From 12a6e9ef0b90ebc0005eac82c99504540aebf3fd Mon Sep 17 00:00:00 2001 From: grabowski Date: Tue, 7 Apr 2026 16:07:12 +0700 Subject: [PATCH] Add Gitea Actions workflow for auto-deploy to LXC on push SSH-based deploy: git pull, npm ci, build, db:push, systemctl restart. Secrets configured in Gitea repo settings (DEPLOY_HOST, DEPLOY_USER, DEPLOY_KEY). Includes setup guide in docs/ci-deploy-setup.md. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/deploy.yml | 40 +++++++++++++++++++ docs/ci-deploy-setup.md | 79 +++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 .gitea/workflows/deploy.yml create mode 100644 docs/ci-deploy-setup.md diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..601b805 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,40 @@ +name: Deploy to LXC + +on: + push: + branches: [main] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Deploy via SSH + uses: appleboy/ssh-action@v1 + with: + host: ${{ secrets.DEPLOY_HOST }} + username: ${{ secrets.DEPLOY_USER }} + key: ${{ secrets.DEPLOY_KEY }} + port: ${{ secrets.DEPLOY_PORT || 22 }} + script: | + set -e + + cd ${{ secrets.DEPLOY_PATH || '/home/bflr/buildfor_life_repair' }} + + echo "==> Pulling latest code..." + git pull origin main + + echo "==> Installing dependencies..." + npm ci --production=false + + echo "==> Building..." + npm run build + + echo "==> Running migrations..." + npm run db:push + + echo "==> Restarting service..." + sudo systemctl restart bflr + + echo "==> Waiting for startup..." + sleep 2 + systemctl is-active --quiet bflr && echo "Deploy successful!" || (echo "Service failed to start!" && exit 1) diff --git a/docs/ci-deploy-setup.md b/docs/ci-deploy-setup.md new file mode 100644 index 0000000..fb00d7a --- /dev/null +++ b/docs/ci-deploy-setup.md @@ -0,0 +1,79 @@ +# CI/CD Deploy Setup + +Auto-deploys to your LXC server on every push to `main`. + +## 1. Server preparation + +On the LXC server, allow the deploy user to restart the service without a password: + +```bash +# As root on the LXC +echo "bflr ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bflr, /usr/bin/systemctl status bflr" > /etc/sudoers.d/bflr-deploy +chmod 440 /etc/sudoers.d/bflr-deploy +``` + +Make sure the repo is cloned and the app works manually first (see `docs/deploy-proxmox-lxc.md`). + +## 2. Generate a deploy SSH key + +On your local machine (or the Gitea runner): + +```bash +ssh-keygen -t ed25519 -C "gitea-deploy" -f deploy_key -N "" +``` + +Copy the **public** key to the server: + +```bash +ssh-copy-id -i deploy_key.pub bflr@your-lxc-ip +``` + +## 3. Add secrets in Gitea + +Go to your repo on git.b4l.co.th → **Settings** → **Actions** → **Secrets**, and add: + +| Secret | Value | +|--------|-------| +| `DEPLOY_HOST` | LXC server IP (e.g. `192.168.1.50`) | +| `DEPLOY_USER` | SSH user (e.g. `bflr`) | +| `DEPLOY_KEY` | Contents of `deploy_key` (the private key, not .pub) | +| `DEPLOY_PORT` | SSH port (optional, defaults to 22) | +| `DEPLOY_PATH` | App directory (optional, defaults to `/home/bflr/buildfor_life_repair`) | + +## 4. Enable Actions in Gitea + +Make sure Gitea Actions is enabled on your instance: + +```ini +# In app.ini (Gitea config) +[actions] +ENABLED = true +``` + +You also need a runner registered. If you don't have one, install the Gitea runner on the Gitea host or another machine: + +```bash +# Download the runner +wget https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64 +chmod +x act_runner-linux-amd64 + +# Register with your Gitea instance +./act_runner-linux-amd64 register --instance https://git.b4l.co.th --token + +# Start +./act_runner-linux-amd64 daemon +``` + +## 5. Test + +Push any change to `main` and check the Actions tab in Gitea for the deploy log. + +## What the workflow does + +1. SSHs into the LXC server +2. `git pull` the latest code +3. `npm ci` to install dependencies +4. `npm run build` to compile +5. `npm run db:push` to apply any schema changes +6. `sudo systemctl restart bflr` to restart the service +7. Verifies the service started successfully