public/code-crispies
2
1
Fork 0
Code Issues 7 Pull Requests Actions Activity

ci(deploy): Gitea-driven build/push/deploy for netcup #14

Merged
libretech merged 1 commits from feat/gitea-ci-deploy into main 2026-04-29 17:28:18 +02:00
Conversation 0 Commits 1 Files Changed 3 +135 -1
libretech commented 2026-04-29 17:26:27 +02:00
Owner
Copy Link

Replaces the GitHub Pages workflow with a Gitea Actions pipeline that publishes the cc image to git.librete.ch/libretech/code-crispies and ssh-deploys it to /srv/cc on netcup.

Changes

  • .gitea/workflows/ci.yml — npm test + sanity build (with placeholder VITE_*) on every push / PR.
  • .gitea/workflows/deploy.yml — single-job build → push → ssh-deploy → /healthz check, gated on vars.DEPLOY_ENABLED. Tag push → :vX.Y.Z + :latest; main push → :main + :sha-<7>.
  • compose.yaml — adds image: ${CC_IMAGE:-cc:local} so production pulls the published tag while dev still builds locally.
  • Both workflows pin git.librete.ch/libretech/runner-image:v1 (no third-party Docker Hub images, no --user root).

Operator follow-up (before merging into hot deploy)

  • Set repo secrets at https://git.librete.ch/libretech/code-crispies/settings/actions/secrets:
    • REGISTRY=git.librete.ch
    • REGISTRY_USER=libretech (user-namespace packages — bot can't push)
    • REGISTRY_PASS=<libretech package PAT> (same PAT used for libretech/runner-image)
    • DEPLOY_HOST=root@cloud.librete.ch
    • DEPLOY_KEY=<bot deploy private key> (same key as librenotes deploy)
    • DEPLOY_PATH=/srv/cc
    • HEALTH_URL=https://cc.cloud.librete.ch/
    • VITE_SUPABASE_URL=https://yretixuyfuiresnrjkbs.supabase.co
    • VITE_SUPABASE_ANON_KEY=<the anon key> (public-by-design supabase key)
  • Set repo variable DEPLOY_ENABLED=true once the secrets are in.
  • Add CC_IMAGE=git.librete.ch/libretech/code-crispies:main to /srv/cc/.env on netcup (no rebuild on host).

Verification

  • yq -e . parses both workflow YAMLs.
  • docker compose config resolves cleanly in both build mode (no CC_IMAGE) and image-pull mode (CC_IMAGE=test:1).
  • npm test is the same script the previous github-pages workflow ran.
Replaces the GitHub Pages workflow with a Gitea Actions pipeline that publishes the cc image to `git.librete.ch/libretech/code-crispies` and ssh-deploys it to `/srv/cc` on netcup. ## Changes - `.gitea/workflows/ci.yml` — npm test + sanity build (with placeholder VITE_*) on every push / PR. - `.gitea/workflows/deploy.yml` — single-job build → push → ssh-deploy → /healthz check, gated on `vars.DEPLOY_ENABLED`. Tag push → `:vX.Y.Z` + `:latest`; main push → `:main` + `:sha-<7>`. - `compose.yaml` — adds `image: ${CC_IMAGE:-cc:local}` so production pulls the published tag while dev still builds locally. - Both workflows pin `git.librete.ch/libretech/runner-image:v1` (no third-party Docker Hub images, no `--user root`). ## Operator follow-up (before merging into hot deploy) - Set repo secrets at `https://git.librete.ch/libretech/code-crispies/settings/actions/secrets`: - `REGISTRY=git.librete.ch` - `REGISTRY_USER=libretech` (user-namespace packages — bot can't push) - `REGISTRY_PASS=<libretech package PAT>` (same PAT used for `libretech/runner-image`) - `DEPLOY_HOST=root@cloud.librete.ch` - `DEPLOY_KEY=<bot deploy private key>` (same key as librenotes deploy) - `DEPLOY_PATH=/srv/cc` - `HEALTH_URL=https://cc.cloud.librete.ch/` - `VITE_SUPABASE_URL=https://yretixuyfuiresnrjkbs.supabase.co` - `VITE_SUPABASE_ANON_KEY=<the anon key>` (public-by-design supabase key) - Set repo variable `DEPLOY_ENABLED=true` once the secrets are in. - Add `CC_IMAGE=git.librete.ch/libretech/code-crispies:main` to `/srv/cc/.env` on netcup (no rebuild on host). ## Verification - `yq -e .` parses both workflow YAMLs. - `docker compose config` resolves cleanly in both build mode (no `CC_IMAGE`) and image-pull mode (`CC_IMAGE=test:1`). - `npm test` is the same script the previous github-pages workflow ran.
libretech added 1 commit 2026-04-29 17:26:28 +02:00
ci(deploy): build + push image on Gitea, ssh-deploy to netcup f28cd5220a 
Adds .gitea/workflows/{ci,deploy}.yml. Both jobs run inside the
custom git.librete.ch/libretech/runner-image:v1 image. CI on every
push runs npm test + a sanity build with placeholder VITE_*. The
deploy workflow (gated on vars.DEPLOY_ENABLED) builds the
multi-stage Vite + nginx Dockerfile, pushes to
git.librete.ch/libretech/code-crispies (main → :main + :sha-<short>;
tag → :<tag> + :latest), and ssh-deploys the netcup stack with
'docker compose pull && up -d'.

compose.yaml gains an opt-in image-pull mode: CC_IMAGE pins the
published tag in production (set in /srv/cc/.env), while the dev
shell falls through to a local build when CC_IMAGE is unset.

Replaces the legacy github-pages workflow at .github/workflows/main.yml
which targeted GitHub Pages, not the netcup deployment.
libretech merged commit 4762952822 into main 2026-04-29 17:28:18 +02:00
libretech deleted branch feat/gitea-ci-deploy 2026-04-29 17:28:19 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
libretech libretech-bot
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: public/code-crispies#14
No description provided.
Delete Branch "feat/gitea-ci-deploy"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?