, image already tagged)
            docker compose -f docker-compose.staging.yml up -d app
            # Wait for healthy
            echo "Waiting for health check..."
            for i in $(seq 1 30); do
              if docker compose -f docker-compose.staging.yml ps app | grep -q "healthy"; then
-                echo "Staging deploy successful — ${{ github.ref_name }}"
+                echo "Staging deploy successful — $TAG"
                exit 0
              fi
              sleep 2
Author	SHA1	Message	Date
adlee-was-taken	d7631ec671	Fix CI: remove checkout step, runner can't resolve gitea hostname All checks were successful Build & Deploy Staging / build-and-deploy (release) Successful in 1m27s Details The build happens on the staging server via SSH, not in the runner container, so checkout is unnecessary. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 19:51:54 -04:00
adlee-was-taken	f6eeaed97d	Fix CI/CD: use SSH-based build instead of Docker-in-Docker Some checks failed Build & Deploy Staging / build-and-deploy (release) Failing after 30s Details act_runner doesn't reliably support docker/build-push-action. Build the image on the staging server and push to registry from there instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-07 19:49:35 -04:00