From cddcd4463e113141f3555a29d07458deef59faa8 Mon Sep 17 00:00:00 2001 From: Deeman Date: Sat, 28 Feb 2026 01:58:09 +0100 Subject: [PATCH] docs: update CI/CD references from GitLab to Gitea MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace .gitlab/.gitlab-ci.yml with .gitea/workflows/ci.yaml, update CI_JOB_TOKEN → github.token, CI_PIPELINE_IID → github.run_number, and update setup instructions to point to git.padelnomics.io deploy keys. Co-Authored-By: Claude Sonnet 4.6 --- CLAUDE.md | 8 ++++---- infra/readme.md | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 213fa20..ba48022 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -118,11 +118,11 @@ uv add --package new_source extract-core niquests - Each tick: git pull (tag-based) → due extractors → SQLMesh → export_serving → web deploy if changed - Crash-safe: systemd `Restart=always` + 10-minute backoff on tick failure -**CI/CD** (`.gitlab/.gitlab-ci.yml`) — pull-based, no SSH: -- `test` stage: pytest, sqlmesh test, web pytest -- `tag` stage: creates `v${CI_PIPELINE_IID}` tag after tests pass (master branch only) +**CI/CD** (`.gitea/workflows/ci.yaml`) — pull-based, no SSH: +- `test-cli`, `test-sqlmesh`, `test-web` jobs: pytest, sqlmesh test, web pytest +- `tag` job: creates `v${github.run_number}` tag after all tests pass (master branch only) - Supervisor polls for new tags every 60s, checks out latest, runs `uv sync` -- No SSH keys or deploy credentials in CI — only `CI_JOB_TOKEN` (built-in) +- No SSH keys or deploy credentials in CI — only `github.token` (built-in Gitea Actions) **CLI modules** (`src/materia/`): - `cli.py` — Typer app with subcommands: pipeline, secrets, version diff --git a/infra/readme.md b/infra/readme.md index ad78961..e686f59 100644 --- a/infra/readme.md +++ b/infra/readme.md @@ -7,7 +7,7 @@ Single-server local-first setup for BeanFlows.coffee on Hetzner NVMe. ``` Hetzner Server (NVMe) ├── beanflows_service (system user, nologin) -│ ├── ~/.ssh/materia_deploy # ed25519 deploy key for GitLab read access +│ ├── ~/.ssh/beanflows_deploy # ed25519 deploy key for Gitea read access │ └── ~/.config/sops/age/keys.txt # age keypair (auto-discovered by SOPS) ├── /opt/materia/ # Git repo (owned by beanflows_service, latest release tag) ├── /opt/materia/.env # Decrypted from .env.prod.sops at deploy time @@ -37,11 +37,11 @@ bash infra/setup_server.sh This creates the `beanflows_service` user, data directories, installs all tools (git, curl, age, sops, rclone, uv), generates an ed25519 SSH deploy key and an age keypair (both as the service user). It prints both public keys. -### 2. Add keys to GitLab and SOPS +### 2. Add keys to Gitea and SOPS ```bash -# Add the SSH deploy key to GitLab: -# → Repository Settings → Deploy Keys → Add key (read-only) +# Add the SSH deploy key to Gitea: +# → git.padelnomics.io → beanflows repo → Settings → Deploy Keys → Add key (read-only) # Add the server age public key to .sops.yaml on your workstation, # then re-encrypt prod secrets to include the server key: @@ -87,8 +87,8 @@ SOPS auto-discovers the service user's age key at `~/.config/sops/age/keys.txt` No SSH keys or deploy credentials in CI. -1. CI runs tests (`test:cli`, `test:sqlmesh`, `test:web`) -2. On master, CI creates tag `v${CI_PIPELINE_IID}` using built-in `CI_JOB_TOKEN` +1. CI runs tests (`test-cli`, `test-sqlmesh`, `test-web`) +2. On master, CI creates tag `v${github.run_number}` using built-in `github.token` 3. Supervisor polls for new tags every 60s 4. When a new tag appears: `git checkout --detach ` + `uv sync --all-packages` 5. If `web/` files changed: `./web/deploy.sh` (Docker blue/green + health check)