refactor: replace GitHub Actions with native shell commands in workflow

- Remove all GitHub Actions dependencies (checkout, setup-php, cache, buildx, build-push)
- Replace with native shell commands (git clone, apt-get, docker buildx)
- Eliminate dependency on GitHub for action downloads
- Improve stability and reduce timeout issues
- All functionality preserved, now using direct commands only

.gitea/workflows/production-deploy.yml

@@ -29,33 +29,76 @@ jobs:
     if: ${{ !inputs.skip_tests }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        run: |
+          REF_NAME="${{ github.ref_name }}"
+          REPO="${{ github.repository }}"
+          if [ -z "$REF_NAME" ]; then
+            REF_NAME="main"
+          fi
+          
+          # Try HTTPS first, fallback to SSH
+          git clone --depth 1 --branch "$REF_NAME" \
+            "https://git.michaelschiemer.de/${REPO}.git" \
+            /workspace/repo || \
+          git clone --depth 1 --branch "$REF_NAME" \
+            "git@git.michaelschiemer.de:${REPO}.git" \
+            /workspace/repo || \
+          git clone --depth 1 \
+            "https://git.michaelschiemer.de/${REPO}.git" \
+            /workspace/repo
+          
+          cd /workspace/repo
 
       - name: Setup PHP
-        uses: shivammathur/setup-php@v2
+        run: |
-        with:
+          # Install PHP 8.3 and extensions
-          php-version: '8.3'
+          apt-get update
-          extensions: mbstring, xml, pdo, pdo_mysql, zip, gd, intl, sodium, bcmath, redis
+          apt-get install -y \
-          coverage: none
+            php8.3 \
+            php8.3-cli \
+            php8.3-mbstring \
+            php8.3-xml \
+            php8.3-pdo \
+            php8.3-pdo-mysql \
+            php8.3-zip \
+            php8.3-gd \
+            php8.3-intl \
+            php8.3-sodium \
+            php8.3-bcmath \
+            php8.3-redis \
+            composer
 
-      - name: Cache Composer dependencies
+      - name: Cache Composer dependencies (simple)
-        uses: actions/cache@v3
+        run: |
-        with:
+          if [ -d "/tmp/composer-cache/vendor" ]; then
-          path: vendor
+            echo "📦 Restoring cached dependencies..."
-          key: composer-${{ hashFiles('composer.lock') }}
+            cp -r /tmp/composer-cache/vendor /workspace/repo/vendor || true
-          restore-keys: composer-
+          fi
 
       - name: Install dependencies
-        run: composer install --no-interaction --prefer-dist --optimize-autoloader
+        run: |
+          cd /workspace/repo
+          composer install --no-interaction --prefer-dist --optimize-autoloader
+
+      - name: Save Composer cache
+        run: |
+          mkdir -p /tmp/composer-cache
+          cp -r /workspace/repo/vendor /tmp/composer-cache/vendor || true
 
       - name: Run Pest tests
-        run: ./vendor/bin/pest --colors=always
+        run: |
+          cd /workspace/repo
+          ./vendor/bin/pest --colors=always
 
       - name: Run PHPStan
-        run: make phpstan
+        run: |
+          cd /workspace/repo
+          make phpstan
 
       - name: Code style check
-        run: composer cs
+        run: |
+          cd /workspace/repo
+          composer cs
 
   # Job 2: Build & Push Docker Image
   build:
@@ -65,46 +108,85 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       image_tag: ${{ steps.meta.outputs.tag }}
-      commit_sha: ${{ github.sha }}
+      commit_sha: ${{ steps.meta.outputs.commit_sha }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        run: |
+          REF_NAME="${{ github.ref_name }}"
+          REPO="${{ github.repository }}"
+          if [ -z "$REF_NAME" ]; then
+            REF_NAME="main"
+          fi
           
-      - name: Set up Docker Buildx
+          # Try HTTPS first, fallback to SSH
-        uses: docker/setup-buildx-action@v3
+          git clone --depth 1 --branch "$REF_NAME" \
+            "https://git.michaelschiemer.de/${REPO}.git" \
+            /workspace/repo || \
+          git clone --depth 1 --branch "$REF_NAME" \
+            "git@git.michaelschiemer.de:${REPO}.git" \
+            /workspace/repo || \
+          git clone --depth 1 \
+            "https://git.michaelschiemer.de/${REPO}.git" \
+            /workspace/repo
+          
+          cd /workspace/repo
+
+      - name: Setup Docker Buildx
+        run: |
+          docker buildx create --name builder --use || docker buildx use builder
+          docker buildx inspect --bootstrap
 
