ci: switch to self-hosted runner — no SSH, no secrets, no exposed ports

.github/workflows/deploy.yml

@@ -1,4 +1,4 @@
-name: Deploy to VM
+name: Deploy
 
 on:
   push:
@@ -10,21 +10,15 @@ concurrency:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
-      - name: Deploy via SSH
-        env:
-          VM_SSH_KEY: ${{ secrets.VM_SSH_KEY }}
+      - uses: actions/checkout@v4
+
+      - name: Build and deploy
         run: |
-          mkdir -p ~/.ssh
-          echo "$VM_SSH_KEY" > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          ssh -o StrictHostKeyChecking=no REDACTED@REDACTED bash -s << 'EOF'
           set -e
-          cd $HOME/meshcore-analyzer
-          git pull origin master
           docker build -t meshcore-analyzer .
-          docker stop meshcore-analyzer && docker rm meshcore-analyzer
+          docker stop meshcore-analyzer 2>/dev/null && docker rm meshcore-analyzer 2>/dev/null || true
           docker run -d \
             --name meshcore-analyzer \
             --restart unless-stopped \
@@ -34,4 +28,3 @@ jobs:
             -v $HOME/meshcore-analyzer/Caddyfile:/etc/caddy/Caddyfile \
             meshcore-analyzer
           echo "Deployed $(git rev-parse --short HEAD)"
-          EOF