deemanone/beanflows
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update CI/CD references from GitLab to Gitea
Some checks failed
CI / test-cli (push) Successful in 11s
Details
CI / test-sqlmesh (push) Successful in 13s
Details
CI / test-web (push) Failing after 12s
Details
CI / tag (push) Has been skipped
Details

Browse Source 
Replace .gitlab/.gitlab-ci.yml with .gitea/workflows/ci.yaml, update
CI_JOB_TOKEN → github.token, CI_PIPELINE_IID → github.run_number, and
update setup instructions to point to git.padelnomics.io deploy keys.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Deeman
2026-02-28 01:58:09 +01:00
parent efb5a165e7
commit cddcd4463e
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CLAUDE.md
View File

@@ -118,11 +118,11 @@ uv add --package new_source extract-core niquests
- Each tick: git pull (tag-based) → due extractors → SQLMesh → export_serving → web deploy if changed
- Crash-safe: systemd `Restart=always` + 10-minute backoff on tick failure
**CI/CD** (`.gitlab/.gitlab-ci.yml`) — pull-based, no SSH:
- `test` stage: pytest, sqlmesh test, web pytest
- `tag` stage: creates `v${CI_PIPELINE_IID}` tag after tests pass (master branch only)
**CI/CD** (`.gitea/workflows/ci.yaml`) — pull-based, no SSH:
- `test-cli`, `test-sqlmesh`, `test-web` jobs: pytest, sqlmesh test, web pytest
- `tag` job: creates `v${github.run_number}` tag after all tests pass (master branch only)
- Supervisor polls for new tags every 60s, checks out latest, runs `uv sync`
- No SSH keys or deploy credentials in CI — only `CI_JOB_TOKEN` (built-in)
- No SSH keys or deploy credentials in CI — only `github.token` (built-in Gitea Actions)
**CLI modules** (`src/materia/`):
- `cli.py` — Typer app with subcommands: pipeline, secrets, version

12
infra/readme.md
View File

@@ -7,7 +7,7 @@ Single-server local-first setup for BeanFlows.coffee on Hetzner NVMe.
```
Hetzner Server (NVMe)
├── beanflows_service (system user, nologin)
│ ├── ~/.ssh/materia_deploy # ed25519 deploy key for GitLab read access
│ ├── ~/.ssh/beanflows_deploy # ed25519 deploy key for Gitea read access
│ └── ~/.config/sops/age/keys.txt # age keypair (auto-discovered by SOPS)
├── /opt/materia/ # Git repo (owned by beanflows_service, latest release tag)
├── /opt/materia/.env # Decrypted from .env.prod.sops at deploy time
@@ -37,11 +37,11 @@ bash infra/setup_server.sh
This creates the `beanflows_service` user, data directories, installs all tools (git, curl, age, sops, rclone, uv), generates an ed25519 SSH deploy key and an age keypair (both as the service user). It prints both public keys.
### 2. Add keys to GitLab and SOPS
### 2. Add keys to Gitea and SOPS
```bash
# Add the SSH deploy key to GitLab:
# → Repository Settings → Deploy Keys → Add key (read-only)
# Add the SSH deploy key to Gitea:
# → git.padelnomics.io → beanflows repo → Settings → Deploy Keys → Add key (read-only)
# Add the server age public key to .sops.yaml on your workstation,
# then re-encrypt prod secrets to include the server key:
@@ -87,8 +87,8 @@ SOPS auto-discovers the service user's age key at `~/.config/sops/age/keys.txt`
No SSH keys or deploy credentials in CI.
1. CI runs tests (`test:cli`, `test:sqlmesh`, `test:web`)
2. On master, CI creates tag `v${CI_PIPELINE_IID}` using built-in `CI_JOB_TOKEN`
1. CI runs tests (`test-cli`, `test-sqlmesh`, `test-web`)
2. On master, CI creates tag `v${github.run_number}` using built-in `github.token`
3. Supervisor polls for new tags every 60s
4. When a new tag appears: `git checkout --detach <tag>` + `uv sync --all-packages`
5. If `web/` files changed: `./web/deploy.sh` (Docker blue/green + health check)