Runner is on the internal network — connecting to the public domain
fails due to hairpin NAT, same as the syndication webhook.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- runs-on: freebsd (act_runner host label) instead of ubuntu-latest
- Drop appleboy/ssh-action; use plain ssh in a run step (same pattern as
indiekit-blog deploy.yml)
- Drop actions/setup-node; no build step on runner side
- On deploy: set git remote to internal Gitea URL, fetch, reset --hard
- npm ci --legacy-peer-deps (postinstall applies all patches automatically)
- .env and SECRET preflight checks; preflight-production-security and
preflight-mongo-connection before restart
- Async restart via nohup + poll loop (avoids SSH hanging on open stdout)
- add workflow_dispatch trigger
Required repo secrets: SSH_PRIVATE_KEY, SSH_USER, SSH_HOST
(copy values from giersig.eu/indiekit-blog repo secrets)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Addresses Node.js 20 deprecation warning in GitHub Actions runners.
actions/checkout and actions/setup-node v4 use Node.js 24-compatible
runtimes, ahead of the June 2026 forced migration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds an explicit patch loop in the deploy step to ensure all
scripts/patch-*.mjs run even if npm ci postinstall was skipped.
This guarantees changelog categorization and other patches are
always applied on the server regardless of npm install mode.
