Michael Czechowski
3045ac0726
Replaces the GitHub Pages workflow with a Gitea Actions pipeline that publishes the cc image to `git.librete.ch/libretech/code-crispies` and ssh-deploys it to `/srv/cc` on netcup.
## Changes
- `.gitea/workflows/ci.yml` — npm test + sanity build (with placeholder VITE_*) on every push / PR.
- `.gitea/workflows/deploy.yml` — single-job build → push → ssh-deploy → /healthz check, gated on `vars.DEPLOY_ENABLED`. Tag push → `:vX.Y.Z` + `:latest`; main push → `:main` + `:sha-<7>`.
- `compose.yaml` — adds `image: ${CC_IMAGE:-cc:local}` so production pulls the published tag while dev still builds locally.
- Both workflows pin `git.librete.ch/libretech/runner-image:v1` (no third-party Docker Hub images, no `--user root`).
## Operator follow-up (before merging into hot deploy)
- Set repo secrets at `https://git.librete.ch/libretech/code-crispies/settings/actions/secrets`:
- `REGISTRY=git.librete.ch`
- `REGISTRY_USER=libretech` (user-namespace packages — bot can't push)
- `REGISTRY_PASS=<libretech package PAT>` (same PAT used for `libretech/runner-image`)
- `DEPLOY_HOST=root@cloud.librete.ch`
- `DEPLOY_KEY=<bot deploy private key>` (same key as librenotes deploy)
- `DEPLOY_PATH=/srv/cc`
- `HEALTH_URL=https://cc.cloud.librete.ch/`
- `VITE_SUPABASE_URL=https://yretixuyfuiresnrjkbs.supabase.co`
- `VITE_SUPABASE_ANON_KEY=<the anon key>` (public-by-design supabase key)
- Set repo variable `DEPLOY_ENABLED=true` once the secrets are in.
- Add `CC_IMAGE=git.librete.ch/libretech/code-crispies:main` to `/srv/cc/.env` on netcup (no rebuild on host).
## Verification
- `yq -e .` parses both workflow YAMLs.
- `docker compose config` resolves cleanly in both build mode (no `CC_IMAGE`) and image-pull mode (`CC_IMAGE=test:1`).
- `npm test` is the same script the previous github-pages workflow ran.
Reviewed-on: libretech/code-crispies#14
Co-authored-by: Michael Czechowski <mail@dailysh.it>
Co-committed-by: Michael Czechowski <mail@dailysh.it>
32 lines
824 B
YAML
32 lines
824 B
YAML
name: cc
|
|
|
|
# Default behaviour:
|
|
# - On dev (no CC_IMAGE in env): build from local context.
|
|
# - On netcup (CC_IMAGE pinned in /srv/cc/.env to the published Gitea
|
|
# package): pull the image and skip the build context entirely.
|
|
# The Gitea deploy workflow pushes git.librete.ch/public/code-crispies:main
|
|
# on every main push.
|
|
|
|
services:
|
|
cc:
|
|
build:
|
|
context: .
|
|
args:
|
|
VITE_SUPABASE_URL: ${VITE_SUPABASE_URL}
|
|
VITE_SUPABASE_ANON_KEY: ${VITE_SUPABASE_ANON_KEY}
|
|
image: ${CC_IMAGE:-cc:local}
|
|
pull_policy: ${CC_PULL_POLICY:-missing}
|
|
restart: always
|
|
networks:
|
|
- edge
|
|
healthcheck:
|
|
test: ['CMD-SHELL', 'wget -qO- http://127.0.0.1/health || exit 1']
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
networks:
|
|
edge:
|
|
external: true
|