padelnomics/.gitlab-ci.yml

stages:
  - test
  - deploy

test:
  stage: test
  image: python:3.12-slim
  before_script:
    - pip install uv
  script:
    - cd padelnomics && uv sync
    - uv run pytest tests/ -x -q
    - uv run ruff check src/ tests/
  rules:
    - if: $CI_COMMIT_BRANCH == "master"
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

deploy:
  stage: deploy
  image: alpine:latest
  needs: [test]
  rules:
    - if: $CI_COMMIT_BRANCH == "master"
  before_script:
    - apk add --no-cache openssh-client
    - eval $(ssh-agent -s)
    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - echo "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
  script:
    - |
      ssh "$DEPLOY_USER@$DEPLOY_HOST" "cat > /opt/padelnomics/padelnomics/.env" << ENVEOF
      APP_NAME=$APP_NAME
      SECRET_KEY=$SECRET_KEY
      BASE_URL=$BASE_URL
      DEBUG=false
      ADMIN_PASSWORD=$ADMIN_PASSWORD
      DATABASE_PATH=data/app.db
      MAGIC_LINK_EXPIRY_MINUTES=${MAGIC_LINK_EXPIRY_MINUTES:-15}
      SESSION_LIFETIME_DAYS=${SESSION_LIFETIME_DAYS:-30}
      RESEND_API_KEY=$RESEND_API_KEY
      EMAIL_FROM=${EMAIL_FROM:-hello@notifications.padelnomics.io}
      ADMIN_EMAIL=${ADMIN_EMAIL:-}
      RATE_LIMIT_REQUESTS=${RATE_LIMIT_REQUESTS:-100}
      RATE_LIMIT_WINDOW=${RATE_LIMIT_WINDOW:-60}
      PADDLE_API_KEY=$PADDLE_API_KEY
      PADDLE_WEBHOOK_SECRET=$PADDLE_WEBHOOK_SECRET
      PADDLE_PRICE_STARTER=$PADDLE_PRICE_STARTER
      PADDLE_PRICE_PRO=$PADDLE_PRICE_PRO
      LITESTREAM_R2_BUCKET=$LITESTREAM_R2_BUCKET
      LITESTREAM_R2_ACCESS_KEY_ID=$LITESTREAM_R2_ACCESS_KEY_ID
      LITESTREAM_R2_SECRET_ACCESS_KEY=$LITESTREAM_R2_SECRET_ACCESS_KEY
      LITESTREAM_R2_ENDPOINT=$LITESTREAM_R2_ENDPOINT
      ENVEOF
    - ssh "$DEPLOY_USER@$DEPLOY_HOST" "chmod 600 /opt/padelnomics/padelnomics/.env"
    - ssh "$DEPLOY_USER@$DEPLOY_HOST" "cd /opt/padelnomics && git pull origin master && ./deploy.sh"