From 74983d3f74fe471d0ea5dd2aa35f3fe1a33ab4ce Mon Sep 17 00:00:00 2001
From: you <you@example.com>
Date: Fri, 20 Mar 2026 07:07:01 +0000
Subject: [PATCH] =?UTF-8?q?ci:=20switch=20to=20self-hosted=20runner=20?=
 =?UTF-8?q?=E2=80=94=20no=20SSH,=20no=20secrets,=20no=20exposed=20ports?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/deploy.yml | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 44843d4..16de51b 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,4 +1,4 @@
-name: Deploy to VM
+name: Deploy
 
 on:
   push:
@@ -10,21 +10,15 @@ concurrency:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
-      - name: Deploy via SSH
-        env:
-          VM_SSH_KEY: ${{ secrets.VM_SSH_KEY }}
+      - uses: actions/checkout@v4
+
+      - name: Build and deploy
         run: |
-          mkdir -p ~/.ssh
-          echo "$VM_SSH_KEY" > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          ssh -o StrictHostKeyChecking=no REDACTED@REDACTED bash -s << 'EOF'
           set -e
-          cd $HOME/meshcore-analyzer
-          git pull origin master
           docker build -t meshcore-analyzer .
-          docker stop meshcore-analyzer && docker rm meshcore-analyzer
+          docker stop meshcore-analyzer 2>/dev/null && docker rm meshcore-analyzer 2>/dev/null || true
           docker run -d \
             --name meshcore-analyzer \
             --restart unless-stopped \
@@ -34,4 +28,3 @@ jobs:
             -v $HOME/meshcore-analyzer/Caddyfile:/etc/caddy/Caddyfile \
             meshcore-analyzer
           echo "Deployed $(git rev-parse --short HEAD)"
-          EOF