From 077ba03a3fcf0e5d29d1f6590f7d793da95bcecc Mon Sep 17 00:00:00 2001
From: ProgrammGamer <Linus.Games2008@gmail.com>
Date: Fri, 6 Feb 2026 19:39:35 +0100
Subject: [PATCH] update deploy.yml to implement new wp host

---
 .gitea/workflows/deploy.yml | 82 ++++++++++++++++++++++++++++++++-----
 1 file changed, 72 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 62d2b7d..15221d4 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -51,17 +51,79 @@ jobs:
       # =====================
       # PROD DEPLOY (FTP)
       # =====================
-      - name: Deploy to PROD via FTP
+      - name: Deploy to PROD via Docker (SSH)
         if: github.ref == 'refs/heads/main'
+        env:
+          SSH_HOST: ${{ secrets.PROD_SSH_HOST }}
+          SSH_USER: ${{ secrets.PROD_SSH_USER }}
+          SSH_PORT: ${{ secrets.PROD_SSH_PORT }}
+          SSH_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
+          WP_CONTAINER: ${{ secrets.PROD_WP_CONTAINER }}
+          WP_PLUGIN_PATH: ${{ secrets.PROD_WP_PLUGIN_PATH }}
+          HOST_PLUGIN_PATH: ${{ secrets.PROD_HOST_PLUGIN_PATH }}
         run: |
+          set -euo pipefail
           apt-get update
-          apt-get install -y lftp
+          # docker-cli needed to talk to remote engine; openssh-client to auth; tar for packaging with excludes
+          apt-get install -y docker.io openssh-client tar
 
-          lftp -u "${{ secrets.FTP_USER }},${{ secrets.FTP_PASS }}" ftp://${{ secrets.FTP_HOST }}:${{ secrets.FTP_PORT }} <<EOF
-          set ftp:ssl-allow no
-          set net:timeout 20
-          set net:max-retries 2
-          set mirror:parallel-transfer-count 2
-          mirror -R --delete --verbose ./ /httpdocs/wp-content/plugins/konficastle-workshopwahl/
-          quit
-          EOF
+          # Prepare SSH key
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/prod_docker_key
+          chmod 600 ~/.ssh/prod_docker_key
+
+          # Write SSH config so DOCKER_HOST can reference a named host
+          cat > ~/.ssh/config <<CFG
+          Host prod-docker
+            HostName ${SSH_HOST}
+            User ${SSH_USER}
+            Port ${SSH_PORT}
+            IdentityFile ~/.ssh/prod_docker_key
+            StrictHostKeyChecking accept-new
+          CFG
+
+          # Prime known_hosts (optional, StrictHostKeyChecking accept-new will handle first connect)
+          ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts || true
+
+          # Point docker CLI to remote engine over SSH
+          export DOCKER_HOST=ssh://prod-docker
+
+          # Sanity checks
+          docker info > /dev/null
+          docker ps --format 'table {{.Names}}\t{{.Status}}'
+
+          # Defaults if path not provided
+          : "${WP_PLUGIN_PATH:=/var/www/html/wp-content/plugins/konficastle-workshopwahl}"
+
+          # Create a tarball with excludes to avoid copying VCS and CI folders
+          TAR_FILE="/tmp/kc-plugin.tar.gz"
+          tar -czf "$TAR_FILE" \
+            --exclude .git \
+            --exclude .gitea \
+            --exclude .github \
+            --exclude Notes \
+            --exclude "*.yml" \
+            --exclude "*.yaml" \
+            --exclude "*.md" \
+            .
+          
+          if [ -n "${HOST_PLUGIN_PATH}" ]; then
+            echo "Deploying to host path relative to root's home: ~/${HOST_PLUGIN_PATH}"
+            # Upload tarball to host home and extract to ~/${HOST_PLUGIN_PATH}
+            scp -o StrictHostKeyChecking=accept-new -i ~/.ssh/prod_docker_key "$TAR_FILE" prod-docker:~/kc-plugin.tar.gz
+            ssh prod-docker "mkdir -p \"~/${HOST_PLUGIN_PATH}\" && rm -rf \"~/${HOST_PLUGIN_PATH}\"/* && tar -xzf \"~/kc-plugin.tar.gz\" -C \"~/${HOST_PLUGIN_PATH}\" && rm -f \"~/kc-plugin.tar.gz\""
+            # Verify on host
+            ssh prod-docker "ls -la \"~/${HOST_PLUGIN_PATH}\" | head -n 50"
+          else
+            echo "Deploying directly into container plugin path"
+            # Defaults if path not provided (container path)
+            : "${WP_PLUGIN_PATH:=/var/www/html/wp-content/plugins/konficastle-workshopwahl}"
+
+            # Copy tarball into the container
+            docker cp "$TAR_FILE" "${WP_CONTAINER}:/tmp/kc-plugin.tar.gz"
+
+            # Replace plugin contents inside the container and clean up
+            docker exec "${WP_CONTAINER}" bash -lc "mkdir -p '${WP_PLUGIN_PATH}' && rm -rf '${WP_PLUGIN_PATH}'/* && tar -xzf /tmp/kc-plugin.tar.gz -C '${WP_PLUGIN_PATH}' && rm -f /tmp/kc-plugin.tar.gz"
+            # List deployed files for verification inside container
+            docker exec "${WP_CONTAINER}" bash -lc "ls -la '${WP_PLUGIN_PATH}' | head -n 50"
+          fi