From f87504fb2300cdb12c5aa59a0fa7d7b5f62f3485 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Mon, 11 May 2026 22:29:02 +0200
Subject: [PATCH] fix(ci): add Caddy reload step to release workflow

Same gap as nightly.yml: production deploys also need Caddy to reload
the updated Caddyfile before the smoke test validates the public surface.
Uses the same nsenter pattern introduced in the previous commit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/release.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 3831320f..ca503b8e 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -92,6 +92,17 @@ jobs:
             --env-file .env.production \
             up -d --wait --remove-orphans
 
+      - name: Reload Caddy
+        # See nightly.yml — same rationale and mechanism: DooD job containers
+        # cannot call systemctl directly; nsenter via a privileged sibling
+        # container reaches the host systemd. Must run after deploy (so the
+        # latest Caddyfile is on disk) and before the smoke test (so the
+        # public surface reflects the current config).
+        run: |
+          docker run --rm --privileged --pid=host \
+            ubuntu:22.04 \
+            nsenter -t 1 -m -u -n -p -i -- /bin/systemctl reload caddy
+
       - name: Smoke test deployed environment
         # See nightly.yml — same three checks, against the prod vhost.
         # --resolve pins archiv.raddatz.cloud to the runner's loopback so