From 717b059670149ed65d32e397aa80242724a693f8 Mon Sep 17 00:00:00 2001
From: gitea <the.dark.mist23@gmail.com>
Date: Wed, 26 Nov 2025 12:12:43 +0330
Subject: [PATCH] Improved Pipeline manifest

---
 .gitea/workflows/cicd.yaml | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/cicd.yaml b/.gitea/workflows/cicd.yaml
index 3e85cbc..76b63bb 100644
--- a/.gitea/workflows/cicd.yaml
+++ b/.gitea/workflows/cicd.yaml
@@ -11,12 +11,15 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: '3.12'
+
       - name: Install deps
         run: pip install -r requirements.txt
+
       - name: Run tests
         env:
           DB_USER: ''  # Empty to force SQLite fallback
@@ -30,14 +33,17 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile', 'requirements.txt') }}
           restore-keys: ${{ runner.os }}-buildx-
+
       - name: Build Docker image
         uses: docker/build-push-action@v6
         with:
@@ -45,21 +51,23 @@ jobs:
           tags: demo-app:latest
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
       - name: Save Docker image to tar
         run: docker save demo-app:latest > demo-app.tar
-      - name: Upload image tar
-        uses: actions/upload-artifact@v4
-        with:
-          name: demo-app-image
-          path: demo-app.tar
-          retention-days: 1
+        # demo-app.tar now lives in the shared workspace for later jobs
 
   scan:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
+      - name: Checkout code (keep demo-app.tar)
         uses: actions/checkout@v4
+        with:
+          clean: false   # do NOT git clean; preserves demo-app.tar
+
+      - name: Load image from tar
+        run: docker load -i demo-app.tar
+
       - name: Scan Image
         uses: aquasecurity/trivy-action@master
         with:
@@ -72,6 +80,11 @@ jobs:
     needs: [build, scan]
     runs-on: ubuntu-latest
     steps:
+      # no checkout here so we don't accidentally clean demo-app.tar
+
+      - name: Verify image tar exists
+        run: ls -lh demo-app.tar
+
       - name: Set up SSH
         run: |
           apt update && apt install -y openssh-client
@@ -81,8 +94,10 @@ jobs:
           eval "$(ssh-agent -s)"
           ssh-add ~/.ssh/id_ed25519
           ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
+
       - name: Copy tar to server
         run: scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
+
       - name: Deploy on server
         run: |
           ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
@@ -97,3 +112,4 @@ jobs:
             docker compose --env-file .env up -d --remove-orphans
             rm demo-app.tar
           EOF
+