the-nexus/.gitea/workflows/deploy.yml

name: Deploy Nexus

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Deploy to production
        # SSH into the host and redeploy via docker compose.
        # Set DEPLOY_HOST, DEPLOY_USER, and DEPLOY_SSH_KEY in repo secrets.
        env:
          SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
          HOST:    ${{ secrets.DEPLOY_HOST }}
          USER:    ${{ secrets.DEPLOY_USER }}
          REPO_DIR: ${{ secrets.DEPLOY_REPO_DIR || '/opt/nexus' }}
        run: |
          if [ -z "$SSH_KEY" ] || [ -z "$HOST" ] || [ -z "$USER" ]; then
            echo "Deploy secrets not configured — skipping remote deploy."
            echo "Set DEPLOY_HOST, DEPLOY_USER, DEPLOY_SSH_KEY in repo settings."
            exit 0
          fi
          echo "$SSH_KEY" > /tmp/deploy_key
          chmod 600 /tmp/deploy_key
          ssh -o StrictHostKeyChecking=no -i /tmp/deploy_key "$USER@$HOST" \
            "cd $REPO_DIR && git pull origin main && docker compose up -d --build nexus"
          rm /tmp/deploy_key