diff --git a/.gitea/workflows/redeploy-compose.yml b/.gitea/workflows/redeploy-compose.yml index b30f15d..b0f22dc 100644 --- a/.gitea/workflows/redeploy-compose.yml +++ b/.gitea/workflows/redeploy-compose.yml @@ -9,69 +9,25 @@ jobs: redeploy: runs-on: ubuntu-latest env: - DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} - DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }} - DEPLOY_USER: ${{ secrets.DEPLOY_USER }} DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }} DEPLOY_BRANCH: main - SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} steps: - - name: Install SSH client tools + - name: Validate deployment path shell: bash run: | set -euo pipefail - if command -v apk >/dev/null 2>&1; then - apk add --no-cache openssh-client - elif command -v apt-get >/dev/null 2>&1; then - apt-get update - apt-get install -y --no-install-recommends openssh-client - elif command -v dnf >/dev/null 2>&1; then - dnf install -y openssh-clients - else - echo "No supported package manager found to install ssh-keyscan." + if [ -z "${DEPLOY_PATH:-}" ]; then + echo "Missing required secret: DEPLOY_PATH" exit 1 fi - - name: Validate required secrets + - name: Redeploy locally on runner host shell: bash run: | set -euo pipefail - : "${DEPLOY_PORT:=22}" - missing=0 - for key in DEPLOY_HOST DEPLOY_USER DEPLOY_PATH SSH_PRIVATE_KEY; do - if [ -z "${!key:-}" ]; then - echo "Missing required secret: $key" - missing=1 - fi - done - if [ "$missing" -ne 0 ]; then - exit 1 - fi - - - name: Configure SSH key - shell: bash - run: | - set -euo pipefail - : "${DEPLOY_PORT:=22}" - mkdir -p ~/.ssh - chmod 700 ~/.ssh - printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan -p "$DEPLOY_PORT" -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - - - name: Redeploy on remote host - shell: bash - run: | - set -euo pipefail - : "${DEPLOY_PORT:=22}" - ssh -p "$DEPLOY_PORT" "$DEPLOY_USER@$DEPLOY_HOST" \ - "DEPLOY_PATH='$DEPLOY_PATH' DEPLOY_BRANCH='$DEPLOY_BRANCH' bash -se" <<'EOF' - set -euo pipefail cd "$DEPLOY_PATH" git fetch origin "$DEPLOY_BRANCH" git checkout "$DEPLOY_BRANCH" git pull --ff-only origin "$DEPLOY_BRANCH" docker compose pull docker compose up -d --build --remove-orphans - EOF diff --git a/CHANGELOG.md b/CHANGELOG.md index 864d88f..66a416d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,7 @@ ## 0.5.1 - 2026-03-26 - Added Gitea Actions workflow for automatic Docker Compose redeploy on `main` updates: - New workflow file: `.gitea/workflows/redeploy-compose.yml`. - - Uses SSH to connect to deployment host and run `git pull` + `docker compose up -d --build --remove-orphans`. - - Supports optional `DEPLOY_PORT` secret (defaults to `22`). + - Runs locally on the Gitea runner host and executes `git pull` + `docker compose up -d --build --remove-orphans`. - Updated `README.md` with Gitea deployment workflow setup and required secrets. ## 0.5.0 - 2026-03-26 diff --git a/README.md b/README.md index f18279d..55f462a 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ A React + TypeScript app with a local Node + SQLite backend for planning what to When `main` is updated, Gitea Actions can redeploy your Docker Compose stack using: - Workflow file: `.gitea/workflows/redeploy-compose.yml` - Trigger: push to `main` -- Remote commands run over SSH: +- Commands run locally on the Gitea runner host: - `git fetch` - `git checkout main` - `git pull --ff-only` @@ -69,8 +69,6 @@ When `main` is updated, Gitea Actions can redeploy your Docker Compose stack usi - `docker compose up -d --build --remove-orphans` Set these repository secrets in Gitea: -- `DEPLOY_HOST`: server hostname or IP -- `DEPLOY_USER`: SSH username on the deployment server - `DEPLOY_PATH`: absolute path to this repo on the server -- `SSH_PRIVATE_KEY`: private key for SSH auth (matching an authorized public key on the server) -- `DEPLOY_PORT` (optional): SSH port, defaults to `22` + +For this workflow to work, your runner must have Docker socket access (for example `-v /var/run/docker.sock:/var/run/docker.sock`).