Switch CI/CD from K8s helm deploy to Hetzner SSH deploy

cmyui · claude · cmyui · commit 6648114dd2d3 · 2026-03-07T17:04:17.000-05:00
Replace self-hosted K8s runner + helm upgrade with GitHub-hosted
runner + SSH-based docker compose pull/restart on Hetzner.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/production-deploy.yml b/.github/workflows/production-deploy.yml
@@ -11,11 +11,11 @@ concurrency:
 
 jobs:
   production-deploy:
-    runs-on: [self-hosted, vpc]
+    runs-on: ubuntu-latest
 
     steps:
       - name: Check out latest commit
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Log in to Docker Hub
         uses: docker/login-action@v3
@@ -27,7 +27,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: osuAkatsuki/users-service
+          images: osuakatsuki/users-service
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
@@ -40,52 +40,13 @@ jobs:
             ${{ secrets.DOCKERHUB_USERNAME }}/users-service:${{ github.sha }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      - name: Get kubeconfig from github secrets
-        run: |
-          mkdir -p $HOME/.kube
-          echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config
-          sudo chown $(id -u):$(id -g) $HOME/.kube/config
-          chmod 600 $HOME/.kube/config
-
-      - name: Install helm
-        uses: azure/setup-helm@v3
-        with:
-          version: "v3.19.2"
-          token: ${{ secrets.GITHUB_TOKEN }}
-        id: install
-
-      - name: Install helm-diff
-        run: helm plugin install https://github.com/databus23/helm-diff
-
-      - name: Checkout common-helm-charts repo
-        uses: actions/checkout@v3
+      - name: Deploy to production
+        uses: appleboy/ssh-action@v1
         with:
-          repository: osuAkatsuki/common-helm-charts
-          token: ${{ secrets.COMMON_HELM_CHARTS_PAT_2024 }}
-          path: common-helm-charts
-
-      - name: Clear pending deployments
-        run: |
-          kubectl delete secret -n default -l 'status in (pending-install, pending-upgrade, pending-rollback),name=users-service-production'
-
-      - name: Show manifest diff since previous release
-        run: |
-          helm diff upgrade \
-          --namespace default \
-          --allow-unreleased \
-          --color=true \
-          --values chart/values.yaml \
-          users-service-production \
-          common-helm-charts/microservice-base/
-
-      - name: Deploy service to production cluster
-        run: |
-          helm upgrade \
-            --namespace default \
-            --install \
-            --atomic \
-            --wait --timeout 10m \
-            --cleanup-on-fail \
-            --values chart/values.yaml \
-            users-service-production \
-            common-helm-charts/microservice-base/
+          host: ${{ secrets.SERVER_HOST }}
+          username: root
+          key: ${{ secrets.SERVER_SSH_KEY }}
+          script: |
+            cd /opt/akatsuki
+            docker compose pull users-service
+            docker compose up -d users-service
