immersive2/.github/workflows/build.yml

name: Build and Deploy

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  build:
    runs-on: linux_amd64
    timeout-minutes: 15

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install dependencies
        run: npm ci
        timeout-minutes: 5

      - name: Build Front End
        run: npm run build
        timeout-minutes: 10
        env:
          NODE_OPTIONS: '--max-old-space-size=4096'

      - name: Stop Service
        run: |
          sudo rc-service immersive stop || true          

      - name: Deploy to /opt/immersive
        run: |
          # Ensure group write so we can delete old files
          sudo chmod -R g+w /opt/immersive || true

          # Remove old files except data directory and env file
          find /opt/immersive -mindepth 1 -maxdepth 1 ! -name 'data' ! -name '.env.production' -exec rm -rf {} +

          # Copy built files to target
          cp -r . /opt/immersive/

          # Remove unnecessary directories
          rm -rf /opt/immersive/.git /opt/immersive/.github

          # Set permissions on start.sh and ensure group write for future deploys
          chmod +x /opt/immersive/start.sh
          sudo chmod -R g+w /opt/immersive

          # Set ownership to immersive user
          sudo chown -R immersive:immersive /opt/immersive          

      - name: Create Environment File
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
        run: |
          # Create .env.production with secrets (only accessible by immersive user)
          echo "# Auto-generated by CI/CD - Do not edit manually" > /opt/immersive/.env.production
          echo "ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}" >> /opt/immersive/.env.production
          echo "CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}" >> /opt/immersive/.env.production
          echo "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}" >> /opt/immersive/.env.production

          # Secure the environment file
          sudo chown immersive:immersive /opt/immersive/.env.production
          sudo chmod 600 /opt/immersive/.env.production          

      - name: Start Service
        run: |
          sudo rc-service immersive start