analiticaNucleo/.gitea/workflows/build-and-deploy.yml

name: build-and-deploy

on:
  push:
    branches: [ main, master ]

jobs:
#───────────────── build & push ─────────────────
  build:
    runs-on: docker
    env:
      REG: ${{ vars.REGISTRY_URL }}
      APP_NAME: ${{ vars.APP_NAME }}
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-buildx-action@v2
      - uses: docker/login-action@v2
        with:
          registry: ${{ vars.REGISTRY_URL }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build+push ${{ vars.APP_NAME }}
        run: |
          cd nuxt4-app
          docker build -t $REG/${{ github.repository_owner }}/$APP_NAME:${{ github.sha }} -t $REG/${{ github.repository_owner }}/$APP_NAME:latest .
          docker push $REG/${{ github.repository_owner }}/$APP_NAME:${{ github.sha }}
          docker push $REG/${{ github.repository_owner }}/$APP_NAME:latest

#───────────────── deploy ─────────────────
  deploy:
    needs: build
    runs-on: docker
    env:
      REG: ${{ vars.REGISTRY_URL }}
      REPO_OWNER: ${{ github.repository_owner }}
      APP_NAME: ${{ vars.APP_NAME }}
      APP_DOMAIN: ${{ vars.APP_DOMAIN }}
      # Variables sensibles de entorno desde secrets
      SUPABASE_URL: ${{ secrets.SUPABASE_URL }}
      SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }}
      SUPABASE_ANON_KEY: ${{ secrets.SUPABASE_ANON_KEY }}
      # Variables públicas desde vars
      NUXT_PUBLIC_AUTHENTIK_URL: ${{ vars.NUXT_PUBLIC_AUTHENTIK_URL }}
    steps:
      - uses: actions/checkout@v3
      - name: Login to registry
        run: docker login ${{ vars.REGISTRY_URL }} -u ${{ secrets.REGISTRY_USERNAME }} -p ${{ secrets.REGISTRY_PASSWORD }}

      - name: Info about environment
        run: |
          echo "ℹ️  Deploying ${{ vars.APP_NAME }}"
          echo "   Domain: ${{ vars.APP_DOMAIN }}"
          echo "   Image: ${{ vars.REGISTRY_URL }}/${{ github.repository_owner }}/${{ vars.APP_NAME }}:latest"
          echo "   Network: principal"

      - name: Pull fresh images used in compose
        run: docker compose pull

      - name: Clean up stack
        run: docker compose --project-name $APP_NAME down

      - name: Update stack
        run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait