B4L/buildfor_life_repair
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
buildfor_life_repair/docs/ci-deploy-setup.md
T
grabowski c12f727734
Deploy to LXC / deploy (push) Successful in 19s
Details
Update deploy workflow for private repo with deploy keys 
Two SSH keys needed:
- DEPLOY_KEY: CI runner → LXC server (SSH access)
- REPO_DEPLOY_KEY: LXC server → Gitea repo (git pull access)

Workflow writes the repo deploy key to ~/.ssh on the server and
configures SSH to use it for git.b4l.co.th. Handles first deploy
(clone) and subsequent deploys (pull) automatically.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 16:26:04 +07:00

114 lines
3.2 KiB
Markdown
Raw Permalink Blame History

# CI/CD Deploy Setup
Auto-deploys to your LXC server on every push to `main`.
## 1. Server preparation
On the LXC server, allow the deploy user to restart the service without a password:
```bash
# As root on the LXC
echo "bflr ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bflr, /usr/bin/systemctl status bflr" > /etc/sudoers.d/bflr-deploy
chmod 440 /etc/sudoers.d/bflr-deploy
```
Make sure the repo is cloned and the app works manually first (see `docs/deploy-proxmox-lxc.md`).
## 2. Generate SSH keys
You need **two** SSH key pairs:
### a) Deploy key (CI runner → LXC server)
This lets the CI runner SSH into your server:
```bash
ssh-keygen -t ed25519 -C "ci-to-server" -f ci_deploy_key -N ""
```
Copy the **public** key to the server:
```bash
ssh-copy-id -i ci_deploy_key.pub bflr@your-lxc-ip
```
### b) Repo deploy key (LXC server → private Gitea repo)
This lets the server `git pull` from the private repo:
```bash
ssh-keygen -t ed25519 -C "server-to-repo" -f repo_deploy_key -N ""
```
Add the **public** key in Gitea: repo → **Settings****Deploy Keys****Add Deploy Key**, paste `repo_deploy_key.pub`.
## 3. Add secrets in Gitea
Go to your repo on git.b4l.co.th → **Settings****Actions****Secrets**, and add:
| Secret | Value |
|--------|-------|
| `DEPLOY_HOST` | LXC server IP (e.g. `192.168.1.50`) |
| `DEPLOY_USER` | SSH user (e.g. `bflr`) |
| `DEPLOY_KEY` | Contents of `ci_deploy_key` (private key — CI runner → server) |
| `REPO_DEPLOY_KEY` | Contents of `repo_deploy_key` (private key — server → Gitea repo) |
| `DEPLOY_PORT` | SSH port (optional, defaults to 22) |
| `DEPLOY_PATH` | App directory (optional, defaults to `/home/bflr/buildfor_life_repair`) |
### First clone on the server
If you haven't cloned the repo yet, the workflow will do it automatically on the first run. Or clone manually:
```bash
# On the server as bflr user, set up the deploy key first
mkdir -p ~/.ssh
cp repo_deploy_key ~/.ssh/repo_deploy_key
chmod 600 ~/.ssh/repo_deploy_key
cat >> ~/.ssh/config <<EOF
Host git.b4l.co.th
HostName git.b4l.co.th
IdentityFile ~/.ssh/repo_deploy_key
StrictHostKeyChecking accept-new
EOF
git clone git@git.b4l.co.th:B4L/buildfor_life_repair.git
```
## 4. Enable Actions in Gitea
Make sure Gitea Actions is enabled on your instance:
```ini
# In app.ini (Gitea config)
[actions]
ENABLED = true
```
You also need a runner registered. If you don't have one, install the Gitea runner on the Gitea host or another machine:
```bash
# Download the runner
wget https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64
chmod +x act_runner-linux-amd64
# Register with your Gitea instance
./act_runner-linux-amd64 register --instance https://git.b4l.co.th --token <your-runner-token>
# Start
./act_runner-linux-amd64 daemon
```
## 5. Test
Push any change to `main` and check the Actions tab in Gitea for the deploy log.
## What the workflow does
1. SSHs into the LXC server
2. Installs the repo deploy key for private repo access
3. `git pull` the latest code (or `git clone` on first deploy)
4. `npm run build` to compile
5. `npm run db:push` to apply any schema changes
6. `sudo systemctl restart bflr` to restart the service
7. Verifies the service started successfully
Reference in New Issue View Git Blame Copy Permalink