From b64552950bdeb8ae58d010c97ad337dc4e15a6d2 Mon Sep 17 00:00:00 2001
From: Raghav Sood <r@raghavsood.com>
Date: Tue, 24 Feb 2026 14:56:30 +0800
Subject: [PATCH] feat: add CI/CD deploy pipeline to mcp.vultisig.com

Deploy on every push to main via GitHub Actions:
- Tests (vet + go test) run first
- On success, rsync code to server, build, and restart systemd service

Server setup (129.212.217.161):
- nginx reverse proxy with Let's Encrypt SSL on mcp.vultisig.com
- systemd service (mcp.service) running mcp-server -http :8080
- .env with ETH_RPC_URL and COINGECKO_API_KEY

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/deploy.yml | 46 ++++++++++++++++++++++++++++++
 scripts/deploy.sh            | 54 ++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 .github/workflows/deploy.yml
 create mode 100755 scripts/deploy.sh

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..56a8376
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,46 @@
+name: Deploy
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Remove local replace directives
+        run: |
+          go mod edit -dropreplace github.com/vultisig/recipes
+          go mod tidy
+
+      - name: Vet
+        run: go vet ./...
+
+      - name: Test
+        run: go test ./... -count=1 -timeout 120s
+
+  deploy:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy to production
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY }}
+          SERVER: ${{ secrets.SSH_SERVER }}
+          USER: ${{ secrets.SSH_USER }}
+          DEPLOY_PATH: ${{ secrets.SSH_PATH }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan $SERVER >> ~/.ssh/known_hosts
+          ./scripts/deploy.sh
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
new file mode 100755
index 0000000..39955e3
--- /dev/null
+++ b/scripts/deploy.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$SERVER" ] || [ -z "$USER" ] || [ -z "$DEPLOY_PATH" ]; then
+    echo "Error: SERVER, USER, and DEPLOY_PATH environment variables must be set"
+    exit 1
+fi
+
+echo "Deploying to $USER@$SERVER:$DEPLOY_PATH..."
+
+echo "1. Syncing files to server..."
+rsync -avz --delete \
+    --exclude='.git' \
+    --exclude='.devenv' \
+    --exclude='.env' \
+    --exclude='*.log' \
+    --exclude='.github/' \
+    ./ $USER@$SERVER:$DEPLOY_PATH/
+
+echo "2. Building and deploying on server..."
+ssh $USER@$SERVER << EOF
+set -e
+export PATH=\$PATH:/usr/local/go/bin
+
+cd $DEPLOY_PATH
+
+echo "Building mcp-server binary..."
+go build -o mcp-server ./cmd/mcp-server/
+
+echo "Stopping service before binary replacement..."
+sudo systemctl stop mcp || true
+
+echo "Installing binary to /usr/local/bin/..."
+sudo cp mcp-server /usr/local/bin/
+sudo chmod +x /usr/local/bin/mcp-server
+
+if [ ! -f "/usr/local/bin/mcp-server" ]; then
+    echo "ERROR: mcp-server binary not found in /usr/local/bin/"
+    exit 1
+fi
+
+echo "Binary installation successful:"
+ls -la /usr/local/bin/mcp-server
+
+echo "Restarting mcp service..."
+sudo systemctl restart mcp
+
+echo "Checking service status..."
+sleep 2
+sudo systemctl status mcp --no-pager -l
+EOF
+
+echo "Deployment finished successfully!"