golfgame/.gitea/workflows/deploy-prod.yml

name: Deploy Production

on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Release tag to deploy (e.g. v3.3.0)'
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy to production
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.PROD_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          script: |
            set -e
            TAG="${{ github.event.inputs.tag }}"
            IMAGE="git.adlee.work/alee/golfgame"

            cd /opt/golfgame

            # Pull the image that passed staging
            echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.adlee.work -u "${{ secrets.REGISTRY_USER }}" --password-stdin
            docker pull "$IMAGE:$TAG"
            docker tag "$IMAGE:$TAG" golfgame-app:latest

            # Update code for compose/env changes
            git fetch origin
            git checkout "$TAG"

            # Restart app
            docker compose -f docker-compose.prod.yml up -d app

            # Wait for healthy
            echo "Waiting for health check..."
            for i in $(seq 1 30); do
              if docker compose -f docker-compose.prod.yml ps app | grep -q "healthy"; then
                echo "Production deploy successful — $TAG"
                exit 0
              fi
              sleep 2
            done
            echo "CRITICAL: app not healthy after 60s"
            docker compose -f docker-compose.prod.yml logs --tail=30 app
            exit 1