B4L/buildfor_life_repair
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6252041631bed0a693e0107f31cf72381e254f47
buildfor_life_repair/docs/ci-deploy-setup.md
T
grabowski c12f727734
Deploy to LXC / deploy (push) Successful in 19s
Details
Update deploy workflow for private repo with deploy keys 
Two SSH keys needed:
- DEPLOY_KEY: CI runner → LXC server (SSH access)
- REPO_DEPLOY_KEY: LXC server → Gitea repo (git pull access)

Workflow writes the repo deploy key to ~/.ssh on the server and
configures SSH to use it for git.b4l.co.th. Handles first deploy
(clone) and subsequent deploys (pull) automatically.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 16:26:04 +07:00

3.2 KiB
Raw Blame History

CI/CD Deploy Setup

Auto-deploys to your LXC server on every push to main.

1. Server preparation

On the LXC server, allow the deploy user to restart the service without a password:

# As root on the LXC
echo "bflr ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart bflr, /usr/bin/systemctl status bflr" > /etc/sudoers.d/bflr-deploy
chmod 440 /etc/sudoers.d/bflr-deploy

Make sure the repo is cloned and the app works manually first (see docs/deploy-proxmox-lxc.md).

2. Generate SSH keys

You need two SSH key pairs:

a) Deploy key (CI runner → LXC server)

This lets the CI runner SSH into your server:

ssh-keygen -t ed25519 -C "ci-to-server" -f ci_deploy_key -N ""

Copy the public key to the server:

ssh-copy-id -i ci_deploy_key.pub bflr@your-lxc-ip

b) Repo deploy key (LXC server → private Gitea repo)

This lets the server git pull from the private repo:

ssh-keygen -t ed25519 -C "server-to-repo" -f repo_deploy_key -N ""

Add the public key in Gitea: repo → SettingsDeploy KeysAdd Deploy Key, paste repo_deploy_key.pub.

3. Add secrets in Gitea

Go to your repo on git.b4l.co.th → SettingsActionsSecrets, and add:

Secret Value
DEPLOY_HOST LXC server IP (e.g. 192.168.1.50)
DEPLOY_USER SSH user (e.g. bflr)
DEPLOY_KEY Contents of ci_deploy_key (private key — CI runner → server)
REPO_DEPLOY_KEY Contents of repo_deploy_key (private key — server → Gitea repo)
DEPLOY_PORT SSH port (optional, defaults to 22)
DEPLOY_PATH App directory (optional, defaults to /home/bflr/buildfor_life_repair)

First clone on the server

If you haven't cloned the repo yet, the workflow will do it automatically on the first run. Or clone manually:

# On the server as bflr user, set up the deploy key first
mkdir -p ~/.ssh
cp repo_deploy_key ~/.ssh/repo_deploy_key
chmod 600 ~/.ssh/repo_deploy_key
cat >> ~/.ssh/config <<EOF
Host git.b4l.co.th
  HostName git.b4l.co.th
  IdentityFile ~/.ssh/repo_deploy_key
  StrictHostKeyChecking accept-new
EOF

git clone git@git.b4l.co.th:B4L/buildfor_life_repair.git

4. Enable Actions in Gitea

Make sure Gitea Actions is enabled on your instance:

# In app.ini (Gitea config)
[actions]
ENABLED = true

You also need a runner registered. If you don't have one, install the Gitea runner on the Gitea host or another machine:

# Download the runner
wget https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64
chmod +x act_runner-linux-amd64

# Register with your Gitea instance
./act_runner-linux-amd64 register --instance https://git.b4l.co.th --token <your-runner-token>

# Start
./act_runner-linux-amd64 daemon

5. Test

Push any change to main and check the Actions tab in Gitea for the deploy log.

What the workflow does

  1. SSHs into the LXC server
  2. Installs the repo deploy key for private repo access
  3. git pull the latest code (or git clone on first deploy)
  4. npm run build to compile
  5. npm run db:push to apply any schema changes
  6. sudo systemctl restart bflr to restart the service
  7. Verifies the service started successfully
Reference in New Issue View Git Blame Copy Permalink