public/code-crispies
2
1
Fork 0
Code Issues Pull Requests Actions Activity
Files
f28cd5220a4dd42e02873762c8c896e938c93733
code-crispies/.gitea/workflows/deploy.yml
Michael Czechowski f28cd5220a ci(deploy): build + push image on Gitea, ssh-deploy to netcup 
Adds .gitea/workflows/{ci,deploy}.yml. Both jobs run inside the
custom git.librete.ch/libretech/runner-image:v1 image. CI on every
push runs npm test + a sanity build with placeholder VITE_*. The
deploy workflow (gated on vars.DEPLOY_ENABLED) builds the
multi-stage Vite + nginx Dockerfile, pushes to
git.librete.ch/libretech/code-crispies (main → :main + :sha-<short>;
tag → :<tag> + :latest), and ssh-deploys the netcup stack with
'docker compose pull && up -d'.

compose.yaml gains an opt-in image-pull mode: CC_IMAGE pins the
published tag in production (set in /srv/cc/.env), while the dev
shell falls through to a local build when CC_IMAGE is unset.

Replaces the legacy github-pages workflow at .github/workflows/main.yml
which targeted GitHub Pages, not the netcup deployment.
2026-04-29 17:26:05 +02:00

90 lines
2.9 KiB
YAML
Raw Blame History

name: Deploy
on:
push:
branches: [main]
tags: ["v*"]
# Required repository secrets:
# REGISTRY git.librete.ch
# REGISTRY_USER libretech (user-namespace packages — bot can't push)
# REGISTRY_PASS libretech-user PAT scoped write:package
# DEPLOY_HOST root@cloud.librete.ch
# DEPLOY_KEY passphrase-less private key on netcup root authorized_keys
# DEPLOY_PATH /srv/cc
# HEALTH_URL https://cc.cloud.librete.ch/
# VITE_SUPABASE_URL public; baked at build time
# VITE_SUPABASE_ANON_KEY public-by-design supabase anon key; baked at build time
#
# Required repository variable:
# DEPLOY_ENABLED "true" to enable
#
# Image: git.librete.ch/libretech/code-crispies
# main pushes → :main + :sha-<short>
# tag pushes → :<tag> + :latest
jobs:
deploy:
runs-on: ubuntu-latest
container:
image: git.librete.ch/libretech/runner-image:v1
timeout-minutes: 20
if: ${{ vars.DEPLOY_ENABLED == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ${{ secrets.REGISTRY }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASS }}
- id: meta
uses: docker/metadata-action@v5
with:
images: ${{ secrets.REGISTRY }}/libretech/code-crispies
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha,format=short
type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }}
- uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VITE_SUPABASE_URL=${{ secrets.VITE_SUPABASE_URL }}
VITE_SUPABASE_ANON_KEY=${{ secrets.VITE_SUPABASE_ANON_KEY }}
- name: Deploy to host
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
HEALTH_URL: ${{ secrets.HEALTH_URL }}
run: |
mkdir -p ~/.ssh && chmod 700 ~/.ssh
printf '%s\n' "$DEPLOY_KEY" > ~/.ssh/id_deploy
chmod 600 ~/.ssh/id_deploy
ssh -i ~/.ssh/id_deploy \
-o StrictHostKeyChecking=accept-new \
"$DEPLOY_HOST" \
"set -e
cd '$DEPLOY_PATH'
git pull --ff-only
docker compose pull
docker compose up -d --remove-orphans"
# Wait up to 60s for the cc vhost to return a 200.
for i in $(seq 1 12); do
curl -fsS "$HEALTH_URL" >/dev/null && exit 0
sleep 5
done
echo "deploy health check failed"; exit 1
Reference in New Issue View Git Blame Copy Permalink