Fix deploy workflow: use self-hosted runner, eliminate SSH roundtrip

Running on ubuntu-latest required SSH back to host to run docker commands.
Switch to self-hosted runner which executes directly on the analytics VM.

.gitea/workflows/deploy.yaml

@@ -7,23 +7,13 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
 
     steps:
-      - name: Deploy via SSH
+      - name: Deploy
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
-          SERVER_IP: ${{ secrets.DEPLOY_SERVER_IP }}
-          SERVER_USER: ${{ secrets.DEPLOY_SERVER_USER }}
         run: |
-          mkdir -p ~/.ssh
+          cd /data/projects/r/stAndrews
-          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+          git pull origin main
-          chmod 600 ~/.ssh/id_rsa
+          docker compose build
-          ssh-keyscan -H $SERVER_IP >> ~/.ssh/known_hosts
+          docker compose up -d
-          ssh ${SERVER_USER}@${SERVER_IP} "
-            cd /data/projects/r/stAndrews &&
-            git pull origin main &&
-            docker compose build &&
-            docker compose up -d &&
           docker exec analytics-gateway caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
-          "

TODO.md

@@ -37,7 +37,7 @@
 
 ## Deployment
 
-- [ ] Fix SSH deploy workflow — failing since server outage; manual deploy required as workaround
+- [x] Fix SSH deploy workflow — switched to self-hosted runner (runs-on: self-hosted), eliminates SSH roundtrip
 - [x] Create Dockerfile, docker-compose.yml, .gitea/workflows/deploy.yaml
 - [x] Push to Gitea — act_runner deploys on push to main
 - [x] App live at apps.robwiederstein.org/stAndrews/