From 34b30be0a6e05dd2e6e2f1758bca27cd7b3eaf5c Mon Sep 17 00:00:00 2001
From: Stiftung Development <admin@stiftung-project.local>
Date: Sun, 21 Sep 2025 20:52:41 +0200
Subject: [PATCH] Fix deployment pipeline: resolve git divergent branches and
 prevent paperless build issues

- Updated git pull strategy to use fetch + reset instead of pull to handle divergent branches
- Added docker system prune to clean up build artifacts
- Modified image pulling to separate web services from standard images
- Added --no-build flag to prevent accidental local builds
- Addresses production 502 errors from failed deployments
---
 .github/workflows/ci-cd.yml | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 1422d80..91fe891 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -208,8 +208,10 @@ jobs:
           
           echo "Production .env file found - proceeding with deployment"
           
-          # Pull latest code changes (.env is in .gitignore so won't be touched)
-          git pull https://$DEPLOY_TOKEN@github.com/remmerinio/stiftung-management-system.git main
+          # Configure git pull strategy and force pull latest code changes
+          git config pull.rebase false
+          git fetch https://$DEPLOY_TOKEN@github.com/remmerinio/stiftung-management-system.git main
+          git reset --hard FETCH_HEAD
           
           # The main compose.yml is already the correct production configuration
           # No need to copy from deploy-production since we use compose.yml directly
@@ -219,8 +221,8 @@ jobs:
           echo "Attempting to pull images from GitHub Container Registry..."
           if echo $DEPLOY_TOKEN | docker login ghcr.io -u remmerinio --password-stdin; then
             echo "✅ Successfully logged into GHCR"
-            if docker-compose -f compose.yml pull; then
-              echo "✅ Successfully pulled images from GHCR"
+            if docker-compose -f compose.yml pull web worker beat; then
+              echo "✅ Successfully pulled web images from GHCR"
               USE_REMOTE_IMAGES=true
             else
               echo "⚠️ Failed to pull images from GHCR, will build locally"
@@ -231,17 +233,22 @@ jobs:
             USE_REMOTE_IMAGES=false
           fi
           
+          # Pull other standard images (paperless, redis, postgres, grampsweb)
+          echo "Pulling standard Docker images..."
+          docker-compose -f compose.yml pull db redis paperless grampsweb || echo "Some standard images failed to pull, will use cached versions"
+          
           # If we couldn't pull from GHCR, build locally
           if [ "$USE_REMOTE_IMAGES" = "false" ]; then
             echo "🔨 Building images locally from source code..."
             docker build -t ghcr.io/remmerinio/stiftung-management-system:latest ./app
           fi
           
-          # Stop containers
+          # Stop containers and clean up
           docker-compose -f compose.yml down
+          docker system prune -f
           
           # Start containers with latest images
-          docker-compose -f compose.yml up -d
+          docker-compose -f compose.yml up -d --no-build
           
           # Wait for containers to be ready
           echo "Waiting for containers to start..."