From 477e22d5a6e1ded1ba00413a44f20c40b2bd452b Mon Sep 17 00:00:00 2001
From: knight <gitea@ghost.tel>
Date: Thu, 22 Jan 2026 10:07:26 -0500
Subject: [PATCH] Update GitOps workflow to respect stack-type labels
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- deploy-prod (master → ubuntu-prod): Only deploys prod and public stacks
- deploy-dev (dev → ubuntu-dev): Only deploys dev-only stacks
- Skips stacks without stack-type labels (with warning)
- Fixed: Only create .env from template if .env doesn't exist

This prevents dev-only experimental stacks from being deployed to
production, even if they're in the master branch.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yml | 64 +++++++++++++++++++++++++++++--------
 1 file changed, 50 insertions(+), 14 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 5de533a..49df822 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -27,15 +27,32 @@ jobs:
           STACKS=$(git diff --name-only HEAD~1 HEAD 2>/dev/null | grep '^stacks/' | cut -d'/' -f2 | sort -u || echo "")
 
           if [ -z "$STACKS" ]; then
-            echo "No stacks changed, deploying all..."
+            echo "No stacks changed, checking all stacks..."
             STACKS=$(ls stacks/)
           fi
 
-          echo "Deploying: $STACKS"
+          echo "Evaluating stacks: $STACKS"
+          echo ""
 
           for stack in $STACKS; do
+            COMPOSE_FILE="stacks/$stack/docker-compose.yml"
+
+            # Check stack-type label
+            STACK_TYPE=$(grep -o 'stack-type=[^"]*' "$COMPOSE_FILE" 2>/dev/null | head -1 | cut -d= -f2)
+
+            if [ -z "$STACK_TYPE" ]; then
+              echo "⚠️  SKIP $stack - no stack-type label found"
+              continue
+            fi
+
+            # On prod, only deploy 'prod' and 'public' stacks
+            if [ "$STACK_TYPE" != "prod" ] && [ "$STACK_TYPE" != "public" ]; then
+              echo "⏭️  SKIP $stack - stack-type=$STACK_TYPE (not for prod)"
+              continue
+            fi
+
             echo "=========================================="
-            echo "Deploying $stack..."
+            echo "Deploying $stack (stack-type=$STACK_TYPE)..."
             echo "=========================================="
 
             STACK_DIR="${{ env.STACKS_DIR }}/$stack"
@@ -44,9 +61,10 @@ jobs:
             # Copy files
             sudo cp -r stacks/$stack/* "$STACK_DIR/"
 
-            # Create .env from template if exists
-            if [ -f "$STACK_DIR/.env.template" ]; then
-              sudo envsubst < "$STACK_DIR/.env.template" > "$STACK_DIR/.env"
+            # Create .env from template if .env doesn't exist
+            if [ -f "$STACK_DIR/.env.template" ] && [ ! -f "$STACK_DIR/.env" ]; then
+              echo "Creating .env from template..."
+              sudo sh -c "DOMAIN=$DOMAIN envsubst < '$STACK_DIR/.env.template' > '$STACK_DIR/.env'"
             fi
 
             # Deploy
@@ -59,7 +77,7 @@ jobs:
           done
 
       - name: Show running containers
-        run: sudo docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | head -20
+        run: sudo docker ps --format "table {{.Names}}\t{{.Status}}" | head -30
 
   deploy-dev:
     if: ${{ github.ref == 'refs/heads/dev' }}
@@ -77,15 +95,32 @@ jobs:
           STACKS=$(git diff --name-only HEAD~1 HEAD 2>/dev/null | grep '^stacks/' | cut -d'/' -f2 | sort -u || echo "")
 
           if [ -z "$STACKS" ]; then
-            echo "No stacks changed, deploying all..."
+            echo "No stacks changed, checking all stacks..."
             STACKS=$(ls stacks/)
           fi
 
-          echo "Deploying: $STACKS"
+          echo "Evaluating stacks: $STACKS"
+          echo ""
 
           for stack in $STACKS; do
+            COMPOSE_FILE="stacks/$stack/docker-compose.yml"
+
+            # Check stack-type label
+            STACK_TYPE=$(grep -o 'stack-type=[^"]*' "$COMPOSE_FILE" 2>/dev/null | head -1 | cut -d= -f2)
+
+            if [ -z "$STACK_TYPE" ]; then
+              echo "⚠️  SKIP $stack - no stack-type label found"
+              continue
+            fi
+
+            # On dev, only deploy 'dev-only' stacks
+            if [ "$STACK_TYPE" != "dev-only" ]; then
+              echo "⏭️  SKIP $stack - stack-type=$STACK_TYPE (not for dev)"
+              continue
+            fi
+
             echo "=========================================="
-            echo "Deploying $stack..."
+            echo "Deploying $stack (stack-type=$STACK_TYPE)..."
             echo "=========================================="
 
             STACK_DIR="${{ env.STACKS_DIR }}/$stack"
@@ -94,9 +129,10 @@ jobs:
             # Copy files
             sudo cp -r stacks/$stack/* "$STACK_DIR/"
 
-            # Create .env from template if exists
-            if [ -f "$STACK_DIR/.env.template" ]; then
-              sudo envsubst < "$STACK_DIR/.env.template" > "$STACK_DIR/.env"
+            # Create .env from template if .env doesn't exist
+            if [ -f "$STACK_DIR/.env.template" ] && [ ! -f "$STACK_DIR/.env" ]; then
+              echo "Creating .env from template..."
+              sudo sh -c "DOMAIN=$DOMAIN envsubst < '$STACK_DIR/.env.template' > '$STACK_DIR/.env'"
             fi
 
             # Deploy
@@ -109,4 +145,4 @@ jobs:
           done
 
       - name: Show running containers
-        run: sudo docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | head -20
+        run: sudo docker ps --format "table {{.Names}}\t{{.Status}}" | head -30