Mirror played/workflows build-deploy-game.yml so a freshly provisioned
unom-1 box self-installs the website repo on first deploy instead of
failing on a missing ~/unom-website checkout.
Before `cd ~/unom-website` the remote ssh script now:
- installs git if absent (deploy user has NOPASSWD sudo)
- clones the repo if ~/unom-website/.git is missing, reusing the
existing REGISTRY_USER / REGISTRY_TOKEN secrets
Registry creds are passed into the remote shell via appleboy/ssh-action
`envs:` and consumed from the environment (docker login now uses
--password-stdin), so the token is never interpolated into the script
text / run log / process args.
Refs task #27.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Add @payloadcms/sdk + @unom/cms (typed Config) to deps
- .npmrc maps @unom to git.unom.io/api/packages/unom/npm/
- Rewrite src/lib/cms.ts: PayloadSDK<Config> client + typed helpers
(findPageBySlug, findPostBySlug, findPosts, findFooter, findHeader)
- Re-export the structural types (Page, Post, Footer, Header) plus the
legacy aliases (RichTextBlock, LexRoot/LexNode, NavigationSection,
NavigationLink) so existing components keep compiling
- Dockerfile mounts /root/.npmrc as a build secret so bun install can
pull @unom/cms from the private gitea registry
- deploy.yml stages an .npmrc with REGISTRY_TOKEN auth + passes it as
the 'npmrc' build secret
- Add blog routes: /blog (list) + /blog/ (detail), PostCard, all
reading from the CMS via the SDK
- Fix two pre-existing TS errors (@fontsource/inter import, server.tsx
return type)
Replace the Astro static site with a TanStack Start (Bun runtime) app and
add Dockerfile + compose files so the site can be served from home-main-2
behind the home-reverse-proxy-1 Caddy instead of Netlify. CI workflow
rewritten to build a container image and SSH-deploy to the home host.
enricobuehler