jt/saitti
1
1
Fork 0
Code Issues 1 Pull requests Activity Actions
saitti/docs/mkdocs/forgejo-ci.md
Jarkko Toivanen c1317d7292
All checks were successful
build / build (push) Successful in 41s
Details
build / deploy (push) Successful in 14s
Details
Update forgejo mkdocs cicd docu
2025-01-25 03:11:50 +02:00

76 lines
2.5 KiB
Markdown
Raw Blame History

# CI/CD
!!! TODO
This documentation might not be complete
!!! INFO
There are plenty of things you need
to customize accordingly like hosts and
usernames and preferred directories.
## Server side of things
``` console
Install required stuff and things on Debian based system
$ sudo apt-get install rsync
Make a user to have limited access
$ sudo useradd adduser --home /varasto/verkkojuuri --system verkkojuuri --shell /bin/sh
$ cd /varasto/verkkojuuri
$ sudo -u verkkojuuri ssh-keygen
$ sudo -u verkkojuuri cat .ssh/id_rsa
copy the result to your Forgejo as an action secret ssh_private_key
$ sudo -u verkkojuuri cat .ssh/id_rsa.pub
copy the result to your Forgejo as an action variable ssh_public_key
$ sudo -u verkkojuuri ssh-keygen -p
enter new password to protect the private key or delete it
or something security blah blah... No really, assume this is accessed!
(you just did and you are not verkkojuuri so think about it)
sudo -u verkkojuuri cp .ssh/id_rsa.pub .ssh/authorized_keys
this let's us trust the key
$ sudo usermod -aG ssh verkkojuuri
give us permission to get connected via ssh (might not be needed)
```
!!! WARNING
You might want to check out `rssh`, `scponly` or similar
more restricted shell to use with the account.
Change it afterwards using `sudo usermod -s /Sbin/HELL verkkojuuri`
## Forgejo side of things
Then you just like build and like rsync the files
using a forgejo action runner passing it the relevant
secrets. In practise you'll make it execute
``` console
$ mkdocs build
$ rsync -e "ssh -rclthv --exclude --delete-after .git site/ verkkojuuri@jakest.us:site
```
Oh you need it more detailed, okay.
1. Set *secret* `SSH_PRIVATE_KEY` to have non-password-protected ssh private key
(you should have done that in previousu steps).
2. Set following *variables*
- `SSH_USER`: verkkojuuri
- `SSH_HOST`: jakest.us
- `SSH_PATH`: site
3. Setup the action itself (refer to workflow actions in
[my repo](https://git.jakest.us/jt/saitti/)
perhaps)
4. Enjoy
And well yeah serve them files with Apache or whatever.
That's out of the scope of this document.
## Credits
Thank you Nexy and Tulir for your help!
- Nexy's blogpost: [https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/](https://blog.nexy7574.co.uk/2025/01/22/new-infrastructure/)
- Tulir's relevant stuff:
- [https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml](https://github.com/maunium/mau.fi/blob/main/.gitlab-ci.yml)
- [https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml](https://github.com/mautrix/docs/blob/master/.gitlab-ci.yml)
Reference in a new issue View git blame Copy permalink