Add Personal Access Token authentication for private repo deployment

- Use DEPLOY_TOKEN secret for git authentication - Fix environment variable passing in SSH action - Required for private repository access during deployment
2025-09-09 21:20:35 +02:00
parent 175954ae67
commit ad751f5ae6
1 changed files with 27 additions and 2 deletions
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -187,11 +187,36 @@ jobs:
        host: ${{ secrets.PROD_HOST }}
        username: ${{ secrets.PROD_USERNAME }}
        key: ${{ secrets.PROD_SSH_KEY }}
+        envs: DEPLOY_TOKEN
        script: |
          cd /opt/stiftung
          
-          # Pull latest changes (using HTTPS)
-          git pull https://github.com/remmerinio/stiftung-management-system.git main
+          # Pull latest changes using Personal Access Token
+          git pull https://$DEPLOY_TOKEN@github.com/remmerinio/stiftung-management-system.git main
+          
+          # Copy production docker compose file
+          cp deploy-production/docker-compose.prod.yml docker-compose.yml
+          
+          # Stop containers
+          docker-compose down
+          
+          # Start containers with rebuild
+          docker-compose up -d --build
+          
+          # Wait for containers to be ready
+          echo "Waiting for containers to start..."
+          sleep 30
+          
+          # Run migrations
+          docker-compose exec -T web python manage.py migrate
+          
+          # Collect static files
+          docker-compose exec -T web python manage.py collectstatic --noinput
+          
+          # Show container status
+          docker-compose ps
+      env:
+        DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
          
          # Copy production docker compose file
          cp deploy-production/docker-compose.prod.yml docker-compose.yml