# CI/CD Deploy Setup

Auto-deploys to your LXC server on every push to `main`.

## 1. Server preparation

On the LXC server, allow the deploy user to restart the service without a password:

```bash
# As root on the LXC
echo "bflr ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bflr, /usr/bin/systemctl status bflr" > /etc/sudoers.d/bflr-deploy
chmod 440 /etc/sudoers.d/bflr-deploy
```

Make sure the repo is cloned and the app works manually first (see `docs/deploy-proxmox-lxc.md`).

## 2. Generate a deploy SSH key

On your local machine (or the Gitea runner):

```bash
ssh-keygen -t ed25519 -C "gitea-deploy" -f deploy_key -N ""
```

Copy the **public** key to the server:

```bash
ssh-copy-id -i deploy_key.pub bflr@your-lxc-ip
```

## 3. Add secrets in Gitea

Go to your repo on git.b4l.co.th → **Settings** → **Actions** → **Secrets**, and add:

| Secret | Value |
|--------|-------|
| `DEPLOY_HOST` | LXC server IP (e.g. `192.168.1.50`) |
| `DEPLOY_USER` | SSH user (e.g. `bflr`) |
| `DEPLOY_KEY` | Contents of `deploy_key` (the private key, not .pub) |
| `DEPLOY_PORT` | SSH port (optional, defaults to 22) |
| `DEPLOY_PATH` | App directory (optional, defaults to `/home/bflr/buildfor_life_repair`) |

## 4. Enable Actions in Gitea

Make sure Gitea Actions is enabled on your instance:

```ini
# In app.ini (Gitea config)
[actions]
ENABLED = true
```

You also need a runner registered. If you don't have one, install the Gitea runner on the Gitea host or another machine:

```bash
# Download the runner
wget https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64
chmod +x act_runner-linux-amd64

# Register with your Gitea instance
./act_runner-linux-amd64 register --instance https://git.b4l.co.th --token <your-runner-token>

# Start
./act_runner-linux-amd64 daemon
```

## 5. Test

Push any change to `main` and check the Actions tab in Gitea for the deploy log.

## What the workflow does

1. SSHs into the LXC server
2. `git pull` the latest code
3. `npm ci` to install dependencies
4. `npm run build` to compile
5. `npm run db:push` to apply any schema changes
6. `sudo systemctl restart bflr` to restart the service
7. Verifies the service started successfully