# Deploy na single server: build a compose běží na hostu přes /opt/ems-deploy/deploy.sh (bez DinD).
#
# Vyžaduje act_runner na stejném stroji jako Docker s host executorem, nebo upravit job na SSH.
# Sladit `runs-on` s labely registrace runneru (např. self-hosted + ems-deploy).

name: deploy

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: self-hosted
    steps:
      - name: Run deploy script on host
        run: /opt/ems-deploy/deploy.sh

  # Alternativa: runner v Dockeru bez přístupu k hostu — odkomentovat a upravit SERVER + secrets.
  # deploy-ssh:
  #   runs-on: ubuntu-latest
  #   steps:
  #     - name: Deploy over SSH
  #       env:
  #         SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
  #       run: |
  #         mkdir -p ~/.ssh
  #         printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
  #         chmod 600 ~/.ssh/id_ed25519
  #         ssh -o StrictHostKeyChecking=yes -i ~/.ssh/id_ed25519 deploy@SERVER '/opt/ems-deploy/deploy.sh'