From fd8707a16c407adc4526e83d832b155edbe42935 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Wed, 1 Apr 2026 12:32:28 -0700
Subject: [PATCH] ci: run smoke test via SSH from host for reliable DNS

Runner container can't always resolve Cloudflare-tunneled domains.
Run curl from host via SSH instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 8feba50..b010005 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -49,15 +49,17 @@ jobs:
 
       - name: Smoke test
         run: |
-          sleep 10
-          HTTP_CODE=$(curl -sS -o /dev/null -w "%{http_code}" --max-time 15 https://ebb-staging.jeffemmett.com/ 2>/dev/null || echo "000")
-          if [ "$HTTP_CODE" != "200" ]; then
-            echo "Smoke test failed — rolling back"
+          sleep 15
+          HTTP_CODE=$(ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} \
+            "curl -sSL -o /dev/null -w '%{http_code}' --max-time 30 https://ebb-staging.jeffemmett.com/ 2>/dev/null || echo 000")
+          if [ "$HTTP_CODE" -lt 200 ] || [ "$HTTP_CODE" -ge 400 ]; then
+            echo "Smoke test failed (HTTP $HTTP_CODE) — rolling back"
             ROLLBACK_TAG=$(ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} "cat /opt/websites/ebb-n-flow-website/.rollback-tag 2>/dev/null")
             if [ -n "$ROLLBACK_TAG" ]; then
               ssh -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key root@${{ secrets.DEPLOY_HOST }} \
                 "cd /opt/websites/ebb-n-flow-website && IMAGE_TAG=$ROLLBACK_TAG docker compose up -d --no-build"
+              echo "Rolled back to $ROLLBACK_TAG"
             fi
             exit 1
           fi
-          echo "Smoke test passed"
+          echo "Smoke test passed (HTTP $HTTP_CODE)"