# CI/CD Summary (Gitea Actions)

This project uses Gitea Actions for CI/CD, Gitea Registry for images, and SSH + Docker Compose for deploy.

**Branch Rules**
1. `main` is production releases. Push to `main` builds, pushes images, and deploys to prod.
2. `dev` deploys to the dev stand (host `10.10.0.112`). Push to `dev` builds, pushes images, and deploys to dev.
3. `feature/*` runs CI only. No build, no push, no deploy.
4. Pull requests to `main` and `dev` run CI only.

**Triggers**
1. `push` to `main`, `dev`, `feature/**`.
2. `pull_request` to `main` and `dev`.

**Pipeline Jobs**
1. `lint`
2. `test`
3. `build_push` for `main` and `dev` only.
4. `deploy_dev` for `dev` only.
5. `deploy_prod` for `main` only.

**Python Tooling**
1. Python 3.11.
2. `uv` for dependency sync.
3. Ruff lint and format checks for `src` and `tests`.

**Image Tags**
1. `${branch}` and `${branch}-${sha7}` for every push to `main` or `dev`.
2. `latest` for `main` only.

**Registry**
1. Host: `10.10.0.10:3000` (HTTP, insecure).
2. Namespace: `<repo_owner>`.
3. Images: `mostovik-web`, `mostovik-celery`.
4. Push uses `crane` with `--insecure`.

**Deploy**
1. `docker-compose.prod.yml` is copied to `/opt/mostovik-backend/` on the target host.
2. `IMAGE_TAG` is set to the branch name.
3. Docker Compose pulls `web`, `celery_worker`, `celery_beat`, then restarts the stack.
4. Old images are pruned at the end.

**Secrets**
1. `REGISTRY_USER`
2. `REGISTRY_TOKEN`
3. `DEPLOY_HOST`
4. `DEPLOY_USER`
5. `DEPLOY_SSH_KEY` (base64-encoded private key)

**Environment-Specific Secrets**
1. Use Gitea environments `dev` and `prod` with the same secret names above.
2. If environment secrets are not available, set repo-level secrets to the correct target before deploying.