feat(ci): add deploy step to pull and run images on server

.gitea/workflows/ci-cd.yml

@@ -167,3 +167,46 @@ jobs:
       - name: Image summary
         run: |
           echo "Images pushed to git.dev.nii-ecos.ru/${{ github.repository_owner }}/"
+
+  deploy:
+    name: Deploy to Server
+    runs-on: ubuntu-latest
+    needs: [push]
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/dev'
+
+    steps:
+      - name: Deploy via SSH
+        run: |
+          BRANCH_TAG=$(echo ${GITHUB_REF_NAME} | sed 's/\//-/g')
+          
+          # Setup SSH
+          mkdir -p ~/.ssh
+          echo "${DEPLOY_SSH_KEY}" > ~/.ssh/deploy_key
+          chmod 600 ~/.ssh/deploy_key
+          ssh-keyscan -H ${DEPLOY_HOST} >> ~/.ssh/known_hosts 2>/dev/null
+          
+          # Deploy commands
+          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no ${DEPLOY_USER}@${DEPLOY_HOST} << EOF
+            cd /opt/mostovik-backend
+            
+            # Login to registry
+            echo "${REGISTRY_PASSWORD}" | docker login --username "${REGISTRY_USER}" --password-stdin git.dev.nii-ecos.ru
+            
+            # Pull new images
+            export IMAGE_TAG=${BRANCH_TAG}
+            docker compose -f docker-compose.prod.yml pull web celery_worker celery_beat
+            
+            # Restart services
+            docker compose -f docker-compose.prod.yml up -d web celery_worker celery_beat
+            
+            # Cleanup old images
+            docker image prune -f
+          EOF
+          
+          echo "Deployed ${BRANCH_TAG} to ${DEPLOY_HOST}"
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
+          DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}