From a65651358ae8bf3815efe8660663db49a3ddc60f Mon Sep 17 00:00:00 2001
From: ProgrammGamer <Linus.Games2008@gmail.com>
Date: Fri, 6 Feb 2026 19:40:17 +0100
Subject: [PATCH] upstream develop

---
 .gitea/workflows/deploy.yml | 58 +++++++++++++++----------------------
 1 file changed, 23 insertions(+), 35 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 15221d4..86d1d88 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -51,25 +51,25 @@ jobs:
       # =====================
       # PROD DEPLOY (FTP)
       # =====================
-      - name: Deploy to PROD via Docker (SSH)
+      - name: Deploy to PROD via SSH
         if: github.ref == 'refs/heads/main'
         env:
           SSH_HOST: ${{ secrets.PROD_SSH_HOST }}
           SSH_USER: ${{ secrets.PROD_SSH_USER }}
           SSH_PORT: ${{ secrets.PROD_SSH_PORT }}
           SSH_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
-          WP_CONTAINER: ${{ secrets.PROD_WP_CONTAINER }}
-          WP_PLUGIN_PATH: ${{ secrets.PROD_WP_PLUGIN_PATH }}
-          HOST_PLUGIN_PATH: ${{ secrets.PROD_HOST_PLUGIN_PATH }}
+          HOST_WP_ROOT: ${{ secrets.PROD_HOST_WP_ROOT }}
+          HOST_ABS_PLUGIN_PATH: ${{ secrets.PROD_HOST_ABS_PLUGIN_PATH }}
         run: |
           set -euo pipefail
           apt-get update
-          # docker-cli needed to talk to remote engine; openssh-client to auth; tar for packaging with excludes
-          apt-get install -y docker.io openssh-client tar
+          # openssh-client to auth; tar for packaging with excludes
+          apt-get install -y openssh-client tar
 
           # Prepare SSH key
           mkdir -p ~/.ssh
-          echo "$SSH_KEY" > ~/.ssh/prod_docker_key
+          # Write the multiline private key exactly as provided
+          printf "%s\n" "$SSH_KEY" > ~/.ssh/prod_docker_key
           chmod 600 ~/.ssh/prod_docker_key
 
           # Write SSH config so DOCKER_HOST can reference a named host
@@ -79,22 +79,14 @@ jobs:
             User ${SSH_USER}
             Port ${SSH_PORT}
             IdentityFile ~/.ssh/prod_docker_key
+            IdentitiesOnly yes
+            PubkeyAuthentication yes
             StrictHostKeyChecking accept-new
           CFG
 
           # Prime known_hosts (optional, StrictHostKeyChecking accept-new will handle first connect)
           ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts || true
 
-          # Point docker CLI to remote engine over SSH
-          export DOCKER_HOST=ssh://prod-docker
-
-          # Sanity checks
-          docker info > /dev/null
-          docker ps --format 'table {{.Names}}\t{{.Status}}'
-
-          # Defaults if path not provided
-          : "${WP_PLUGIN_PATH:=/var/www/html/wp-content/plugins/konficastle-workshopwahl}"
-
           # Create a tarball with excludes to avoid copying VCS and CI folders
           TAR_FILE="/tmp/kc-plugin.tar.gz"
           tar -czf "$TAR_FILE" \
@@ -107,23 +99,19 @@ jobs:
             --exclude "*.md" \
             .
           
-          if [ -n "${HOST_PLUGIN_PATH}" ]; then
-            echo "Deploying to host path relative to root's home: ~/${HOST_PLUGIN_PATH}"
-            # Upload tarball to host home and extract to ~/${HOST_PLUGIN_PATH}
-            scp -o StrictHostKeyChecking=accept-new -i ~/.ssh/prod_docker_key "$TAR_FILE" prod-docker:~/kc-plugin.tar.gz
-            ssh prod-docker "mkdir -p \"~/${HOST_PLUGIN_PATH}\" && rm -rf \"~/${HOST_PLUGIN_PATH}\"/* && tar -xzf \"~/kc-plugin.tar.gz\" -C \"~/${HOST_PLUGIN_PATH}\" && rm -f \"~/kc-plugin.tar.gz\""
-            # Verify on host
-            ssh prod-docker "ls -la \"~/${HOST_PLUGIN_PATH}\" | head -n 50"
+          # Choose target path: prefer absolute plugin path; otherwise derive from HOST_WP_ROOT
+          if [ -n "${HOST_ABS_PLUGIN_PATH}" ]; then
+            echo "Deploying to absolute host path: ${HOST_ABS_PLUGIN_PATH}"
+            REMOTE_PATH_DECL="PLUGIN_PATH=\"${HOST_ABS_PLUGIN_PATH%/}\""
+          elif [ -n "${HOST_WP_ROOT}" ]; then
+            echo "Deploying to host path relative to remote home: \$HOME/${HOST_WP_ROOT%/}/wp-content/plugins/konficastle-workshopwahl"
+            REMOTE_PATH_DECL="PLUGIN_PATH=\$HOME/${HOST_WP_ROOT%/}/wp-content/plugins/konficastle-workshopwahl"
           else
-            echo "Deploying directly into container plugin path"
-            # Defaults if path not provided (container path)
-            : "${WP_PLUGIN_PATH:=/var/www/html/wp-content/plugins/konficastle-workshopwahl}"
-
-            # Copy tarball into the container
-            docker cp "$TAR_FILE" "${WP_CONTAINER}:/tmp/kc-plugin.tar.gz"
-
-            # Replace plugin contents inside the container and clean up
-            docker exec "${WP_CONTAINER}" bash -lc "mkdir -p '${WP_PLUGIN_PATH}' && rm -rf '${WP_PLUGIN_PATH}'/* && tar -xzf /tmp/kc-plugin.tar.gz -C '${WP_PLUGIN_PATH}' && rm -f /tmp/kc-plugin.tar.gz"
-            # List deployed files for verification inside container
-            docker exec "${WP_CONTAINER}" bash -lc "ls -la '${WP_PLUGIN_PATH}' | head -n 50"
+            echo "Error: set PROD_HOST_ABS_PLUGIN_PATH (absolute) or PROD_HOST_WP_ROOT (relative)" >&2
+            exit 1
           fi
+
+          # Upload tarball to host home and extract
+          scp -o StrictHostKeyChecking=accept-new -o IdentitiesOnly=yes -i ~/.ssh/prod_docker_key "$TAR_FILE" prod-docker:~/kc-plugin.tar.gz
+          # Use \$HOME for remote expansion (tilde does not expand inside quotes)
+          ssh prod-docker "$REMOTE_PATH_DECL; mkdir -p \"\$PLUGIN_PATH\" && rm -rf \"\$PLUGIN_PATH\"/* && tar -xzf \"\$HOME/kc-plugin.tar.gz\" -C \"\$PLUGIN_PATH\" && rm -f \"\$HOME/kc-plugin.tar.gz\" && ls -la \"\$PLUGIN_PATH\" | head -n 50"