From bb70a5372bcdf31c6311007dafa3df2e08292e92 Mon Sep 17 00:00:00 2001 From: Deeman Date: Sat, 28 Feb 2026 01:58:11 +0100 Subject: [PATCH] docs: replace GitLab CI/CD section with Gitea pull-based deployment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove outdated SSH-push model referencing GitLab variables. Document the actual pull-based flow: Gitea Actions → tag → supervisor polls. Co-Authored-By: Claude Sonnet 4.6 --- README.md | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index b075596..e04ebd3 100644 --- a/README.md +++ b/README.md @@ -396,18 +396,19 @@ docker compose logs -f app # tail logs ## CI/CD -Go to GitLab → padelnomics → Settings → CI/CD → Variables and add: +Pull-based deployment via Gitea Actions — no SSH keys or deploy credentials in CI. -| Variable | Value | Notes | -|----------|-------|-------| -| SSH_PRIVATE_KEY | Your ed25519 private key | Mask it, type "Variable" | -| DEPLOY_HOST | Your Hetzner server IP | e.g. 1.2.3.4 | -| DEPLOY_USER | SSH username on the server | e.g. deploy or root | -| SSH_KNOWN_HOSTS | Server host key | Run `ssh-keyscan $YOUR_SERVER_IP` | +1. Push to master → Gitea Actions runs tests (`.gitea/workflows/ci.yaml`) +2. On success, CI creates tag `v` using the built-in `github.token` +3. On-server supervisor polls for new tags every 60s and deploys automatically -Server-side one-time setup: -1. Add the matching public key to `~/.ssh/authorized_keys` for the deploy user -2. Clone the repo to `/opt/padelnomics` -3. Create `.env` from `padelnomics/.env.example` with production values -4. `chmod +x deploy.sh && ./deploy.sh` for the first deploy -5. Point reverse proxy to port 5000 +**Server-side one-time setup:** +```bash +bash infra/setup_server.sh # creates padelnomics_service user, keys, dirs +ssh root@ 'bash -s' < infra/bootstrap_supervisor.sh +``` + +1. `setup_server.sh` generates an ed25519 SSH deploy key — add the printed public key to Gitea: + `git.padelnomics.io → padelnomics → Settings → Deploy Keys → Add key (read-only)` +2. Add the printed age public key to `.sops.yaml`, re-encrypt, commit + push +3. Run `bootstrap_supervisor.sh` — clones from `git.padelnomics.io:2222`, decrypts secrets, starts systemd supervisor