Files

MechaCat02 e7662d18d6 feat: gitea actions for build, push, and ssh deploy (0.34.0)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-28 06:56:13 +02:00

workflows

feat: gitea actions for build, push, and ssh deploy (0.34.0)

2026-05-28 06:56:13 +02:00

README.md

feat: gitea actions for build, push, and ssh deploy (0.34.0)

2026-05-28 06:56:13 +02:00

README.md

Gitea Actions

The deploy workflow runs on every push to main (and via manual workflow_dispatch). It tests, builds, pushes the images to a private registry, and rolls the stack over by SSH on the target host.

Required secrets

Set under Repo Settings → Actions → Secrets:

Name	Example	Purpose
`REGISTRY_URL`	`registry.example.com`	Registry host. No scheme, no trailing slash.
`REGISTRY_USERNAME`	`mangalord-ci`	`docker login` user.
`REGISTRY_PASSWORD`	`<token>`	`docker login` token/password.
`SSH_HOST`	`mangalord.example.com`	Deploy target hostname/IP.
`SSH_USER`	`deploy`	SSH user on the target (must be in the `docker` group).
`SSH_PRIVATE_KEY`	`-----BEGIN OPENSSH...`	Private key authorised in the target user's `authorized_keys`.
`SSH_PORT`	`22`	Optional. Defaults to `22` if unset.

Required variables

Set under Repo Settings → Actions → Variables (not secrets — they appear in logs):

Name	Example	Purpose
`DEPLOY_PATH`	`/srv/mangalord`	Directory on target holding `docker-compose.yml`, `.env`, and the prod overlay.

One-time host setup

The workflow assumes the deploy target already has:

Docker + Docker Compose v2 installed and the SSH_USER in the docker group.
$DEPLOY_PATH/docker-compose.yml (copy of the repo's docker-compose.yml).
$DEPLOY_PATH/docker-compose.prod.yml (copy of the repo's docker-compose.prod.yml).
$DEPLOY_PATH/.env populated from .env.example with production values (real POSTGRES_PASSWORD, COOKIE_SECURE=true, etc.).

Bootstrap once:

ssh deploy@mangalord.example.com
sudo mkdir -p /srv/mangalord && sudo chown deploy:deploy /srv/mangalord
cd /srv/mangalord
# place docker-compose.yml, docker-compose.prod.yml, and .env here

The first workflow run will pull the images, bring the stack up, and run the embedded migrations on startup.

Image tags

Every push produces three tags per image:

mangalord-{backend,frontend}:latest
mangalord-{backend,frontend}:<git-sha> — used by the deploy job; lets you pin a deploy to a specific commit
mangalord-{backend,frontend}:<version> — the version from backend/Cargo.toml (verified in lockstep with frontend/package.json)

Rollback

SSH to the target, set IMAGE_TAG to a previous commit SHA, and re-up:

cd /srv/mangalord
export REGISTRY_URL=registry.example.com
export IMAGE_TAG=<previous-sha>
docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d