From 4629f16a98cd3a279f49f5d8ebc09d404f0a9aa8 Mon Sep 17 00:00:00 2001
From: Ariel Costas Guerrero <ariel@costas.dev>
Date: Sun, 12 Oct 2025 23:00:01 +0200
Subject: Implement actions to deploy frontend

---
 .github/workflows/deploy.yml | 72 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 .github/workflows/deploy.yml

(limited to '.github')

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..312c714
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,72 @@
+name: Deploy to production
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Build production artifact
+    environment: Production
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          submodules: true
+          lfs: false
+      - uses: actions/setup-node@v5
+        with:
+          node-version: lts/*
+          cache: "npm"
+          cache-dependency-path: src/frontend/package-lock.json
+      - name: Install frontend dependencies
+        working-directory: src/frontend
+        run: npm ci
+      - name: Build frontend
+        working-directory: src/frontend
+        run: npm run build
+      - name: Prepare artifact directory
+        run: |
+          rm -rf dist
+          mkdir -p dist/frontend
+          cp -R src/frontend/build/client/. dist/frontend/
+      - name: Archive Production Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: production
+          path: dist
+          retention-days: 7
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build
+    name: Deploy to production server
+    environment: Production
+    steps:
+      - name: Download Artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: production
+          path: dist
+      - name: Connect to tailnet
+        uses: tailscale/github-action@v3
+        with:
+          oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TAILSCALE_CLIENT_SECRET }}
+          tags: tag:ci
+      - name: Wait for reachability
+        run: |
+          until tailscale ping ${{ secrets.TARGET_HOST }}; do
+            echo "Waiting for Tailscale to connect..."
+            sleep 2
+          done
+      - name: Add SSH Key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H ${{ secrets.TARGET_HOST }} >> ~/.ssh/known_hosts
+      - name: Deploy
+        run: |
+          scp -r dist/* ${{ secrets.TARGET_USER }}@${{ secrets.TARGET_HOST }}:${{ secrets.TARGET_PATH }}/
-- 
cgit v1.3