feat: container registry deploy (build in CI, pull on server)

.gitea/workflows/cd.yml

@@ -0,0 +1,22 @@
+name: Deploy
+
+on:
+  push:
+    branches: master
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install Ansible
+        run: |
+          pip install -r infra/ansible/requirements.txt
+          ansible-galaxy install -r infra/ansible/requirements.yml
+
+      - name: Run playbook
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass
+          ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml --vault-password-file .vault_pass
+          rm .vault_pass

.gitea/workflows/ci.yml

@@ -0,0 +1,27 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - dev
+  pull_request:
+    branches:
+      - master
+
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Node setup
+        uses: actions/setup-node@v6
+        with:
+          node-version: "24.12"
+
+      - name: Install deps
+        run: npm install
+      - name: Lint
+        run: npm run build

.gitea/workflows/deploy.yml

@@ -0,0 +1,36 @@
+name: Deploy
+
+on:
+  push:
+    branches: [dev]
+
+env:
+  REGISTRY: gitea.d3m0k1d.ru
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Ansible
+        run: apt update && apt install -y ansible
+
+      - name: Login to registry
+        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login $REGISTRY -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+
+      - name: Build and push image
+        run: |
+          IMAGE=$REGISTRY/hellreign/frontend
+          docker build -f dockerfile -t $IMAGE:dev -t $IMAGE:${{ gitea.sha }} .
+          docker push $IMAGE:dev
+          docker push $IMAGE:${{ gitea.sha }}
+
+      - name: Deploy via Ansible
+        run: |
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > .vault_pass
+          ansible-playbook -i infra/ansible/inventory/hosts.yml infra/ansible/playbook.yml \
+            --vault-password-file .vault_pass \
+            -e registry=$REGISTRY \
+            -e tag=${{ gitea.sha }}
+          rm .vault_pass