public/code-crispies
2
1
Fork 0
Code Issues 7 Pull Requests Actions Activity

ci(deploy): Gitea-driven build/push/deploy for netcup (#14)

Browse Source 
Replaces the GitHub Pages workflow with a Gitea Actions pipeline that publishes the cc image to `git.librete.ch/libretech/code-crispies` and ssh-deploys it to `/srv/cc` on netcup.

## Changes
- `.gitea/workflows/ci.yml` — npm test + sanity build (with placeholder VITE_*) on every push / PR.
- `.gitea/workflows/deploy.yml` — single-job build → push → ssh-deploy → /healthz check, gated on `vars.DEPLOY_ENABLED`. Tag push → `:vX.Y.Z` + `:latest`; main push → `:main` + `:sha-<7>`.
- `compose.yaml` — adds `image: ${CC_IMAGE:-cc:local}` so production pulls the published tag while dev still builds locally.
- Both workflows pin `git.librete.ch/libretech/runner-image:v1` (no third-party Docker Hub images, no `--user root`).

## Operator follow-up (before merging into hot deploy)
- Set repo secrets at `https://git.librete.ch/libretech/code-crispies/settings/actions/secrets`:
  - `REGISTRY=git.librete.ch`
  - `REGISTRY_USER=libretech` (user-namespace packages — bot can't push)
  - `REGISTRY_PASS=<libretech package PAT>` (same PAT used for `libretech/runner-image`)
  - `DEPLOY_HOST=root@cloud.librete.ch`
  - `DEPLOY_KEY=<bot deploy private key>` (same key as librenotes deploy)
  - `DEPLOY_PATH=/srv/cc`
  - `HEALTH_URL=https://cc.cloud.librete.ch/`
  - `VITE_SUPABASE_URL=https://yretixuyfuiresnrjkbs.supabase.co`
  - `VITE_SUPABASE_ANON_KEY=<the anon key>` (public-by-design supabase key)
- Set repo variable `DEPLOY_ENABLED=true` once the secrets are in.
- Add `CC_IMAGE=git.librete.ch/libretech/code-crispies:main` to `/srv/cc/.env` on netcup (no rebuild on host).

## Verification
- `yq -e .` parses both workflow YAMLs.
- `docker compose config` resolves cleanly in both build mode (no `CC_IMAGE`) and image-pull mode (`CC_IMAGE=test:1`).
- `npm test` is the same script the previous github-pages workflow ran.

Reviewed-on: libretech/code-crispies#14
Co-authored-by: Michael Czechowski <mail@dailysh.it>
Co-committed-by: Michael Czechowski <mail@dailysh.it>
This commit is contained in:
Michael Czechowski
2026-04-29 17:28:18 +02:00
committed by Michael Czechowski
parent 9a10c53f01
commit 3045ac0726
3 changed files with 135 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
compose.yaml
View File

@@ -1,5 +1,12 @@
name: cc
# Default behaviour:
# - On dev (no CC_IMAGE in env): build from local context.
# - On netcup (CC_IMAGE pinned in /srv/cc/.env to the published Gitea
# package): pull the image and skip the build context entirely.
# The Gitea deploy workflow pushes git.librete.ch/public/code-crispies:main
# on every main push.
services:
cc:
build:
@@ -7,7 +14,8 @@ services:
args:
VITE_SUPABASE_URL: ${VITE_SUPABASE_URL}
VITE_SUPABASE_ANON_KEY: ${VITE_SUPABASE_ANON_KEY}
image: cc:local
image: ${CC_IMAGE:-cc:local}
pull_policy: ${CC_PULL_POLICY:-missing}
restart: always
networks:
- edge