bu5hm4nn/vault-dash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: migrate workflows from Forgejo to Gitea Actions
Some checks failed
CI / lint (push) Successful in 45s
Details
CI / type-check (push) Successful in 50s
Details
CI / test (push) Failing after 5s
Details

Browse Source
This commit is contained in:
Bu5hm4nn
2026-04-08 12:41:29 +02:00
parent 2a49a10d9a
commit 78ff775aa5
5 changed files with 124 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
DEPLOYMENT.md
View File

@@ -1,13 +1,13 @@
# Deployment Guide
This project uses Forgejo Actions for CI/CD, building a Docker image and deploying to a VPN-reachable VPS over SSH.
This project uses Gitea Actions for CI/CD, building a Docker image and deploying to a VPN-reachable VPS over SSH.
## Overview
Deployment workflow:
1. **CI** (`.forgejo/workflows/ci.yaml`): Lint, test, type-check on every push
2. **Deploy** (`.forgejo/workflows/deploy.yaml`): Build, scan, and deploy on main branch
1. **CI** (`.gitea/workflows/ci.yaml`): lint, test, type-check on every push
2. **Build and Deploy** (`.gitea/workflows/deploy.yaml`): build and deploy on `main` after CI succeeds, or manually via workflow dispatch
---
@@ -20,14 +20,15 @@ Deployment workflow:
- SSH access via VPN
- Python 3.11+ (for healthcheck script)
### Forgejo Instance Setup
### Gitea Instance Setup
1. Enable Actions in Forgejo admin settings
2. Register a runner (or use Forgejo's built-in runner)
1. Enable Actions in Gitea admin settings
2. Enable Actions for the repository
3. Register an Actions runner
### Runner Setup
Forgejo supports both built-in runners and self-hosted Docker runners. For Docker-in-Docker builds, ensure the runner has:
Gitea Actions uses `act_runner`. For Docker-based builds, ensure the runner host has:
- Docker installed and accessible
- `docker` and `docker compose` commands available
@@ -35,34 +36,40 @@ Forgejo supports both built-in runners and self-hosted Docker runners. For Docke
Example runner registration:
```bash
# On your Forgejo server
forgejo actions generate-runner-token > token.txt
forgejo-runner register --instance-addr http://localhost:3000 --token $(cat token.txt)
forgejo-runner daemon
# On the runner host
./act_runner register --no-interactive --instance http://tea.uncloud.vpn --token <registration-token>
./act_runner daemon
```
Repository, organization, and instance runner tokens can be created from the Gitea web UI under Actions runner settings.
---
## 2. Required Secrets
Configure in **Settings → Secrets and variables → Actions**:
Configure in **Settings → Secrets and variables → Actions**.
### Secrets
| Secret | Description |
|--------|-------------|
| `DEPLOY_SSH_PRIVATE_KEY` | SSH key for VPS access |
| `DEPLOY_HOST` | VPS IP/hostname (VPN-reachable) |
| `DEPLOY_USER` | Deploy user (default: `deploy`) |
| `DEPLOY_PORT` | SSH port (default: 22) |
| `DEPLOY_PATH` | Deploy path (default: `/opt/vault-dash`) |
| `NICEGUI_STORAGE_SECRET` | Session secret |
| `REGISTRY_PASSWORD` | Container registry token (if needed) |
| `DOCKERHUB_TOKEN` | Docker Hub token |
| `TURNSTILE_SECRET_KEY` | Turnstile secret key |
| `DATABENTO_API_KEY` | Databento API key |
### Optional Variables
### Variables
| Variable | Description |
|----------|-------------|
| `DEPLOY_HOST` | VPS IP/hostname (VPN-reachable) |
| `DEPLOY_USER` | Deploy user (default: `deploy`) |
| `DEPLOY_PORT` | SSH port (default: `22`) |
| `DEPLOY_PATH` | Deploy path (default: `/opt/vault-dash`) |
| `REGISTRY` | Container registry URL |
| `EXTERNAL_HEALTHCHECK_URL` | Public health check URL |
| `DOCKERHUB_USERNAME` | Docker Hub username |
| `TURNSTILE_SITE_KEY` | Turnstile site key |
---
@@ -127,7 +134,7 @@ export DEPLOY_SSH_PRIVATE_KEY="$(cat ~/.ssh/deploy_key)"
export APP_IMAGE="registry.example.com/vault-dash:latest"
# Run deploy script
bash scripts/deploy.sh
bash scripts/deploy-actions.sh
```
---
@@ -150,22 +157,12 @@ vault.uncloud.vpn {
---
## 7. Future: OAuth Integration
When ready to expose publicly:
1. Set up OAuth provider (Authentik, Keycloak, etc.)
2. Configure `CORS_ORIGINS` for public URL
3. Add OAuth middleware to FastAPI
4. Enable HTTPS via Let's Encrypt
---
## 8. Troubleshooting
## 7. Troubleshooting
### Runner can't build Docker images
Ensure runner has Docker access:
```bash
docker run --rm hello-world
```
@@ -192,4 +189,4 @@ cd /opt/vault-dash
PREVIOUS=$(cat .last_successful_image)
sed -i "s|^APP_IMAGE=.*|APP_IMAGE=$PREVIOUS|" .env
docker compose -f docker-compose.deploy.yml up -d
```
```