From 22eb014b24c2103c11388a5f5935e936205a3400 Mon Sep 17 00:00:00 2001
From: ditmarvisser <ditmarvisser@gmail.com>
Date: Sat, 19 Jul 2025 13:58:42 +0200
Subject: [PATCH] add deploy compose stack workflow

---
 .gitea/workflows/deploy-compose-stack.yml | 83 +++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 .gitea/workflows/deploy-compose-stack.yml

diff --git a/.gitea/workflows/deploy-compose-stack.yml b/.gitea/workflows/deploy-compose-stack.yml
new file mode 100644
index 0000000..405b644
--- /dev/null
+++ b/.gitea/workflows/deploy-compose-stack.yml
@@ -0,0 +1,83 @@
+name: Deploy Stack
+
+on:
+  workflow_call:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Validate required secrets
+        run: |
+          if [ -z "${{ secrets.STAF_SSH_KEY }}" ]; then
+            echo "❌ STAF_SSH_KEY secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_HOST }}" ]; then
+            echo "❌ STAF_HOST secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.STAF_ANSIBLE_USER }}" ]; then
+            echo "❌ STAF_ANSIBLE_USER secret is required"
+            exit 1
+          fi
+          if [ -z "${{ secrets.ORG_GITEA_TOKEN }}" ]; then
+            echo "❌ ORG_GITEA_TOKEN secret is required"
+            exit 1
+          fi
+
+      - name: Checkout stack repository
+        uses: actions/checkout@v4
+
+      - name: Checkout shared ansible
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.event.repository.owner.login }}/ansible-shared
+          path: ansible-shared
+          token: ${{ secrets.ORG_GITEA_TOKEN }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+
+      - name: Install dependencies
+        run: |
+          pip install ansible docker
+
+      - name: Setup SSH
+        run: |
+          echo "${{ secrets.STAF_SSH_KEY }}" > /tmp/ssh_key
+          chmod 600 /tmp/ssh_key
+          eval $(ssh-agent -s)
+          ssh-add /tmp/ssh_key
+
+      - name: Deploy stack with Ansible
+        run: |
+          cd ansible-shared
+          if ! ansible-playbook -i inventory.ini deploy-compose-stack.yml; then
+            echo "❌ Ansible playbook execution failed"
+            exit 1
+          fi
+        env:
+          ANSIBLE_HOST_KEY_CHECKING: False
+          STACK_NAME: ${{ github.event.repository.name }}
+          REPO_URL: ${{ github.server_url }}/${{ github.repository }}.git
+          STAF_HOST: ${{ secrets.STAF_HOST }}
+          STAF_ANSIBLE_USER: ${{ secrets.STAF_ANSIBLE_USER }}
+
+      - name: Notify deployment status
+        if: always()
+        run: |
+          if [ "${{ job.status }}" == "success" ]; then
+            echo "✅ Stack ${{ github.event.repository.name }} deployed successfully"
+          else
+            echo "❌ Stack ${{ github.event.repository.name }} deployment failed"
+          fi
+
+      - name: Cleanup SSH key
+        if: always()
+        run: |
+          rm -f /tmp/ssh_key