name: Deploy to Server on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Install SSH Key run: | mkdir -p ~/.ssh echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan 192.168.30.114 >> ~/.ssh/known_hosts - name: Deploy via SSH run: | ssh deployuser@192.168.30.114 << 'EOF' set -euo pipefail APP_DIR=/opt/Train-ID SERVICE=train-id NODE=/home/deployuser/.nvm/versions/node/v22.21.0/bin/node NPM=/home/deployuser/.nvm/versions/node/v22.21.0/bin/npm if [ ! -x "$NODE" ] || [ ! -x "$NPM" ]; then echo "Expected NVM-managed node/npm not found at $NODE / $NPM" >&2 exit 1 fi # Ensure shebangs like "/usr/bin/env node" resolve during npm scripts export PATH="/home/deployuser/.nvm/versions/node/v22.21.0/bin:$PATH" "$NODE" -v "$NPM" -v if [ ! -d "$APP_DIR" ]; then sudo mkdir -p "$APP_DIR" sudo chown "$USER":"$USER" "$APP_DIR" git clone https://git.hudsonriggs.systems/HRiggs/Train-ID.git "$APP_DIR" fi cd "$APP_DIR" # Reset any local changes (e.g., package-lock.json, build artifacts) and sync to origin/main git fetch --prune origin git reset --hard origin/main git clean -fdx -e .env -e .env.* # Install Node.js deps and build without modifying lockfile "$NPM" ci --no-audit --no-fund "$NPM" run build # Ensure systemd service exists and restart sudo -n systemctl restart train-id if systemctl list-unit-files | grep -q "${SERVICE}.service"; then sudo systemctl restart "$SERVICE" else sudo systemctl start "$SERVICE" echo "Warning: ${SERVICE}.service not found; start your process manager manually." fi EOF