From 70cd6a879cf9b1a3e1f7ea09cdad5ea8634a80d0 Mon Sep 17 00:00:00 2001
From: Clemens Hering <clemens.hering@valtrix.systems>
Date: Mon, 10 Nov 2025 07:18:49 +0100
Subject: [PATCH] test local clone

---
 .gitea/workflows/deploy.yaml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 17e9a37..74feca7 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -52,18 +52,25 @@ jobs:
 
       - name: Checkout Repository
         uses: actions/checkout@v4
-      - name: Copy entire repository to target host (scp, overwrite)
+      - name: Copy entire repository to target host (scp -> atomic replace)
         shell: bash
         run: |
           set -euo pipefail
-          # Ensure target directory exists
-          ssh -o BatchMode=yes -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "mkdir -p $APP_DIR"
-          echo "Copying repository files to $TARGET_HOST:$APP_DIR via scp (overwrites existing files)"
+          # Work in a temp directory to avoid partial updates and handle ownership issues more clearly
+          TMP_DIR="$APP_DIR.tmp.$(date +%s)"
+          echo "Creating remote temp dir $TMP_DIR"
+          ssh -o BatchMode=yes -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "mkdir -p '$TMP_DIR'"
+
+          echo "Copying repository files to $TARGET_HOST:$TMP_DIR via scp (includes hidden files)"
           # Enable dotglob so hidden files are included in the glob
-          shopt -s dotglob
-          # Copy all files and directories in the repo root to the remote host
-          scp -r -o BatchMode=yes -i ~/.ssh/id_ed25519 ./* $TARGET_USER@$TARGET_HOST:$APP_DIR/
-          echo "Copy finished"
+          shopt -s dotglob || true
+          # Copy all files and directories in the repo root to the remote temp dir
+          scp -r -o BatchMode=yes -i ~/.ssh/id_ed25519 ./* $TARGET_USER@$TARGET_HOST:$TMP_DIR/
+
+          echo "Attempting atomic replacement of $APP_DIR with $TMP_DIR"
+          # Try to remove existing dir and move temp into place. If removal fails due to permissions, leave temp and error.
+          ssh -o BatchMode=yes -i ~/.ssh/id_ed25519 $TARGET_USER@$TARGET_HOST "set -euo pipefail; if [ -d '$APP_DIR' ]; then rm -rf '$APP_DIR' || { echo 'ERROR: cannot remove existing $APP_DIR (permissions)'; exit 2; } fi; mv '$TMP_DIR' '$APP_DIR'"
+          echo "Copy and replace finished"
 
       - name: Build container on target host
         run: |