ci: add deploy gh action workflow #12

	name: Build & Deploy (static, pnpm)

	on:
	push:
	branches: [main, gh_action]

	concurrency:
	group: "deploy-production"
	cancel-in-progress: true

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest

	steps:
	- name: Check out
	uses: actions/checkout@v4

	- name: Setup PNPM
	uses: pnpm/action-setup@v4
	with:
	version: 8

	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: 22
	cache: 'pnpm'

	- name: Install deps
	run: pnpm install --frozen-lockfile

	- name: Build
	run: pnpm build

	- name: Upload build artifact
	uses: actions/upload-artifact@v4
	with:
	name: static-out
	path: out
	if-no-files-found: error

	deploy:
	name: Deploy
	needs: build
	runs-on: ubuntu-latest
	environment: production

	steps:
	- name: Download build artifact
	uses: actions/download-artifact@v4
	with:
	name: static-out
	path: out

	- name: Prepare SSH
	shell: bash
	env:
	SSH_HOST: ${{ secrets.SSH_HOST }}
	SSH_USER: ${{ secrets.SSH_USER }}
	SSH_PORT: ${{ secrets.SSH_PORT }}
	SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
	SSH_TARGET_DIR: ${{ secrets.SSH_TARGET_DIR }}
	run: \|
	mkdir -p ~/.ssh
	chmod 700 ~/.ssh
	echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
	chmod 600 ~/.ssh/id_ed25519
	ssh-keygen -l -f ~/.ssh/id_ed25519
	# Add host to known_hosts (falls back to 22 if SSH_PORT is empty)
	PORT=${SSH_PORT:-22}
	ssh-keyscan -p "$PORT" -H "$SSH_HOST" >> ~/.ssh/known_hosts
	chmod 600 ~/.ssh/known_hosts
	# Sync files (delete removed files on server)
	rsync -avz --delete \
	-e "ssh -i ~/.ssh/id_ed25519 -p $PORT -o StrictHostKeyChecking=yes" \
	out/ "$SSH_USER@$SSH_HOST:$SSH_TARGET_DIR"

Provide feedback