From e8312268d2e765e5cba7f3dd7204f506ae77ed42 Mon Sep 17 00:00:00 2001
From: Lars <Lars@stommer.de>
Date: Mon, 29 Sep 2025 15:35:27 +0200
Subject: [PATCH] .gitea/workflows/deploy.yml aktualisiert

---
 .gitea/workflows/deploy.yml | 115 +++++++++++++++++++++++++-----------
 1 file changed, 80 insertions(+), 35 deletions(-)

diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 283131e..5585391 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1,50 +1,95 @@
 # .gitea/workflows/deploy.yml
 name: Deploy mindnet to llm-node
-on: { push: { branches: [ "main" ] } }
-# on: {}
+on:
+  push:
+    branches: [ "main" ]
 
-concurrency: { group: deploy-mindnet, cancel-in-progress: false }
+concurrency:
+  group: deploy-mindnet
+  cancel-in-progress: false
 
 jobs:
   deploy:
     runs-on: linux_host
     env:
-      DEPLOY_DIRS: "app scripts schemas docker tests requirements.txt README.md"
+      DEPLOY_USER: "llmadmin"
+      DEPLOY_HOST: "${{ secrets.DEPLOY_HOST }}"
       TARGET_BASE: "/home/llmadmin/mindnet"
+      # Whitelist der zu synchronisierenden Einträge (keine Caches!)
+      DEPLOY_DIRS: "app scripts schemas docker tests requirements.txt README.md"
+      # Optional: HF Cache global außerhalb TARGET_BASE (empfohlen)
+      HF_HOME: "/home/llmadmin/.cache/huggingface"
+
     steps:
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
-      - name: Ensure target base
-        run: install -d "$TARGET_BASE"
-      - name: Deploy whitelisted
+
+      - name: Ensure target base exists
         run: |
-          set -euo pipefail
-          IFS=' ' read -r -a DIRS <<< "$DEPLOY_DIRS"
-          for d in "${DIRS[@]}"; do
-            if [ -e "$d" ]; then
-              if [ -d "$d" ]; then
-                install -d "$TARGET_BASE/$d"
-                rsync -a --delete --exclude='.git' \
-                  --exclude='.env' --exclude='.env.*' --exclude='**/.env*' \
-                  "$d"/ "$TARGET_BASE/$d"/
-              else
-                rsync -a "$d" "$TARGET_BASE/$d"
-              fi
-            fi
-          done
-      - name: Python venv (idempotent)
-        run: |
-          cd "$TARGET_BASE"
-          [ -d .venv ] || python3 -m venv .venv
-          source .venv/bin/activate
-          pip install --upgrade pip
-          [ -f requirements.txt ] && pip install -r requirements.txt || true
-      - name: Optional — restart mindnet-api
+          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "mkdir -p '$TARGET_BASE' '$HF_HOME' && chown -R $DEPLOY_USER:$DEPLOY_USER '$TARGET_BASE' '$HF_HOME' || true"
+
+      - name: Stop API (graceful)
         continue-on-error: true
         run: |
-          if systemctl --user list-unit-files | grep -q '^mindnet-api.service'; then
-            systemctl --user restart mindnet-api.service
-            systemctl --user --no-pager status mindnet-api.service --full -l || true
-          else
-            echo "mindnet-api.service nicht vorhanden – übersprungen."
-          fi
+          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" '
+            if systemctl --user list-unit-files | grep -q "^mindnet-api.service"; then
+              systemctl --user stop mindnet-api.service || true
+            fi
+          '
+
+      - name: Deploy whitelisted (rsync)
+        run: |
+          set -euo pipefail
+          SRC="$GITHUB_WORKSPACE"
+          DEST="$DEPLOY_USER@$DEPLOY_HOST:$TARGET_BASE/"
+
+          # Liste der Quellen vorbereiten (mit führendem ./ für --relative)
+          mapfile -t items < <(echo "$DEPLOY_DIRS" | tr " " "\n" | sed "s|^|./|")
+          cd "$SRC"
+
+          rsync -avz --delete --relative \
+            --omit-dir-times --no-perms --no-owner --no-group \
+            --exclude ".git" \
+            --exclude ".github" \
+            --exclude ".gitea" \
+            --exclude ".venv" \
+            --exclude "__pycache__" \
+            --exclude ".mypy_cache" \
+            --exclude ".pytest_cache" \
+            --exclude "hf_cache" \
+            --exclude "hf_cache/**" \
+            "${items[@]}" "$DEST"
+
+      - name: Fix ownership
+        continue-on-error: true
+        run: |
+          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "sudo chown -R $DEPLOY_USER:$DEPLOY_USER '$TARGET_BASE' || true"
+
+      - name: Python venv & requirements
+        run: |
+          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "
+            set -e
+            cd '$TARGET_BASE'
+            [ -d .venv ] || python3 -m venv .venv
+            source .venv/bin/activate
+            python -m pip install --upgrade pip
+            [ -f requirements.txt ] && pip install -r requirements.txt || true
+          "
+
+      - name: Start/Restart mindnet-api
+        continue-on-error: true
+        run: |
+          ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" '
+            if systemctl --user list-unit-files | grep -q "^mindnet-api.service"; then
+              # HF_HOME außerhalb des Deploy-Baums setzen (robust gegen rsync --delete)
+              if ! systemctl --user cat mindnet-api.service | grep -q "Environment=HF_HOME="; then
+                echo "⚠️ Hinweis: Bitte Environment=HF_HOME in der Service-Unit setzen, z.B.:
+[Service]
+Environment=HF_HOME=/home/llmadmin/.cache/huggingface"
+              fi
+              systemctl --user restart mindnet-api.service
+              systemctl --user --no-pager status mindnet-api.service --full -l || true
+            else
+              echo "mindnet-api.service nicht vorhanden – übersprungen."
+            fi
+          '