fabi/Mangalord
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bugfix/crawler-incremental-pagination
Mangalord/.gitea
History
fabi 2a0cc24c07
Some checks failed
deploy / test-backend (pull_request) Failing after 1m6s
Details
deploy / test-frontend (pull_request) Failing after 1m18s
Details
deploy / build-and-push (pull_request) Has been skipped
Details
deploy / deploy (pull_request) Has been skipped
Details
ci: deploy to the local stack over the runner socket, not SSH 
The runner lives on the deploy host and shares its docker daemon, so the
deploy job runs `docker compose pull && up -d` against the central compose
via a bind-mounted compose dir (docker:cli + docker_host: "-") instead of
appleboy/ssh-action. Drops the SSH_* secrets and recreates only the two
mangalord services at the freshly built SHA. Requires /mnt/ssd/docker-data
in the runner's container.valid_volumes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 17:26:58 +02:00
..
workflows
ci: deploy to the local stack over the runner socket, not SSH
2026-05-31 17:26:58 +02:00
README.md
feat: gitea actions for build, push, and ssh deploy (0.34.0)
2026-05-28 06:56:13 +02:00

README.md

Gitea Actions

The deploy workflow runs on every push to main (and via manual workflow_dispatch). It tests, builds, pushes the images to a private registry, and rolls the stack over by SSH on the target host.

Required secrets

Set under Repo Settings → Actions → Secrets:

Name Example Purpose
REGISTRY_URL registry.example.com Registry host. No scheme, no trailing slash.
REGISTRY_USERNAME mangalord-ci docker login user.
REGISTRY_PASSWORD <token> docker login token/password.
SSH_HOST mangalord.example.com Deploy target hostname/IP.
SSH_USER deploy SSH user on the target (must be in the docker group).
SSH_PRIVATE_KEY -----BEGIN OPENSSH... Private key authorised in the target user's authorized_keys.
SSH_PORT 22 Optional. Defaults to 22 if unset.

Required variables

Set under Repo Settings → Actions → Variables (not secrets — they appear in logs):

Name Example Purpose
DEPLOY_PATH /srv/mangalord Directory on target holding docker-compose.yml, .env, and the prod overlay.

One-time host setup

The workflow assumes the deploy target already has:

  1. Docker + Docker Compose v2 installed and the SSH_USER in the docker group.
  2. $DEPLOY_PATH/docker-compose.yml (copy of the repo's docker-compose.yml).
  3. $DEPLOY_PATH/docker-compose.prod.yml (copy of the repo's docker-compose.prod.yml).
  4. $DEPLOY_PATH/.env populated from .env.example with production values (real POSTGRES_PASSWORD, COOKIE_SECURE=true, etc.).

Bootstrap once:

ssh deploy@mangalord.example.com
sudo mkdir -p /srv/mangalord && sudo chown deploy:deploy /srv/mangalord
cd /srv/mangalord
# place docker-compose.yml, docker-compose.prod.yml, and .env here

The first workflow run will pull the images, bring the stack up, and run the embedded migrations on startup.

Image tags

Every push produces three tags per image:

  • mangalord-{backend,frontend}:latest
  • mangalord-{backend,frontend}:<git-sha> — used by the deploy job; lets you pin a deploy to a specific commit
  • mangalord-{backend,frontend}:<version> — the version from backend/Cargo.toml (verified in lockstep with frontend/package.json)

Rollback

SSH to the target, set IMAGE_TAG to a previous commit SHA, and re-up:

cd /srv/mangalord
export REGISTRY_URL=registry.example.com
export IMAGE_TAG=<previous-sha>
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
Reference in New Issue View Git Blame Copy Permalink