jt/saitti
1
1
Fork 0
Code Issues 1 Pull requests Activity Actions

Adding documentation about CI/CD and .gitignoring MkDocs build

Browse source
This commit is contained in:
Jarkko Toivanen 2025-01-25 00:54:59 +02:00
parent f3fb9502b8
commit fa032f4500
Signed by: jt
GPG key ID: 9151B109B73ECAD5
2 changed files with 54 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
/site/

53
docs/mkdocs/forgejo-ci.md Normal file
View file

@ -0,0 +1,53 @@
# CI/CD
!!! TODO
This documentation might not be complete
``` console
Install required stuff and things on Debian based system
$ sudo apt-get install rsync
Make a user to have limited access
$ sudo useradd adduser --home /varasto/verkkojuuri --system verkkojuuri --shell /bin/sh
$ cd /varasto/verkkojuuri
$ sudo -u verkkojuuri ssh-keygen
$ sudo -u verkkojuuri cat .ssh/id_rsa
copy the result to your Forgejo as an action secret ssh_private_key
$ sudo -u verkkojuuri cat .ssh/id_rsa.pub
copy the result to your Forgejo as an action variable ssh_public_key
$ sudo -u verkkojuuri ssh-keygen -p
enter new password to protect the private key or delete it
or something security blah blah... No really, assume this is accessed!
(you just did and you are not verkkojuuri so think about it)
sudo -u verkkojuuri cp .ssh/id_rsa.pub .ssh/authorized_keys
this let's us trust the key
$ sudo usermod -aG ssh verkkojuuri
give us permission to get connected via ssh (might not be needed)
```
!!! WARNING
You might want to check out `rssh`, `scponly` or similar
more restricted shell to use with the account.
Change it afterwards using `sudo usermod -s /Sbin/HELL verkkojuuri`
Then you just like build and like rsync the files
using a forgejo action runner passing it the relevant
secrets. In practise you'll make it execute
``` console
$ mkdocs build
$ rsync -e "ssh -rclthv --exclude --delete-after .git site/ verkkojuuri@jakest.us:site
```
And well yeah serve them files with Apache or whatever.
That's out of the scope of this document.
## Credits
Thank you Nexy and Tulir for your help!
- Nexy's blogpost: [https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/](https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/)
- Tulir's relevant stuff:
- [https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml](https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml)
- [https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml](https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml)