slimcore-website/.forgejo/workflows/deploy.yml

name: Deploy Marketing-Site

on:
  push:
    branches:
      - main
  workflow_dispatch:

concurrency:
  group: deploy-marketing
  cancel-in-progress: false

jobs:
  test:
    name: Lint + Smoke-Tests
    runs-on: docker
    container:
      image: node:22-bookworm
    steps:
      - uses: actions/checkout@v4

      - name: pnpm aktivieren
        run: |
          corepack enable
          corepack prepare pnpm@latest --activate

      - name: Dependencies
        run: pnpm install --frozen-lockfile

      - name: Production-Build
        run: pnpm build

      - name: Playwright-Browser
        run: pnpm exec playwright install --with-deps chromium

      - name: Smoke-Tests gegen Production-Build
        run: pnpm exec playwright test
        env:
          CI: '1'

      - name: Build-Artefakt aufheben
        uses: actions/upload-artifact@v3
        with:
          name: dist
          path: dist/
          retention-days: 3

  deploy:
    name: Deploy auf Marketing-VPS
    runs-on: docker
    container:
      image: alpine:3.20
    needs: test
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4

      - name: Tools installieren
        run: |
          apk add --no-cache rsync openssh-client

      - name: Build-Artefakt holen
        uses: actions/download-artifact@v3
        with:
          name: dist
          path: dist/

      - name: SSH-Key setzen
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.MARKETING_SSH_KEY }}" > ~/.ssh/marketing
          chmod 600 ~/.ssh/marketing
          ssh-keyscan -H "${{ secrets.MARKETING_HOST }}" >> ~/.ssh/known_hosts

      - name: Rsync zu Marketing-VPS
        run: |
          rsync -avz --delete \
            -e "ssh -i ~/.ssh/marketing -o StrictHostKeyChecking=yes" \
            dist/ \
            "${{ secrets.MARKETING_USER }}@${{ secrets.MARKETING_HOST }}:slimcore.io/"

      - name: Deploy-Verifikation
        run: |
          # Caddy braucht keine Reload — file_server liest live aus dem Verzeichnis
          # Stattdessen: HTTPS-Check, dass die neue Version live ist
          sleep 3
          STATUS=$(wget -qO- --server-response https://slimcore.io/ 2>&1 | awk '/HTTP\//{print $2}' | head -1)
          if [ "$STATUS" != "200" ]; then
            echo "Production-Site liefert HTTP $STATUS, erwartet 200"
            exit 1
          fi
          echo "✓ slimcore.io antwortet mit 200"

  notify:
    name: Deploy-Notification
    runs-on: docker
    container:
      image: alpine:3.20
    needs: deploy
    if: always()
    steps:
      - name: Status-Mail an Pascal
        if: ${{ secrets.BREVO_API_KEY != '' }}
        run: |
          apk add --no-cache curl
          STATUS="${{ needs.deploy.result }}"
          SUBJECT="[slimcore.io] Deploy ${STATUS}"
          BODY="Deploy von ${{ github.sha }} auf slimcore.io: ${STATUS}\n\nCommit: ${{ github.event.head_commit.message }}\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
          curl -X POST https://api.brevo.com/v3/smtp/email \
            -H "api-key: ${{ secrets.BREVO_API_KEY }}" \
            -H "Content-Type: application/json" \
            -d "{
              \"sender\": {\"email\": \"deploy@digiformer.net\", \"name\": \"Forgejo Deploy\"},
              \"to\": [{\"email\": \"pascal.oelmann@digiformer.net\"}],
              \"subject\": \"$SUBJECT\",
              \"textContent\": \"$BODY\"
            }"
Initial Astro-Build, Deployment-Setup und Forgejo-Workflow - Astro 6 + React + Tailwind v4 Projekt-Skelett mit allen Marketing-Seiten (Home, Module, Tester, Souveränität, Roadmap, Kontakt, Impressum, Datenschutz) - Self-hosted Outfit + JetBrains Mono Fonts (DSGVO) - Marketing-Komponenten gemäss CLAUDE.md §5.6 (NumberedItem, ModuleCard, StatusDot, TechStrip, SovereigntyBlock, RoadmapTimeline, etc.) - Module-Daten in src/content/module.ts als Single Source of Truth - E2E Smoke-Tests via Playwright - OG-Image-Generator - Forgejo Workflow .forgejo/workflows/deploy.yml für Tier-2 Static Deploy - Infra-as-Code Snapshot in infra/marketing-vps/ - Brand-System Submodule auf Forgejo umgezogen (war GitHub) - Deployment- und Handoff-Dokumentation - .DS_Store aus Tracking entfernt, .gitignore um Test-Artefakte ergaenzt 2026-05-04 23:59:35 +00:00			`name: Deploy Marketing-Site`

