my-app/.gitea/workflows/checks-and-policy.yml

name: checks

on:
  push:
  pull_request:

jobs:
  frontend-jobs:
    name: Set up Node and other necessary dependencies for Frontend Tests and Build
    if: ${{ github.ref == 'refs/heads/main' }} # skip
    runs-on: ubuntu-latest

    steps:
      - name: Info
        run: |
          echo "Triggered by ${{ gitea.event_name }} event"
          echo "Branch: ${{ gitea.ref }}"
          echo "Repository: ${{ gitea.repository }}"

      - name: Install Node.js, npm, and Yarn (optimized)
        run: |
          set -e
          echo "Preparing Node.js, npm, and Yarn setup..."

          if command -v apt >/dev/null 2>&1; then
            echo "→ Using apt (Debian/Ubuntu)..."
            export DEBIAN_FRONTEND=noninteractive
            apt-get update -qq >/dev/null
            apt-get install -y -qq curl ca-certificates >/dev/null
            curl -fsSL https://deb.nodesource.com/setup_20.x | bash - >/dev/null 2>&1
            apt-get install -y -qq nodejs >/dev/null
            npm install -g yarn --silent

          elif command -v apk >/dev/null 2>&1; then
            echo "→ Using apk (Alpine)..."
            apk add --no-cache curl nodejs npm >/dev/null
            npm install -g yarn --silent

          elif command -v dnf >/dev/null 2>&1; then
            echo "→ Using dnf (Fedora/RHEL)..."
            dnf install -y -q curl ca-certificates nodejs npm >/dev/null
            npm install -g yarn --silent

          else
            echo "No supported package manager found (apt, apk, dnf)."
            exit 1
          fi

          echo "Node.js, npm, and Yarn installed successfully:"
          node -v
          npm -v
          yarn -v

      - name: Checkout repository manually
        env:
          TOKEN: ${{ secrets.ACCESS_TOKEN }}
          CLONE_URL: ${{ vars.CLONE_URL }}
        run: |
          echo "Cloning from $CLONE_URL"
          echo "Cloning ALL_REPO_TOKEN $ALL_REPO_TOKEN"
          CLONE_URL_WITH_AUTH=$(echo "$CLONE_URL" | sed "s#https://#https://$ALL_REPO_TOKEN@#")
          git clone --quiet "$CLONE_URL_WITH_AUTH" .
          echo "${{ gitea.repository }} cloned successfully."

      # Install frontend dependencies and run tests
      - name: Install dependencies, run tests and build frontend
        #uses: actions/cache@v3
        working-directory: ./frontend
        with:
          path: |
            ~/.yarn/cache
            ./node_modules
          key: frontend-${{ runner.os }}-yarn-${{ hashFiles('frontend/yarn.lock') }}
          restore-keys: |
            frontend-${{ runner.os }}-yarn-
        run: |
          yarn install --frozen-lockfile
          yarn lint
          yarn build
          #yarn test --watchAll=false --ci

      # Ensure SSH and SCP are installed and functional
      - name: Setup SSH and SCP
        run: |
          set -e
          echo "Ensuring SSH and SCP are available..."
          if command -v apt >/dev/null 2>&1; then
            apt-get update -qq >/dev/null
            apt-get install -y -qq openssh-client >/dev/null
          elif command -v apk >/dev/null 2>&1; then
            apk add --no-cache openssh >/dev/null
          elif command -v dnf >/dev/null 2>&1; then
            dnf install -y -q openssh-clients >/dev/null
          else
            echo "No supported package manager found for SSH installation."
            exit 1
          fi
          echo "SSH and SCP successfully installed:"
          ssh -V
          scp -V || echo "SCP version info not available but command exists."

      - name: Publish frontend .next build to Plesk server
        env:
          SSH_PRIVATE_KEY: ${{ vars.SSH_PRIVATE_KEY }}
          SERVER_IP: ${{ vars.SERVER_IP }}
          DOMAIN_NAME: ${{ vars.DOMAIN_NAME }} # optional, helps locate vhost
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
      
          echo "Deploying to server: $SERVER_IP"
          echo "Deploying to domain: $DOMAIN_NAME"
      
          #Define Plesk web root (update DOMAIN_NAME in Gitea variables)
          WEB_ROOT="/var/www/vhosts/${DOMAIN_NAME}/httpdocs"
          
          cat ~/.ssh/id_rsa | head -3
          
          # Convert if it's a PEM key
          if grep -q "BEGIN PRIVATE KEY" ~/.ssh/id_rsa; then
          echo "Converting PKCS#8 key to OpenSSH-compatible RSA key..."
          openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa.openssh >/dev/null 2>&1
          mv ~/.ssh/id_rsa.openssh ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          fi
          
          echo "SSH key ready for use:"
          ssh-keygen -lf ~/.ssh/id_rsa
      
          ssh -o StrictHostKeyChecking=no root@$SERVER_IP "mkdir -p $WEB_ROOT/.next"
          ssh -o StrictHostKeyChecking=no root@$SERVER_IP "mkdir -p $WEB_ROOT/public/.htaccess"
      
          #Copy only the .next build folder to the server
          scp -o StrictHostKeyChecking=no -r frontend/.next root@$SERVER_IP:$WEB_ROOT/
      
          echo "Frontend .next build successfully deployed to $SERVER_IP:$WEB_ROOT/.next"