From 5d99d5d47a5878c334f7561fc7e2fa28164354a8 Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBook-Pro.fritz.box>
Date: Wed, 11 Mar 2026 00:08:27 +0100
Subject: [PATCH] feat(ci): Automatisches Deploy auf Hetzner via Gitea Actions

- Gitea Actions CI um deploy-hetzner Job erweitert
- Automatischer Build + Deploy bei Push auf main (nach Tests)
- docker-compose.hetzner.yml Override (amd64 statt arm64)
- Deploy-Dir: /opt/breakpilot-compliance/
- Baut parallel: admin, backend, ai-sdk, developer-portal
- Health Checks nach Deploy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yaml   | 84 +++++++++++++++++++++++++++++++++++++-
 .gitignore                 |  1 +
 docker-compose.hetzner.yml | 34 +++++++++++++++
 3 files changed, 117 insertions(+), 2 deletions(-)
 create mode 100644 docker-compose.hetzner.yml

diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index 6117b2b..2f4b168 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -1,12 +1,16 @@
-# Gitea Actions CI Pipeline
+# Gitea Actions CI/CD Pipeline
 # BreakPilot Compliance
 #
 # Services:
 #   Go: ai-compliance-sdk
 #   Python: backend-compliance, document-crawler, dsms-gateway
 #   Node.js: admin-compliance, developer-portal
+#
+# Workflow:
+#   Push auf main → Tests → Build → Deploy (Hetzner)
+#   Pull Request → Lint + Tests (kein Deploy)
 
-name: CI
+name: CI/CD
 
 on:
   push:
@@ -164,3 +168,79 @@ jobs:
           pip install --quiet --no-cache-dir -r requirements.txt 2>/dev/null || true
           pip install --quiet --no-cache-dir pytest pytest-asyncio
           python -m pytest test_main.py -v --tb=short
+
+  # ========================================
+  # Build & Deploy auf Hetzner (nur main, kein PR)
+  # ========================================
+
+  deploy-hetzner:
+    runs-on: docker
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    needs:
+      - test-go-ai-compliance
+      - test-python-backend-compliance
+      - test-python-document-crawler
+      - test-python-dsms-gateway
+    container: docker:27-cli
+    steps:
+      - name: Deploy
+        run: |
+          set -euo pipefail
+          DEPLOY_DIR="/opt/breakpilot-compliance"
+          COMPOSE_FILES="-f docker-compose.yml -f docker-compose.hetzner.yml"
+          COMMIT_SHA="${GITHUB_SHA:-unknown}"
+          SHORT_SHA="${COMMIT_SHA:0:8}"
+
+          echo "=== BreakPilot Compliance Deploy ==="
+          echo "Commit: ${SHORT_SHA}"
+          echo "Deploy Dir: ${DEPLOY_DIR}"
+          echo ""
+
+          # 1. Repo auf dem Host aktualisieren
+          if [ ! -d "${DEPLOY_DIR}/.git" ]; then
+            echo "FEHLER: ${DEPLOY_DIR} ist kein Git-Repository"
+            echo "Bitte einmalig einrichten:"
+            echo "  git clone <repo-url> ${DEPLOY_DIR}"
+            echo "  cp .env.example ${DEPLOY_DIR}/.env  # und anpassen"
+            exit 1
+          fi
+
+          # Git pull im Deploy-Verzeichnis
+          apk add --no-cache git > /dev/null 2>&1
+          cd "${DEPLOY_DIR}"
+          git fetch origin main
+          git reset --hard origin/main
+          echo "Code aktualisiert auf ${SHORT_SHA}"
+
+          # 2. Core-Services (admin, backend, ai-sdk, dev-portal) bauen
+          echo ""
+          echo "=== Building Docker Images ==="
+          docker compose ${COMPOSE_FILES} build \
+            --parallel \
+            admin-compliance \
+            backend-compliance \
+            ai-compliance-sdk \
+            developer-portal
+
+          # 3. Container neu starten (nur geaenderte)
+          echo ""
+          echo "=== Deploying ==="
+          docker compose ${COMPOSE_FILES} up -d \
+            --remove-orphans \
+            admin-compliance \
+            backend-compliance \
+            ai-compliance-sdk \
+            developer-portal
+
+          # 4. Health Checks
+          echo ""
+          echo "=== Health Checks ==="
+          sleep 10
+
+          for svc in bp-compliance-admin bp-compliance-backend bp-compliance-ai-sdk; do
+            STATUS=$(docker inspect --format='{{.State.Status}}' "${svc}" 2>/dev/null || echo "not found")
+            echo "${svc}: ${STATUS}"
+          done
+
+          echo ""
+          echo "=== Deploy abgeschlossen: ${SHORT_SHA} ==="
diff --git a/.gitignore b/.gitignore
index 18205b3..073575e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@ backups/*.backup
 *.mp3
 *.wav
 ai-compliance-sdk/server
+*.bak
diff --git a/docker-compose.hetzner.yml b/docker-compose.hetzner.yml
new file mode 100644
index 0000000..521a692
--- /dev/null
+++ b/docker-compose.hetzner.yml
@@ -0,0 +1,34 @@
+# =========================================================
+# BreakPilot Compliance — Hetzner Override
+# =========================================================
+# Verwendung: docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d
+#
+# Entfernt ARM64-Platform-Constraint (Hetzner = x86_64/amd64)
+# und passt Hetzner-spezifische Einstellungen an.
+# =========================================================
+
+services:
+
+  admin-compliance:
+    platform: linux/amd64
+
+  developer-portal:
+    platform: linux/amd64
+
+  backend-compliance:
+    platform: linux/amd64
+
+  ai-compliance-sdk:
+    platform: linux/amd64
+
+  compliance-tts-service:
+    platform: linux/amd64
+
+  document-crawler:
+    platform: linux/amd64
+
+  dsms-node:
+    platform: linux/amd64
+
+  docs:
+    platform: linux/amd64