			`on:`
			`push:`
			`branches:`
			`- main`
			`workflow_dispatch:`

			`concurrency:`
			`group: deploy-marketing`
			`cancel-in-progress: false`

			`jobs:`
			`test:`
			`name: Lint + Smoke-Tests`
			`runs-on: docker`
			`container:`
			`image: node:22-bookworm`
			`steps:`
			`- uses: actions/checkout@v4`

			`- name: pnpm aktivieren`
			`run: \|`
			`corepack enable`
			`corepack prepare pnpm@latest --activate`

			`- name: Dependencies`
			`run: pnpm install --frozen-lockfile`

			`- name: Production-Build`
			`run: pnpm build`

			`- name: Playwright-Browser`
			`run: pnpm exec playwright install --with-deps chromium`

			`- name: Smoke-Tests gegen Production-Build`
			`run: pnpm exec playwright test`
			`env:`
			`CI: '1'`

			`- name: Build-Artefakt aufheben`
			`uses: actions/upload-artifact@v3`
			`with:`
			`name: dist`
			`path: dist/`
			`retention-days: 3`

			`deploy:`
			`name: Deploy auf Marketing-VPS`
			`runs-on: docker`
			`container:`
			`image: alpine:3.20`
			`needs: test`
			`if: github.ref == 'refs/heads/main'`
			`steps:`
			`- uses: actions/checkout@v4`

			`- name: Tools installieren`
			`run: \|`
			`apk add --no-cache rsync openssh-client`

			`- name: Build-Artefakt holen`
			`uses: actions/download-artifact@v3`
			`with:`
			`name: dist`
			`path: dist/`

			`- name: SSH-Key setzen`
			`run: \|`
			`mkdir -p ~/.ssh`
			`echo "${{ secrets.MARKETING_SSH_KEY }}" > ~/.ssh/marketing`
			`chmod 600 ~/.ssh/marketing`
			`ssh-keyscan -H "${{ secrets.MARKETING_HOST }}" >> ~/.ssh/known_hosts`

			`- name: Rsync zu Marketing-VPS`
			`run: \|`
			`rsync -avz --delete \`
			`-e "ssh -i ~/.ssh/marketing -o StrictHostKeyChecking=yes" \`
			`dist/ \`
			`"${{ secrets.MARKETING_USER }}@${{ secrets.MARKETING_HOST }}:slimcore.io/"`

			`- name: Deploy-Verifikation`
			`run: \|`
			`# Caddy braucht keine Reload — file_server liest live aus dem Verzeichnis`
			`# Stattdessen: HTTPS-Check, dass die neue Version live ist`
			`sleep 3`
			`STATUS=$(wget -qO- --server-response https://slimcore.io/ 2>&1 \| awk '/HTTP\//{print $2}' \| head -1)`
			`if [ "$STATUS" != "200" ]; then`
			`echo "Production-Site liefert HTTP $STATUS, erwartet 200"`
			`exit 1`
			`fi`
			`echo "✓ slimcore.io antwortet mit 200"`

			`notify:`
			`name: Deploy-Notification`
			`runs-on: docker`
			`container:`
			`image: alpine:3.20`
			`needs: deploy`
			`if: always()`
			`steps:`
			`- name: Status-Mail an Pascal`
			`if: ${{ secrets.BREVO_API_KEY != '' }}`
			`run: \|`
			`apk add --no-cache curl`
			`STATUS="${{ needs.deploy.result }}"`
			`SUBJECT="[slimcore.io] Deploy ${STATUS}"`
			`BODY="Deploy von ${{ github.sha }} auf slimcore.io: ${STATUS}\n\nCommit: ${{ github.event.head_commit.message }}\nWorkflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"`
			`curl -X POST https://api.brevo.com/v3/smtp/email \`
			`-H "api-key: ${{ secrets.BREVO_API_KEY }}" \`
			`-H "Content-Type: application/json" \`
			`-d "{`
			`\"sender\": {\"email\": \"deploy@digiformer.net\", \"name\": \"Forgejo Deploy\"},`
			`\"to\": [{\"email\": \"pascal.oelmann@digiformer.net\"}],`
			`\"subject\": \"$SUBJECT\",`
			`\"textContent\": \"$BODY\"`
			`}"`