Add GitHub Actions workflow#173
Draft
pedrogaudencio wants to merge 62 commits into
Draft
Conversation
* create Dockerfile based on rootless variant
…r, systemd WorkingDirectory * add to Dockerfile custom-defaults loop so Forkana CSS/images are baked in * change nginx.conf placeholder from dev.forkana.org to dev.forkana.example (RFC 2606), making the deployment guide's sed command match correctly * fix systemd WorkingDirectory: ~/... → %h/... (systemd does not expand tilde)
* add FORKANA_INTERNAL_TOKEN and FORKANA_JWT_SECRET to .env.example and wire them via GITEA__ env overrides in dev.yml * initialize CONF_ARG=() before arg-parsing loop in gitea wrapper to prevent errors under set -u
* Copy all four deploy scripts (deploy.sh, deploy_common.sh, deploy_debian.sh, deploy_fedora.sh) instead of only deploy.sh, which would break the OS-detection wrapper at runtime * Replace %h with absolute path in systemd unit WorkingDirectory, since %h resolves to root's home in system-level units * Add missing sudo to setsebool SELinux command * Align SSH security notes and checklist with the actual 'restrict' keyword used in the authorized_keys example
* pin the Docker network subnet to 172.30.0.0/16 in dev.yml so Docker always assigns a deterministic subnet instead of allocating dynamically from unpredictable ranges * update the app.ini template to trust exactly the pinned subnet (127.0.0.0/8,::1/128,172.30.0.0/16) instead of the overly broad '*'
…ser context, and TLS setup
* migrate plain environment variables to GITEA__section__KEY format so changes take effect on every container restart, not just first boot * update app.ini template with hardcoded defaults and cleaned up docker-setup.sh validation logic
* prevent silent failures on image tag mismatch by making the script exit with an error if neither expected tag is found in the loaded tarball * remove dead LOCAL_MODE variable and update its associated comments * update header comments in OS-specific deploy scripts to accurately reflect the new tarball-loading architecture instead of build-on-server * rewrite the 'Local testing' section to document the required steps for building and saving the tarball manually before running the deploy script locally
pedrogaudencio
force-pushed
the
deploy-workflow
branch
from
f7812f0 to
35beefa
Compare
* Sanitize via bash parameter expansion so we do not depend on tr's character-class handling
pedrogaudencio
force-pushed
the
deploy-workflow
branch
from
35beefa to
68ef6a9
Compare
3 tasks
* automate building and deploying Forkana to a VM via SSH * validate deployment prerequisites (secrets, commit SHA) * trigger deploy.sh on the remote server with the commit to deploy * support both push-triggered and manual workflow dispatch with optional commit SHA override for rollback scenarios
pedrogaudencio
force-pushed
the
deploy-workflow
branch
from
cc5fc1e to
7c43ac7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
deploy.shon the remote server with the commit to deployCloses #148
Depends on #128
Co-authored by: Claude Opus 4.6, Opus 4.7