From ad751f5ae65d06ff2e09c19553f7caabe696a243 Mon Sep 17 00:00:00 2001
From: Stiftung Development <admin@stiftung-project.local>
Date: Tue, 9 Sep 2025 21:20:35 +0200
Subject: [PATCH] Add Personal Access Token authentication for private repo
 deployment

- Use DEPLOY_TOKEN secret for git authentication
- Fix environment variable passing in SSH action
- Required for private repository access during deployment
---
 .github/workflows/ci-cd.yml | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 87ba21f..7f974e9 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -187,11 +187,36 @@ jobs:
         host: ${{ secrets.PROD_HOST }}
         username: ${{ secrets.PROD_USERNAME }}
         key: ${{ secrets.PROD_SSH_KEY }}
+        envs: DEPLOY_TOKEN
         script: |
           cd /opt/stiftung
           
-          # Pull latest changes (using HTTPS)
-          git pull https://github.com/remmerinio/stiftung-management-system.git main
+          # Pull latest changes using Personal Access Token
+          git pull https://$DEPLOY_TOKEN@github.com/remmerinio/stiftung-management-system.git main
+          
+          # Copy production docker compose file
+          cp deploy-production/docker-compose.prod.yml docker-compose.yml
+          
+          # Stop containers
+          docker-compose down
+          
+          # Start containers with rebuild
+          docker-compose up -d --build
+          
+          # Wait for containers to be ready
+          echo "Waiting for containers to start..."
+          sleep 30
+          
+          # Run migrations
+          docker-compose exec -T web python manage.py migrate
+          
+          # Collect static files
+          docker-compose exec -T web python manage.py collectstatic --noinput
+          
+          # Show container status
+          docker-compose ps
+      env:
+        DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
           
           # Copy production docker compose file
           cp deploy-production/docker-compose.prod.yml docker-compose.yml