diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..601b805 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,40 @@ +name: Deploy to LXC + +on: + push: + branches: [main] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Deploy via SSH + uses: appleboy/ssh-action@v1 + with: + host: ${{ secrets.DEPLOY_HOST }} + username: ${{ secrets.DEPLOY_USER }} + key: ${{ secrets.DEPLOY_KEY }} + port: ${{ secrets.DEPLOY_PORT || 22 }} + script: | + set -e + + cd ${{ secrets.DEPLOY_PATH || '/home/bflr/buildfor_life_repair' }} + + echo "==> Pulling latest code..." + git pull origin main + + echo "==> Installing dependencies..." + npm ci --production=false + + echo "==> Building..." + npm run build + + echo "==> Running migrations..." + npm run db:push + + echo "==> Restarting service..." + sudo systemctl restart bflr + + echo "==> Waiting for startup..." + sleep 2 + systemctl is-active --quiet bflr && echo "Deploy successful!" || (echo "Service failed to start!" && exit 1) diff --git a/docs/ci-deploy-setup.md b/docs/ci-deploy-setup.md new file mode 100644 index 0000000..fb00d7a --- /dev/null +++ b/docs/ci-deploy-setup.md @@ -0,0 +1,79 @@ +# CI/CD Deploy Setup + +Auto-deploys to your LXC server on every push to `main`. + +## 1. Server preparation + +On the LXC server, allow the deploy user to restart the service without a password: + +```bash +# As root on the LXC +echo "bflr ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bflr, /usr/bin/systemctl status bflr" > /etc/sudoers.d/bflr-deploy +chmod 440 /etc/sudoers.d/bflr-deploy +``` + +Make sure the repo is cloned and the app works manually first (see `docs/deploy-proxmox-lxc.md`). + +## 2. Generate a deploy SSH key + +On your local machine (or the Gitea runner): + +```bash +ssh-keygen -t ed25519 -C "gitea-deploy" -f deploy_key -N "" +``` + +Copy the **public** key to the server: + +```bash +ssh-copy-id -i deploy_key.pub bflr@your-lxc-ip +``` + +## 3. Add secrets in Gitea + +Go to your repo on git.b4l.co.th → **Settings** → **Actions** → **Secrets**, and add: + +| Secret | Value | +|--------|-------| +| `DEPLOY_HOST` | LXC server IP (e.g. `192.168.1.50`) | +| `DEPLOY_USER` | SSH user (e.g. `bflr`) | +| `DEPLOY_KEY` | Contents of `deploy_key` (the private key, not .pub) | +| `DEPLOY_PORT` | SSH port (optional, defaults to 22) | +| `DEPLOY_PATH` | App directory (optional, defaults to `/home/bflr/buildfor_life_repair`) | + +## 4. Enable Actions in Gitea + +Make sure Gitea Actions is enabled on your instance: + +```ini +# In app.ini (Gitea config) +[actions] +ENABLED = true +``` + +You also need a runner registered. If you don't have one, install the Gitea runner on the Gitea host or another machine: + +```bash +# Download the runner +wget https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64 +chmod +x act_runner-linux-amd64 + +# Register with your Gitea instance +./act_runner-linux-amd64 register --instance https://git.b4l.co.th --token + +# Start +./act_runner-linux-amd64 daemon +``` + +## 5. Test + +Push any change to `main` and check the Actions tab in Gitea for the deploy log. + +## What the workflow does + +1. SSHs into the LXC server +2. `git pull` the latest code +3. `npm ci` to install dependencies +4. `npm run build` to compile +5. `npm run db:push` to apply any schema changes +6. `sudo systemctl restart bflr` to restart the service +7. Verifies the service started successfully