       - name: Generate image metadata
         id: meta
         run: |
-          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
+          cd /workspace/repo
+          # Gitea Actions supports github.sha for compatibility
+          COMMIT_SHA="${{ github.sha }}"
+          if [ -z "$COMMIT_SHA" ]; then
+            COMMIT_SHA=$(git rev-parse HEAD)
+          fi
+          SHORT_SHA=$(echo "$COMMIT_SHA" | cut -c1-7)
           TAG="${SHORT_SHA}-$(date +%s)"
           echo "tag=${TAG}" >> $GITHUB_OUTPUT
           echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
+          echo "commit_sha=${COMMIT_SHA}" >> $GITHUB_OUTPUT
+          echo "Generated tag: ${TAG}"
 
       - name: Login to Registry
         run: |
           echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.REGISTRY_USER }} --password-stdin
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v5
+        run: |
-        with:
+          cd /workspace/repo
-          context: .
+          COMMIT_SHA="${{ github.sha }}"
-          file: ./Dockerfile.production
+          if [ -z "$COMMIT_SHA" ]; then
-          push: true
+            COMMIT_SHA=$(git rev-parse HEAD)
-          tags: |
+          fi
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          REF_NAME="${{ github.ref_name }}"
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tag }}
+          if [ -z "$REF_NAME" ]; then
-            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:git-${{ steps.meta.outputs.short_sha }}
+            REF_NAME=$(git rev-parse --abbrev-ref HEAD)
-          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
+          fi
-          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
+          SHORT_SHA=$(echo "$COMMIT_SHA" | cut -c1-7)
-          build-args: |
+          TAG="${SHORT_SHA}-$(date +%s)"
-            BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+          
-            GIT_COMMIT=${{ github.sha }}
+          # Build with cache
-            GIT_BRANCH=${{ github.ref_name }}
+          docker buildx build \
+            --platform linux/amd64 \
+            --file ./Dockerfile.production \
+            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
+            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} \
+            --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:git-${SHORT_SHA} \
+            --cache-from type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache \
+            --cache-to type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max \
+            --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
+            --build-arg GIT_COMMIT=${COMMIT_SHA} \
+            --build-arg GIT_BRANCH=${REF_NAME} \
+            --push \
+            .
 
       - name: Image scan for vulnerabilities
         run: |
-          # Optional: Add Trivy or similar vulnerability scanning
           echo "✅ Image built successfully: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.tag }}"
 
   # Job 3: Deploy to Production
@@ -117,11 +199,29 @@ jobs:
       url: https://michaelschiemer.de
     steps:
       - name: Checkout deployment scripts
-        uses: actions/checkout@v4
+        run: |
-        with:
+          REF_NAME="${GITEA_REF_NAME:-main}"
-          sparse-checkout: |
+          REPO="${GITEA_REPOSITORY}"
-            deployment/ansible
+          SERVER_URL="${GITEA_SERVER_URL}"
-          sparse-checkout-cone-mode: false
+          
+          # Try HTTPS first, fallback to SSH
+          if [ -n "$REPO" ] && [ -n "$SERVER_URL" ]; then
+            git clone --depth 1 --branch "$REF_NAME" \
+              "https://${SERVER_URL}/${REPO}.git" \
+              /workspace/repo || true
+          fi
+          
+          # Fallback to SSH if HTTPS failed
+          if [ ! -d /workspace/repo ]; then
+            git clone --depth 1 --branch "$REF_NAME" \
+              "git@git.michaelschiemer.de:${REPO}.git" \
+              /workspace/repo || \
+            git clone --depth 1 \
+              "https://git.michaelschiemer.de/${REPO}.git" \
+              /workspace/repo
+          fi
+          
+          cd /workspace/repo
 
       - name: Setup SSH key
         run: |
@@ -132,12 +232,12 @@ jobs:
 
       - name: Install Ansible
         run: |
-          sudo apt-get update
+          apt-get update
-          sudo apt-get install -y ansible
+          apt-get install -y ansible
 
       - name: Deploy via Ansible
         run: |
-          cd deployment/ansible
+          cd /workspace/repo/deployment/ansible
           ansible-playbook -i inventory/production.yml \
             playbooks/deploy-update.yml \
             -e "image_tag=${{ needs.build.outputs.image_tag }}" \
@@ -166,7 +266,7 @@ jobs:
       - name: Rollback on failure
         if: failure() && steps.health.outcome == 'failure'
         run: |
-          cd deployment/ansible
+          cd /workspace/repo/deployment/ansible
           ansible-playbook -i inventory/production.yml \
             playbooks/rollback.yml