fix deploy file

.github/workflows/deploy.yml

@@ -39,7 +39,7 @@ jobs:
     # Don't deploy on push if this is a fork
     if: ${{ github.event_name == 'workflow_dispatch' || github.repository == 'openfrontio/OpenFrontIO' }}
     # Use different logic based on event type
-    name: Deploy to ${{
+    name: ${{
       github.event_name == 'push'
       && (github.ref_name == 'main' && 'openfront.dev'
       || format('{0}.openfront.dev', github.ref_name))
@@ -61,7 +61,7 @@ jobs:
       SUBDOMAIN: ${{ github.event_name == 'push' && github.ref_name || inputs.target_subdomain || 'main' }}
     steps:
       - uses: actions/checkout@v4
-      - name: Update deployment status
+      - name: 📝 Update job summary
         env:
           FQDN: ${{ env.SUBDOMAIN && format('{0}.{1}', env.SUBDOMAIN, env.DOMAIN) || env.DOMAIN || 'openfront.dev' }}
         run: |
@@ -71,26 +71,44 @@ jobs:
 
           Deploying from $GITHUB_REF to $FQDN
           EOF
-      - name: Log in to Docker Hub
+      - uses: actions/create-github-app-token@v2
+        id: generate-token
+        if: ${{ github.repository == 'openfrontio/OpenFrontIO' }}
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+      - name: Export the token
+        if: ${{ github.repository == 'openfrontio/OpenFrontIO' }}
+        env:
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+        run: |
+          echo "GH_TOKEN=$GH_TOKEN" >> $GITHUB_ENV
+          gh api octocat
+      - name: 📝 Create deployment
+        uses: chrnorm/deployment-action@v2
+        id: deployment
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          environment-url: https://${{ env.FQDN }}
+          environment: ${{ env.FQDN }}
+      - name: 🔗 Log in to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Create SSH private key
+      - name: 🔑 Create SSH private key
         env:
           SERVER_HOST_EU: ${{ secrets.SERVER_HOST_EU }}
           SERVER_HOST_STAGING: ${{ secrets.SERVER_HOST_STAGING }}
-          SERVER_HOST_US: ${{ secrets.SERVER_HOST_US }}
           SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
         run: |
           set -euxo pipefail
           mkdir -p ~/.ssh
           echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
           test -n "$SERVER_HOST_STAGING" && ssh-keyscan -H "$SERVER_HOST_STAGING" >> ~/.ssh/known_hosts
-          test -n "$SERVER_HOST_US" && ssh-keyscan -H "$SERVER_HOST_US" >> ~/.ssh/known_hosts
           test -n "$SERVER_HOST_EU" && ssh-keyscan -H "$SERVER_HOST_EU" >> ~/.ssh/known_hosts
           chmod 600 ~/.ssh/id_rsa
-      - name: Deploy
+      - name: 🚢 Deploy
         env:
           ADMIN_TOKEN: ${{ secrets.ADMIN_TOKEN }}
           CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
@@ -109,14 +127,52 @@ jobs:
           R2_SECRET_KEY: ${{ secrets.R2_SECRET_KEY }}
           SERVER_HOST_EU: ${{ secrets.SERVER_HOST_EU }}
           SERVER_HOST_STAGING: ${{ secrets.SERVER_HOST_STAGING }}
-          SERVER_HOST_US: ${{ secrets.SERVER_HOST_US }}
           SSH_KEY: ~/.ssh/id_rsa
           VERSION_TAG: latest
         run: |
           echo "::group::deploy.sh"
           ./deploy.sh "$ENV" "$HOST" "$SUBDOMAIN"
+          echo "Deployment created in ${SECONDS} seconds" >> $GITHUB_STEP_SUMMARY
           echo "::endgroup::"
-      - name: Update deployment status ✅
+      - name: ⏳ Wait for deployment to start
+        run: |
+          echo "::group::Wait for deployment to start"
+          set -euxo pipefail
+          while [ "$(curl -s https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do
+            if [ "$SECONDS" -ge 300 ]; then
+              echo "Timeout: deployment did not start within 5 minutes"
+              exit 1
+            fi
+            sleep 10
+          done
+          echo "Deployment started in ${SECONDS} seconds" >> $GITHUB_STEP_SUMMARY
+          echo "::endgroup::"
+      - name: 🚀 Notify PR
+        if: ${{ success() && github.event_name == 'push' }}
+        env:
+          BRANCH: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name }}
+        run: |
+          set -euxo pipefail
+          if [ -z "${BRANCH}" ]; then
+            echo "Branch not found"
+            exit 1
+          fi
+          echo "Checking for open PR from $BRANCH..."
+          pr_url=$(gh pr list --head "$BRANCH" --state open --json url -q '.[0].url')
+          if [ -z "$pr_url" ]; then
+            echo "No open PR found for branch $BRANCH"
+            exit 0
+          fi
+          gh pr comment "$pr_url" --body "🚀 Deployed ${GITHUB_SHA} to [$FQDN](https://$FQDN)."
+      - name: ✅ Update deployment status
+        if: success()
+        uses: chrnorm/deployment-status@v2
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          environment-url: https://${{ env.FQDN }}
+          state: success
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+      - name: ✅ Update job summary
         if: success()
         run: |
           cat <<EOF >> $GITHUB_STEP_SUMMARY
@@ -124,11 +180,19 @@ jobs:
 
           Deployed from $GITHUB_REF to $FQDN
           EOF
-      - name: Update deployment status ❌
+      - name: ❌ Update deployment status
+        if: failure()
+        uses: chrnorm/deployment-status@v2
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
+          environment-url: https://${{ env.FQDN }}
+          state: failure
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+      - name: ❌ Update job summary
         if: failure()
         run: |
           cat <<EOF >> $GITHUB_STEP_SUMMARY
           ### Failure! :fire:
 
           Unable to deploy from $GITHUB_REF to $FQDN
-          EOF
+          EOF