refactored deployment phase

.gitea/workflows/cicd.yaml

@@ -51,7 +51,7 @@ jobs:
       - name: Build Docker image for scan
         run: docker build -t demo-app:latest .
 
-      # Trivy via Docker (no GitHub Action)
+      # Trivy via Docker (no GitHub/Gitea action)
       - name: Scan image with Trivy
         run: |
           docker run --rm \
@@ -85,29 +85,32 @@ jobs:
           ssh-keyscan -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts
 
       - name: Copy tar to server
-        run: scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} demo-app.tar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:${{ secrets.DEPLOY_PATH }}demo-app.tar
+        run: |
+          scp -o StrictHostKeyChecking=no -P ${{ secrets.SERVER_PORT }} \
+            demo-app.tar \
+            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }}:'${{ secrets.DEPLOY_PATH }}/demo-app.tar'
 
       - name: Deploy on server
         run: |
-          ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << 'EOF'
+          ssh -o StrictHostKeyChecking=no -p ${{ secrets.SERVER_PORT }} \
+            ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_HOST }} << EOF
             set -e
-            cd "${DEPLOY_PATH}"
 
-            # Create/update .env with DB secrets from CI
-            echo "DB_USER=${DB_USER}" > .env
-            echo "DB_PASS=${DB_PASS}" >> .env
-            echo "DB_NAME=${DB_NAME}" >> .env
+            cd "${{ secrets.DEPLOY_PATH }}"
 
-            # Load new image and restart stack
+            # Create/update .env with DB secrets
+            echo "DB_USER=${{ secrets.DB_USER }}" > .env
+            echo "DB_PASS=${{ secrets.DB_PASS }}" >> .env
+            echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env
+
+            # Load the new image from the tarball
             docker load -i demo-app.tar
+
+            # Restart the compose stack
             docker compose down
             docker compose --env-file .env up -d --remove-orphans
 
+            # Clean up
             rm demo-app.tar
           EOF
-        env:
-          DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
-          DB_USER: ${{ secrets.DB_USER }}
-          DB_PASS: ${{ secrets.DB_PASS }}
-          DB_NAME: ${{ secrets.DB_NAME }}