name: 🚀 Deploy to cPanel via Git on: push: branches: [main] workflow_dispatch: jobs: ci-check: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: PHP Lint run: | ERROR=0 for f in $(find . -name "*.php" -not -path "./.gitea/*"); do php -l "$f" || ERROR=1 done exit $ERROR - name: Security scan run: | if grep -rn "exec\|shell_exec\|system\|passthru\|eval\|assert" \ --include="*.php" . | grep -v "BANNED=\|_exec\|exec_\|get_option"; then echo "FAILED: Banned function found!" exit 1 fi echo "OK: Security check passed" deploy-to-cpanel: needs: [ci-check] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup SSH for cPanel Git env: CPANEL_SSH_KEY: ${{ secrets.CPANEL_SSH_KEY }} run: | mkdir -p ~/.ssh chmod 700 ~/.ssh echo "$CPANEL_SSH_KEY" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H "${{ secrets.CPANEL_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null - name: Push to cPanel Git env: CPANEL_GIT_REMOTE: ${{ secrets.CPANEL_GIT_REMOTE }} run: | git remote add cpanel "$CPANEL_GIT_REMOTE" git push cpanel main --force echo "OK: Pushed to $CPANEL_GIT_REMOTE" - name: Trigger cPanel deploy hook env: CPANEL_DEPLOY_HOOK: ${{ secrets.CPANEL_DEPLOY_HOOK_URL }} run: | if [ -n "$CPANEL_DEPLOY_HOOK" ]; then HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \ "$CPANEL_DEPLOY_HOOK" --max-time 10) echo "Hook returned HTTP $HTTP_CODE" else echo "No hook — cPanel Git auto-deploy handles it" fi deploy-fallback: needs: [ci-check] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Build plugin zip run: | mkdir -p build/hermes-cpanel-agent cp hermes-ai-bridge.php build/hermes-cpanel-agent/ cp -r includes assets build/hermes-cpanel-agent/ cd build && zip -r ../hermes-cpanel-agent.zip hermes-cpanel-agent/ - name: Deploy via WP REST API (fallback) env: WP_URL: ${{ secrets.WP_URL }} WP_APP_USER: ${{ secrets.WP_APP_USER }} WP_APP_PASSWORD: ${{ secrets.WP_APP_PASSWORD }} run: | PLUGIN_ZIP=$(base64 -w0 hermes-cpanel-agent.zip) RESP=$(curl -s -w "\n%{http_code}" -X POST \ "$WP_URL/wp-json/wp/v2/plugins" \ -H "Content-Type: application/json" \ -u "$WP_APP_USER:$WP_APP_PASSWORD" \ -d "{\"slug\":\"hermes-cpanel-agent\",\"status\":\"active\",\"source\":\"data:application/zip;base64,$PLUGIN_ZIP\"}") HTTP_CODE=$(echo "$RESP" | tail -1) BODY=$(echo "$RESP" | head -n -1) echo "WP REST API: HTTP $HTTP_CODE" echo "$BODY" | python3 .gitea/scripts/deploy-report.py verify: needs: [deploy-to-cpanel, deploy-fallback] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Verify plugin deployment env: WP_URL: ${{ secrets.WP_URL }} WP_APP_USER: ${{ secrets.WP_APP_USER }} WP_APP_PASSWORD: ${{ secrets.WP_APP_PASSWORD }} run: | curl -s "$WP_URL/wp-json/wp/v2/plugins" \ -u "$WP_APP_USER:$WP_APP_PASSWORD" | python3 .gitea/scripts/verify-deploy.py - name: Verify hermes/v1 namespace env: WP_URL: ${{ secrets.WP_URL }} run: | curl -s "$WP_URL/wp-json" | python3 .gitea/scripts/check-namespace.py