62 lines
2.6 KiB
Markdown
62 lines
2.6 KiB
Markdown
# platform/ci-templates
|
|
|
|
Centralised deploy logic for the Forgejo Actions flow (Phase 5+).
|
|
|
|
## What's here
|
|
|
|
- **`action.yml`** — the composite action that does everything: checkout, parse
|
|
`.env`, detect deploy type, build (bun for static / `docker build` for
|
|
docker), publish (rsync to `/srv/sites` for static / `docker run` for docker),
|
|
generate the Caddy fragment + reload, inject `RUNTIME_KEYS` secrets, honour the
|
|
`ENABLED` kill-switch and auto-www.
|
|
- **`auto.yml`** — LEGACY GitLab CI template (still used by repos on the old
|
|
GitLab until Phase 8). Do not extend; new work goes in `action.yml`.
|
|
- **`Dockerfile.react`** — legacy reference SPA Dockerfile.
|
|
|
|
## How dev repos use it
|
|
|
|
A dev repo (forked from `templates/starter`) has a tiny
|
|
`.forgejo/workflows/deploy.yml` that calls this action by **full URL**:
|
|
|
|
```yaml
|
|
jobs:
|
|
deploy:
|
|
runs-on: docker-cli
|
|
container:
|
|
image: docker:24.0.7
|
|
volumes:
|
|
- /srv/sites:/srv/sites
|
|
- /srv/platform/caddy/sites:/srv/platform/caddy/sites
|
|
steps:
|
|
- uses: https://git.154.83.149.72.nip.io/platform/ci-templates@main
|
|
with:
|
|
repo: ${{ github.repository }}
|
|
ref: ${{ github.ref_name }}
|
|
sha: ${{ github.sha }}
|
|
token: ${{ github.token }}
|
|
secrets_json: ${{ toJSON(secrets) }}
|
|
vars_json: ${{ toJSON(vars) }}
|
|
```
|
|
|
|
Fix a bug / add a feature → edit `action.yml`, push to `main` → every project
|
|
picks it up on its next deploy. The per-repo caller never changes.
|
|
|
|
## Why a composite action (not a reusable workflow)
|
|
|
|
Forgejo 11.0.14 (gitea-1.22) **does not trigger cross-repo reusable workflows**
|
|
(`uses: owner/repo/.forgejo/workflows/x.yml@ref` produces no run). A composite
|
|
action is the supported way to centralise logic. Referenced by **full URL**
|
|
because the runner's default actions registry is `data.forgejo.org`, so a bare
|
|
`platform/ci-templates` would resolve there, not on our instance.
|
|
|
|
## Mechanism notes
|
|
|
|
- Jobs run on the runner with `/var/run/docker.sock` mounted (host daemon) → the
|
|
action builds/runs images and `docker exec caddy caddy reload` directly. No
|
|
registry: build and run hit the same daemon.
|
|
- The deploy job bind-mounts `/srv/sites` and `/srv/platform/caddy/sites` (added
|
|
to the runner's `valid_volumes` in `/srv/platform/forgejo/runner/config.yaml`).
|
|
- The `docker:24.0.7` job image has no Node, so the action uses **no JS actions**
|
|
(manual `git clone` instead of `actions/checkout`).
|
|
- Phase 8 host rename: change `git.154.83.149.72.nip.io` → `git.extractl.online`
|
|
in `FORGE_HOST` (action.yml) and the starter caller URL.
|