From d3ed13dda030994143a4c69bceef3cc8e8583bbe Mon Sep 17 00:00:00 2001
From: Jan Remmer Siebels <jan.siebels@gmail.com>
Date: Wed, 24 Sep 2025 00:13:54 +0200
Subject: [PATCH] fix: Simplify deployment to build from source instead of
 using pre-built images

- Remove complex GHCR image pulling logic that was causing deployment failures
- Always build containers from source code on production server
- Remove unused build job that pushes to container registry
- Use docker-compose up -d --build to ensure latest code is built and deployed
- This ensures all new features like quarterly confirmations are available in production
---
 .github/workflows/ci-cd.yml | 86 +++----------------------------------
 1 file changed, 6 insertions(+), 80 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 1efc66a..793f114 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -6,10 +6,6 @@ on:
   pull_request:
     branches: [ main ]
 
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -135,54 +131,8 @@ jobs:
       run: |
         python manage.py collectstatic --noinput
 
-  build:
-    needs: test
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push'
-    
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Log in to Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ${{ env.REGISTRY }}
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Extract metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=sha,prefix={{branch}}-
-
-    - name: Build and push Docker images
-      uses: docker/build-push-action@v5
-      with:
-        context: ./app
-        push: true
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-
-    - name: Build and push Paperless image
-      uses: docker/build-push-action@v5
-      with:
-        context: ./paperless
-        push: true
-        tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-paperless:latest
-        labels: ${{ steps.meta.outputs.labels }}
-
   deploy:
-    needs: build
+    needs: test
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'  # Auto-deploy when pushing to main branch
     
@@ -193,13 +143,11 @@ jobs:
       uses: appleboy/ssh-action@v1.0.3
       env:
         DEPLOY_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GITHUB_ACTOR: ${{ github.actor }}
       with:
         host: ${{ secrets.PROD_HOST }}
         username: ${{ secrets.PROD_USERNAME }}
         key: ${{ secrets.PROD_SSH_KEY }}
-        envs: DEPLOY_TOKEN,GITHUB_TOKEN,GITHUB_ACTOR
+        envs: DEPLOY_TOKEN
         script: |
           cd /opt/stiftung
           
@@ -225,39 +173,17 @@ jobs:
           # No need to copy from deploy-production since we use compose.yml directly
           echo "Using main compose.yml for production deployment"
           
-          # Try to login to GitHub Container Registry and pull images
-          echo "Attempting to pull images from GitHub Container Registry..."
-          if echo $DEPLOY_TOKEN | docker login ghcr.io -u remmerinio --password-stdin; then
-            echo "✅ Successfully logged into GHCR"
-            if docker-compose -f compose.yml pull web worker beat paperless; then
-              echo "✅ Successfully pulled web and paperless images from GHCR"
-              USE_REMOTE_IMAGES=true
-            else
-              echo "⚠️ Failed to pull images from GHCR, will build locally"
-              USE_REMOTE_IMAGES=false
-            fi
-          else
-            echo "⚠️ Failed to login to GHCR, will build locally"
-            USE_REMOTE_IMAGES=false
-          fi
-          
-          # Pull other standard images (redis, postgres, grampsweb)
+          # Pull standard images (redis, postgres, grampsweb) but build our app from source
           echo "Pulling standard Docker images..."
           docker-compose -f compose.yml pull db redis grampsweb || echo "Some standard images failed to pull, will use cached versions"
           
-          # If we couldn't pull from GHCR, build locally
-          if [ "$USE_REMOTE_IMAGES" = "false" ]; then
-            echo "🔨 Building images locally from source code..."
-            docker build -t ghcr.io/remmerinio/stiftung-management-system:latest ./app
-            docker build -t ghcr.io/remmerinio/stiftung-management-system-paperless:latest ./paperless
-          fi
-          
           # Stop containers and clean up
           docker-compose -f compose.yml down
           docker system prune -f
           
-          # Start containers with latest images
-          docker-compose -f compose.yml up -d --no-build
+          # Build and start containers from source code
+          echo "🔨 Building and starting containers from source code..."
+          docker-compose -f compose.yml up -d --build
           
           # Wait for containers to be ready
           echo "Waiting for containers to start..."