From 52af2a755c9a20b625cfc21f14b3566b221d866a Mon Sep 17 00:00:00 2001
From: Nico <Nico>
Date: Sat, 21 Feb 2026 23:52:36 -0800
Subject: [PATCH] ci: migrate deploy job to SSH compose and include scheduler
 service

---
 .gitea/workflows/deploy-dokploy.yml | 45 ++++++++++++++++-------------
 docker-compose.yml                  |  8 ++++-
 2 files changed, 32 insertions(+), 21 deletions(-)

diff --git a/.gitea/workflows/deploy-dokploy.yml b/.gitea/workflows/deploy-dokploy.yml
index 1904a8f..e9e1ac8 100644
--- a/.gitea/workflows/deploy-dokploy.yml
+++ b/.gitea/workflows/deploy-dokploy.yml
@@ -1,4 +1,4 @@
-name: Build & Deploy Fiddy (Dokploy)
+name: Build & Deploy Fiddy (SSH Compose)
 
 on:
   push:
@@ -50,35 +50,40 @@ jobs:
   deploy:
     needs: build
     runs-on: ubuntu-latest
+    env:
+      IMAGE_TAG: ${{ github.sha }}
+      DEPLOY_PATH: /opt/fiddy
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
 
-      - name: Trigger Dokploy Deploy
-        env:
-          DOKPLOY_DEPLOY_HOOK: ${{ secrets.DOKPLOY_DEPLOY_HOOK }}
-          IMAGE_TAG: ${{ github.sha }}
+      - name: Install SSH key
         run: |
-          if [ -z "$DOKPLOY_DEPLOY_HOOK" ]; then
-            echo "Missing DOKPLOY_DEPLOY_HOOK secret"
+          set -euo pipefail
+          if [ -z "${{ secrets.DEPLOY_KEY }}" ]; then
+            echo "Missing DEPLOY_KEY secret"
             exit 1
           fi
-          curl -fsS -X POST "$DOKPLOY_DEPLOY_HOOK" \
-            -H "Content-Type: application/json" \
-            -d "{\"imageTag\":\"$IMAGE_TAG\"}"
+          mkdir -p ~/.ssh
+          printf "%s" "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts
 
-      - name: Trigger Dokploy Scheduler Deploy
-        env:
-          DOKPLOY_SCHEDULER_DEPLOY_HOOK: ${{ secrets.DOKPLOY_SCHEDULER_DEPLOY_HOOK }}
-          IMAGE_TAG: ${{ github.sha }}
+      - name: Upload compose file
         run: |
-          if [ -z "$DOKPLOY_SCHEDULER_DEPLOY_HOOK" ]; then
-            echo "DOKPLOY_SCHEDULER_DEPLOY_HOOK not set; skipping scheduler deploy trigger"
-            exit 0
+          set -euo pipefail
+          if [ -z "${{ secrets.DEPLOY_HOST }}" ] || [ -z "${{ secrets.DEPLOY_USER }}" ]; then
+            echo "Missing DEPLOY_HOST or DEPLOY_USER secret"
+            exit 1
           fi
-          curl -fsS -X POST "$DOKPLOY_SCHEDULER_DEPLOY_HOOK" \
-            -H "Content-Type: application/json" \
-            -d "{\"imageTag\":\"$IMAGE_TAG\"}"
+          ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" "mkdir -p '$DEPLOY_PATH'"
+          scp docker-compose.yml "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:$DEPLOY_PATH/docker-compose.yml"
+
+      - name: Deploy via SSH Compose
+        run: |
+          set -euo pipefail
+          ssh "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" \
+            "cd '$DEPLOY_PATH' && IMAGE_TAG='$IMAGE_TAG' docker compose pull && IMAGE_TAG='$IMAGE_TAG' docker compose up -d --remove-orphans && docker image prune -f"
 
       - name: Wait for Ready Health Check
         env:
diff --git a/docker-compose.yml b/docker-compose.yml
index ec3dd8a..b357917 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,5 +6,11 @@ services:
     environment:
       - NODE_ENV=production
     ports:
-      - "3000:3000"
+      - "3010:3000"
+    restart: always
+
+  scheduler:
+    image: git.nicosaya.com/nalalangan/fiddy/scheduler:${IMAGE_TAG}
+    env_file:
+      - ./.env
     restart: always