From 5eab006780b3857df898026ce5e7aeacfdc680e1 Mon Sep 17 00:00:00 2001
From: Chaim <chaim@marcus-law.co.il>
Date: Mon, 13 Apr 2026 18:23:33 +0000
Subject: [PATCH] Add Gitea Actions CI/CD: build image + trigger Coolify deploy

On push to main, the workflow builds a Docker image, pushes to
Gitea Container Registry, then triggers Coolify to pull and redeploy.
Replaces the old Dockerfile-build-on-deploy approach.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yaml | 40 ++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .gitea/workflows/deploy.yaml

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
new file mode 100644
index 0000000..4aa465c
--- /dev/null
+++ b/.gitea/workflows/deploy.yaml
@@ -0,0 +1,40 @@
+name: Build & Deploy
+
+on:
+  push:
+    branches: [main]
+
+env:
+  REGISTRY: gitea.nautilus.marcusgroup.org
+  IMAGE: ezer-mishpati/legal-ai
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    container:
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to Gitea Registry
+        run: |
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
+            docker login ${{ env.REGISTRY }} \
+              -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+
+      - name: Build and push image
+        run: |
+          TAG="${{ env.REGISTRY }}/${{ env.IMAGE }}:latest"
+          SHA_TAG="${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}"
+          docker build -t "$TAG" -t "$SHA_TAG" .
+          docker push "$TAG"
+          docker push "$SHA_TAG"
+
+      - name: Trigger Coolify redeploy
+        run: |
+          # 172.17.0.1 = Docker bridge gateway → host
+          curl -sf \
+            "http://172.17.0.1:8000/api/v1/deploy?uuid=my85gabx37ele9aouub8t8ju&force=true" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"