fabi/Mangalord
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: no-SSH local deploy + Dockerfile build fixes #1

Merged
fabi merged 2 commits from fix/ci-deploy-pipeline into main 2026-05-31 15:43:55 +00:00
Conversation 0 Commits 2 Files Changed 3 +34 -25
fabi commented 2026-05-31 15:28:53 +00:00
Owner
Copy Link

What & why

Enables the Gitea Actions pipeline to build and auto-deploy mangalord to the single-host homelab. mangalord is already live at https://manga.mc02.dev (bootstrapped by hand); this makes future pushes to main build + ship automatically.

fix(docker) — three latent build bugs (never hit because mangalord had never deployed)

  1. dep-cache stage stubbed only main.rs/lib.rs, but Cargo.toml declares a 2nd [[bin]] crawler (src/bin/crawler.rs) -> cargo build --locked aborted (can't find bin crawler). Now stubs the crawler bin too.
  2. runtime glibc mismatch: rust:1-slim floated to Debian trixie (glibc 2.41) while the runtime stage was pinned debian:bookworm-slim (glibc 2.36) -> crash-loop GLIBC_2.39 not found. Runtime -> debian:trixie-slim to match the builder.
  3. frontend healthcheck probed localhost (musl picks IPv6 ::1) but the Node server binds IPv4 0.0.0.0 only -> false unhealthy. Now probes 127.0.0.1.

ci — deploy without SSH

The runner is on the deploy host, so the deploy job drives the host docker daemon directly (docker:cli + the runner's shared socket) and runs docker compose pull && up -d against the central compose with a bind-mounted compose dir, instead of appleboy/ssh-action. It recreates only mangalord-backend + mangalord-frontend at the freshly built SHA. The SSH_* secrets are no longer needed.

Host side already wired (no action needed)

  • act_runner container.valid_volumes includes /mnt/ssd/docker-data; docker_host: "-".
  • Registry CI user mangalord-ci; repo secrets REGISTRY_URL / REGISTRY_USERNAME / REGISTRY_PASSWORD set.
  • Central docker-compose.yml has both mangalord-* services + the manga.mc02.dev Caddy route; DB + storage provisioned.

Notes

  • No version bump — build/CI-only, --locked stays happy at 0.44.0. Want a patch bump? It needs a Cargo.lock refresh; say so.
  • Unproven on first run: build-and-push keeps cache-{from,to}: type=gha; if Gitea's cache backend rejects it I'll switch to type=registry. First cold backend build on the Pi is ~20-40 min.
  • Crawler still ships off (CRAWLER_DAEMON=false); the verified Chromium-on-ARM plan is tracked separately.

Opening this PR runs the test jobs (build/deploy are gated off for PRs); merging to main triggers the first real build -> push -> deploy.

🤖 Generated with Claude Code

## What & why Enables the Gitea Actions pipeline to build and **auto-deploy mangalord to the single-host homelab**. mangalord is already live at https://manga.mc02.dev (bootstrapped by hand); this makes future pushes to `main` build + ship automatically. ### `fix(docker)` — three latent build bugs (never hit because mangalord had never deployed) 1. **dep-cache stage** stubbed only `main.rs`/`lib.rs`, but `Cargo.toml` declares a 2nd `[[bin]] crawler` (`src/bin/crawler.rs`) -> `cargo build --locked` aborted (*can't find bin crawler*). Now stubs the crawler bin too. 2. **runtime glibc mismatch**: `rust:1-slim` floated to Debian **trixie** (glibc 2.41) while the runtime stage was pinned `debian:bookworm-slim` (glibc 2.36) -> crash-loop `GLIBC_2.39 not found`. Runtime -> `debian:trixie-slim` to match the builder. 3. **frontend healthcheck** probed `localhost` (musl picks IPv6 `::1`) but the Node server binds IPv4 `0.0.0.0` only -> false `unhealthy`. Now probes `127.0.0.1`. ### `ci` — deploy without SSH The runner is on the deploy host, so the deploy job drives the host docker daemon directly (`docker:cli` + the runner's shared socket) and runs `docker compose pull && up -d` against the central compose with a bind-mounted compose dir, instead of `appleboy/ssh-action`. It recreates only `mangalord-backend` + `mangalord-frontend` at the freshly built SHA. **The `SSH_*` secrets are no longer needed.** ## Host side already wired (no action needed) - `act_runner` `container.valid_volumes` includes `/mnt/ssd/docker-data`; `docker_host: "-"`. - Registry CI user `mangalord-ci`; repo secrets `REGISTRY_URL` / `REGISTRY_USERNAME` / `REGISTRY_PASSWORD` set. - Central `docker-compose.yml` has both `mangalord-*` services + the `manga.mc02.dev` Caddy route; DB + storage provisioned. ## Notes - **No version bump** — build/CI-only, `--locked` stays happy at 0.44.0. Want a patch bump? It needs a Cargo.lock refresh; say so. - **Unproven on first run:** `build-and-push` keeps `cache-{from,to}: type=gha`; if Gitea's cache backend rejects it I'll switch to `type=registry`. First cold backend build on the Pi is ~20-40 min. - Crawler still ships **off** (`CRAWLER_DAEMON=false`); the verified Chromium-on-ARM plan is tracked separately. Opening this PR runs the test jobs (build/deploy are gated off for PRs); **merging to `main` triggers the first real build -> push -> deploy**. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
fabi added 2 commits 2026-05-31 15:28:53 +00:00
fix(docker): unblock image builds on this host a615b0aee7 
- backend dep-cache stage stubs only main.rs/lib.rs, but Cargo.toml
  declares a second [[bin]] crawler at src/bin/crawler.rs, so
  `cargo build --locked` aborts ("can't find bin crawler"). Stub it too.
- runtime was debian:bookworm-slim (glibc 2.36) while rust:1-slim now
  tracks trixie (glibc 2.41) -> "GLIBC_2.39 not found" at boot. Pin the
  runtime to debian:trixie-slim so it matches the builder's glibc.
- frontend healthcheck probed localhost (-> musl picks IPv6 ::1) but the
  Node server binds IPv4 0.0.0.0 only -> false "unhealthy". Probe 127.0.0.1.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ci: deploy to the local stack over the runner socket, not SSH
Some checks failed
deploy / test-backend (pull_request) Failing after 1m6s
Details
deploy / test-frontend (pull_request) Failing after 1m18s
Details
deploy / build-and-push (pull_request) Has been skipped
Details
deploy / deploy (pull_request) Has been skipped
Details
2a0cc24c07 
The runner lives on the deploy host and shares its docker daemon, so the
deploy job runs `docker compose pull && up -d` against the central compose
via a bind-mounted compose dir (docker:cli + docker_host: "-") instead of
appleboy/ssh-action. Drops the SSH_* secrets and recreates only the two
mangalord services at the freshly built SHA. Requires /mnt/ssd/docker-data
in the runner's container.valid_volumes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
fabi merged commit e851355f28 into main 2026-05-31 15:43:55 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
fabi
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: fabi/Mangalord#1
Delete Branch "fix/ci-deploy-pipeline"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?