From c78c3f1c746f9b56e0388c4f6028256b371a24ce Mon Sep 17 00:00:00 2001
From: jtbx <ccc+c3voc@jtbx.de>
Date: Sat, 4 Apr 2026 13:46:27 +0200
Subject: [PATCH] WIP feat(ci): Add deployment to static web host

TODO: change deploy host
---
 .forgejo/workflows/cleanup.yaml | 29 ++++++++++++
 .forgejo/workflows/deploy.yaml  | 80 +++++++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+)
 create mode 100644 .forgejo/workflows/cleanup.yaml
 create mode 100644 .forgejo/workflows/deploy.yaml

diff --git a/.forgejo/workflows/cleanup.yaml b/.forgejo/workflows/cleanup.yaml
new file mode 100644
index 0000000..b77bcd2
--- /dev/null
+++ b/.forgejo/workflows/cleanup.yaml
@@ -0,0 +1,29 @@
+on:
+  pull_request:
+    types:
+      - closed
+
+env:
+  TZ: Europe/Berlin
+  DEPLOY_TARGET_BASE: c3voc-docs-deploy@public-web-static-intern.hamburg.ccc.de
+  STAGING_BASE_PATH: https://docs-staging.c3voc.de/av
+  STAGING_DEPLOY_PATH: /var/www/docs-staging.c3voc.de/av/
+
+jobs:
+  cleanup-staging:
+    runs-on: nix
+    container:
+      image: code.forgejo.org/oci/node:22-bookworm
+    steps:
+      - name: Pipeline info PR
+        run: |
+          echo "Run triggered by ${{ github.event_name }} (${{ github.event.action }}) on ref ${{ github.ref_name }}"
+
+      - name: Staging Deployment - Prepare keys
+        run: |
+          echo "${{ secrets.SSH_DEPLOY_KEY }}" > deploykey.priv
+          chmod 400 deploykey.priv
+          echo "${{ secrets.SSH_KNOWN_HOSTS_FILE }}" > ./known_hosts
+      - name: Staging Deployment - Remove PR from staging
+        run: |
+          ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts' ${{ env.DEPLOY_TARGET_BASE }} -t "rm -r ${{ env.STAGING_DEPLOY_PATH }}/pr${{ github.event.pull_request.number }}/"
diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
new file mode 100644
index 0000000..8b1243e
--- /dev/null
+++ b/.forgejo/workflows/deploy.yaml
@@ -0,0 +1,80 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  TZ: Europe/Berlin
+  DEPLOY_TARGET_BASE: c3voc-docs-deploy@public-web-static-intern.hamburg.ccc.de
+  PROD_BASE_PATH: https://docs.c3voc.de/av
+  PROD_DEPLOY_PATH: /var/www/docs.c3voc.de/av/
+  STAGING_BASE_PATH: https://docs-staging.c3voc.de/av
+  STAGING_DEPLOY_PATH: /var/www/docs-staging.c3voc.de/av/
+
+jobs:
+  build:
+    runs-on: nix
+    container:
+      image: python:3.13-trixie
+    steps:
+      - name: Pipeline info
+        run: |
+          echo "Run triggered by ${{ github.event_name }} (${{ github.event.action }}) on ref ${{ github.ref_name }}"
+
+      - name: Install packages
+        run: |
+          apt update
+          # For CI actions.
+          apt install nodejs
+          # For website build.
+          pip install -r requirements.txt
+          # For uploading.
+          apt install rsync openssh-client
+
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0 # pull full history for page lastmod by git commit date
+
+      - name: Build website - prod
+        run: |
+          mkdocs build
+
+      - name: Build website - staging
+        if: github.ref_name != 'main'
+        run: |
+          sed -i "s#site_url: ${{ env.PROD_BASE_PATH }}/'#site_url: ${{ env.STAGING_BASE_PATH }}/pr${{ github.event.pull_request.number }}/#" mkdocs.yml
+          mkdocs build
+
+      - name: Deploy - Prepare keys
+        if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'schedule'
+        run: |
+          echo "${{ secrets.SSH_DEPLOY_KEY }}" > deploykey.priv
+          chmod 400 deploykey.priv
+          echo "${{ secrets.SSH_KNOWN_HOSTS_FILE }}" > ./known_hosts
+
+      - name: Deploy - Upload PR to staging
+        if: github.event_name == 'pull_request'
+        run: |
+          echo "Deploying to ${{ env.STAGING_BASE_PATH }}/pr${{ github.event.pull_request.number }}"
+          rsync -v -r --delete -e "ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts'" site/ ${{ env.DEPLOY_TARGET_BASE }}:${{ env.STAGING_DEPLOY_PATH }}/pr${{ github.event.pull_request.number }}/
+      - name: Deploy - Add comment to PR with staging URL
+        if: github.event_name == 'pull_request' && github.event.action == 'opened'
+        run: |
+          curl \
+            -X POST \
+            ${{ github.event.pull_request.base.repo.url }}/issues/${{ github.event.pull_request.number }}/comments \
+            -H "Content-Type: application/json" \
+            -H "Authorization: token $GITHUB_TOKEN" \
+            --data '{ "body": "You can view your changes at ${{ env.STAGING_BASE_PATH }}/pr${{ github.event.pull_request.number }}/" }'
+
+      - name: Deploy - Upload to prod
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref_name == 'main'
+        run: |
+          rsync -v -r --delete -e "ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts'" site/ ${{ env.DEPLOY_TARGET_BASE }}:${{ env.PROD_DEPLOY_PATH }}
+
+      - uses: actions/upload-artifact@v3
+        if: github.event_name == 'pull_request'
+        with:
+          name: website-build
+          path: public/