From e014f360f64dc10c0761b0c26801276db9543f6d Mon Sep 17 00:00:00 2001
From: Musiker15 <info@musiker15.de>
Date: Mon, 25 May 2026 19:04:33 +0200
Subject: [PATCH] ci(deploy): post a legacy "CI" commit status after deploy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-management UIs that read the older GitHub *Statuses* API (rather
than the newer *Check Runs* API) currently show every merge commit
on main as stuck-on-`pending`. The check-runs themselves are all
green — Build & Deploy, CodeQL, Secret Scanning — but nothing
posts a classic commit status, so the combined `state` reported by
`/repos/.../commits/:sha/status` is `pending`.

This step calls the Statuses API at the end of the deploy job to
post `context: CI, state: success|failure` based on `job.status`.
Runs with `if: always()` so a failed deploy also gets a status
posted (red instead of leaving it pending forever).

Adds `statuses: write` to the workflow permissions (was
`contents: read` only). No other side-effects.

Signed-off-by: Musiker15 <info@musiker15.de>
---
 .github/workflows/deploy.yml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 2c90d5c..826d614 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -7,6 +7,11 @@ on:
 
 permissions:
   contents: read
+  # Needed to post a legacy commit status under context "CI" so that
+  # PR-management UIs that only read the older Statuses API (rather
+  # than the newer Check-Runs API) show the merge commits as green
+  # instead of stuck-on-pending.
+  statuses: write
 
 jobs:
   build-and-deploy:
@@ -50,4 +55,23 @@ jobs:
           key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: ${{ secrets.FTP_PORT }}
           script: |
-            chown -R www-data:www-data /var/www/html/docs_msk-scripts/
\ No newline at end of file
+            chown -R www-data:www-data /var/www/html/docs_msk-scripts/
+
+      - name: ✅ Post CI commit status (legacy API)
+        if: always()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const state = '${{ job.status }}' === 'success' ? 'success' : 'failure';
+            await github.rest.repos.createCommitStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              sha: context.sha,
+              state,
+              context: 'CI',
+              description:
+                state === 'success'
+                  ? 'Build + deploy green'
+                  : 'Build or deploy failed — see workflow logs',
+              target_url: `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`,
+            });
\ No newline at end of file