sharedinbox/.forgejo/workflows/website.yml

name: Deploy Website

on:
  push:
    branches: [main]
    paths:
      - 'website/**'
      - 'scripts/website-verify.sh'
      - '.forgejo/workflows/website.yml'

jobs:
  deploy:
    name: Build & Deploy Website
    runs-on: self-hosted

    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Enable Nix flakes
        run: |
          mkdir -p ~/.config/nix
          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf

      - name: Setup SSH
        env:
          SSH_PRIVATE_KEY: ${{ secrets.WEBSITE_SSH_PRIVATE_KEY }}
        run: |
          if [ -n "$SSH_PRIVATE_KEY" ]; then
            mkdir -p ~/.ssh
            echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
            chmod 600 ~/.ssh/id_rsa
          else
            echo "Error: WEBSITE_SSH_PRIVATE_KEY secret is not set."
            exit 1
          fi

      - name: Deploy
        env:
          SSH_USER: ${{ secrets.WEBSITE_SSH_USER }}
          SSH_HOST: ${{ secrets.WEBSITE_SSH_HOST }}
        run: nix develop --command task website-deploy

      - name: Verify
        run: nix develop --command task website-verify