Compare commits
4 Commits
143ad28854
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
bb70a5372b | ||
|
|
bc28d93662 | ||
|
|
81ce1d277a | ||
|
|
2012894eeb |
27
README.md
27
README.md
@@ -396,18 +396,19 @@ docker compose logs -f app # tail logs
|
||||
|
||||
## CI/CD
|
||||
|
||||
Go to GitLab → padelnomics → Settings → CI/CD → Variables and add:
|
||||
Pull-based deployment via Gitea Actions — no SSH keys or deploy credentials in CI.
|
||||
|
||||
| Variable | Value | Notes |
|
||||
|----------|-------|-------|
|
||||
| SSH_PRIVATE_KEY | Your ed25519 private key | Mask it, type "Variable" |
|
||||
| DEPLOY_HOST | Your Hetzner server IP | e.g. 1.2.3.4 |
|
||||
| DEPLOY_USER | SSH username on the server | e.g. deploy or root |
|
||||
| SSH_KNOWN_HOSTS | Server host key | Run `ssh-keyscan $YOUR_SERVER_IP` |
|
||||
1. Push to master → Gitea Actions runs tests (`.gitea/workflows/ci.yaml`)
|
||||
2. On success, CI creates tag `v<run_number>` using the built-in `github.token`
|
||||
3. On-server supervisor polls for new tags every 60s and deploys automatically
|
||||
|
||||
Server-side one-time setup:
|
||||
1. Add the matching public key to `~/.ssh/authorized_keys` for the deploy user
|
||||
2. Clone the repo to `/opt/padelnomics`
|
||||
3. Create `.env` from `padelnomics/.env.example` with production values
|
||||
4. `chmod +x deploy.sh && ./deploy.sh` for the first deploy
|
||||
5. Point reverse proxy to port 5000
|
||||
**Server-side one-time setup:**
|
||||
```bash
|
||||
bash infra/setup_server.sh # creates padelnomics_service user, keys, dirs
|
||||
ssh root@<server> 'bash -s' < infra/bootstrap_supervisor.sh
|
||||
```
|
||||
|
||||
1. `setup_server.sh` generates an ed25519 SSH deploy key — add the printed public key to Gitea:
|
||||
`git.padelnomics.io → padelnomics → Settings → Deploy Keys → Add key (read-only)`
|
||||
2. Add the printed age public key to `.sops.yaml`, re-encrypt, commit + push
|
||||
3. Run `bootstrap_supervisor.sh` — clones from `git.padelnomics.io:2222`, decrypts secrets, starts systemd supervisor
|
||||
|
||||
@@ -15,7 +15,7 @@ set -euo pipefail
|
||||
|
||||
SERVICE_USER="padelnomics_service"
|
||||
REPO_DIR="/opt/padelnomics"
|
||||
GITLAB_PROJECT="deemanone/padelnomics"
|
||||
GITEA_REPO="ssh://git@git.padelnomics.io:2222/deemanone/padelnomics.git"
|
||||
UV="/home/${SERVICE_USER}/.local/bin/uv"
|
||||
|
||||
[ "$(id -u)" = "0" ] || { echo "ERROR: Run as root"; exit 1; }
|
||||
@@ -35,7 +35,7 @@ if [ -d "${REPO_DIR}/.git" ]; then
|
||||
sudo -u "${SERVICE_USER}" git -C "${REPO_DIR}" fetch --tags --prune-tags origin
|
||||
else
|
||||
sudo -u "${SERVICE_USER}" git clone \
|
||||
"git@gitlab.com:${GITLAB_PROJECT}.git" "${REPO_DIR}"
|
||||
"${GITEA_REPO}" "${REPO_DIR}"
|
||||
fi
|
||||
|
||||
LATEST_TAG=$(sudo -u "${SERVICE_USER}" \
|
||||
|
||||
@@ -75,7 +75,8 @@ fi
|
||||
|
||||
if [ ! -f "${SSH_DIR}/config" ]; then
|
||||
cat > "${SSH_DIR}/config" <<EOF
|
||||
Host gitlab.com
|
||||
Host git.padelnomics.io
|
||||
Port 2222
|
||||
IdentityFile ${DEPLOY_KEY}
|
||||
IdentitiesOnly yes
|
||||
EOF
|
||||
@@ -83,7 +84,7 @@ EOF
|
||||
chmod 600 "${SSH_DIR}/config"
|
||||
fi
|
||||
|
||||
ssh-keyscan -H gitlab.com >> "${SSH_DIR}/known_hosts" 2>/dev/null
|
||||
ssh-keyscan -H -p 2222 git.padelnomics.io >> "${SSH_DIR}/known_hosts" 2>/dev/null
|
||||
sort -u "${SSH_DIR}/known_hosts" -o "${SSH_DIR}/known_hosts"
|
||||
chown "${SERVICE_USER}:${SERVICE_USER}" "${SSH_DIR}/known_hosts"
|
||||
chmod 644 "${SSH_DIR}/known_hosts"
|
||||
|
||||
Reference in New Issue
Block a user