From 64c0cd6af8638ca6d04e1301d2e87d14e83933dd Mon Sep 17 00:00:00 2001
From: ianshaloom <naimoolsha@gmail.com>
Date: Sun, 8 Mar 2026 13:04:40 +0300
Subject: [PATCH] fix(deploy): write .env to /opt/staging not \$HOME/staging

\$HOME in an unquoted heredoc expands on the runner (not the VPS), so the
VPS received the literal runner path (/root/staging/.env) which didn't exist.
Using the explicit /opt/staging/.env path (consistent with compose.yml and
mkdir) fixes the permission denied error.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/deploy-staging.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy-staging.yml b/.gitea/workflows/deploy-staging.yml
index 92299cb..1b5a282 100644
--- a/.gitea/workflows/deploy-staging.yml
+++ b/.gitea/workflows/deploy-staging.yml
@@ -213,8 +213,8 @@ jobs:
           # printf keeps every line indented (no column-0 content) so YAML stays valid.
           printf 'CLERK_SECRET_KEY=%s\nADMIN_CLERK_SECRET_KEY=%s\n' \
             "${CLERK_SECRET_KEY}" "${ADMIN_CLERK_SECRET_KEY}" \
-            > $HOME/staging/.env
-          chmod 600 $HOME/staging/.env
+            > /opt/staging/.env
+          chmod 600 /opt/staging/.env
 
           cd /opt/staging
           podman compose up -d --force-recreate --remove-orphans