From 691f263bc0f0ac0a964d470dccda9fad79da5442 Mon Sep 17 00:00:00 2001
From: cesnimda <connor.babbington@cesnimda.co.uk>
Date: Sun, 22 Mar 2026 23:29:36 +0100
Subject: [PATCH] fix: harden deploy workflow health and git sync

---
 .gitea/workflows/ci-deploy.yml | 19 +++++++++++++++++--
 deploy/deploy.sh               |  2 +-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/ci-deploy.yml b/.gitea/workflows/ci-deploy.yml
index 1f306d7..e8bbdb3 100644
--- a/.gitea/workflows/ci-deploy.yml
+++ b/.gitea/workflows/ci-deploy.yml
@@ -60,7 +60,14 @@ jobs:
               exit 1
             fi
             cd /opt/job-tracker/app
-            git fetch --all --prune
+            if ! git fetch --all --prune; then
+              echo "git fetch failed on server. Check remote auth/URL for /opt/job-tracker/app."
+              exit 1
+            fi
+            if ! git rev-parse --verify --quiet ${{ github.sha }} >/dev/null; then
+              echo "Commit ${{ github.sha }} is not available in the server checkout after fetch."
+              exit 1
+            fi
             git reset --hard ${{ github.sha }}
             git clean -fd
             chmod +x deploy/deploy.sh
@@ -69,4 +76,12 @@ jobs:
             APP_BUILD_STAMP="$(date -u +'%Y-%m-%d %H:%M UTC')" \
             ./deploy/deploy.sh
             docker compose ps
-            docker compose exec -T summarizer python -c "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8001/health', timeout=5).read()"
+            docker compose exec -T summarizer python -c "import time, urllib.request; deadline=time.time()+60; last=None
+for _ in range(30):
+    try:
+        urllib.request.urlopen('http://127.0.0.1:8001/health', timeout=5).read()
+        raise SystemExit(0)
+    except Exception as exc:
+        last=exc
+        time.sleep(2)
+raise last"
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index 6fe0bf8..f388beb 100644
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -31,7 +31,7 @@ docker compose up -d --force-recreate --remove-orphans
 sleep 5
 docker compose ps
 
-backend_status="$(docker compose ps --format json backend | python -c 'import json,sys; data=[json.loads(line) for line in sys.stdin if line.strip()]; print(data[0].get("State", "") if data else "")')"
+backend_status="$(docker compose ps backend --format '{{.State}}' 2>/dev/null | head -n 1 | tr '[:upper:]' '[:lower:]')"
 if [ "$backend_status" != "running" ]; then
   echo "Backend service is not healthy after deploy (state: ${backend_status:-unknown})."
   docker compose logs --tail=200 backend || true