Compare commits
56 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ee413eda26 | |||
| 1aa8bae409 | |||
| 158277f0ff | |||
| 730077376a | |||
| da67941519 | |||
| 264225bb8b | |||
| cebc67e9a4 | |||
| 6bb16b3b1f | |||
| 327f4368c6 | |||
| b5ebd32a0d | |||
| b840b6bbbc | |||
| 9c0cff6a1b | |||
| 7088ab43ad | |||
| c8fc8776fd | |||
| feaf427969 | |||
| 8700d316fa | |||
| fdcd3eac2e | |||
| df4d6e064e | |||
| 557194a01f | |||
| 8b7568c61b | |||
| 18687a2f01 | |||
| 7115cd5d36 | |||
| 52cd7840ef | |||
| 6db07787fa | |||
| 23846918e6 | |||
| af20fc9662 | |||
| 8f48806208 | |||
| 15cafea367 | |||
| 0dd86c53dd | |||
| 457bf8e586 | |||
| 890136634a | |||
| c159c0177f | |||
| d0a4990780 | |||
| 98efc877af | |||
| 95ac23906d | |||
| 29d66974cb | |||
| 10d7773a13 | |||
| 3f9db6cdc1 | |||
| ca2df02029 | |||
| 6d859cf79e | |||
| fbae09ebe1 | |||
| f331f754e1 | |||
| b9a1d5bf7d | |||
| 03e987e73f | |||
| 2a47f28465 | |||
| 6f55ebb99c | |||
| 2bdfa27624 | |||
| ccdac3847f | |||
| 0b1260614e | |||
| 40b621448c | |||
| 9572e20a2c | |||
| 74b8769195 | |||
| 807f08734a | |||
| 79d6e9e1b3 | |||
| 1463b4b78f | |||
| 85bd65ab59 |
@@ -0,0 +1,3 @@
|
||||
BESZEL_HUB_URL=http://mon.localhost
|
||||
NEXTCLOUD_DOMAIN=cld.localhost
|
||||
GITEA_URL=http://git:3000
|
||||
@@ -0,0 +1,16 @@
|
||||
name: '⚙️ Configure SSH Client'
|
||||
description: 'Installs sshpass and configures known_hosts'
|
||||
|
||||
inputs:
|
||||
ssh_host:
|
||||
description: 'Remote server IP'
|
||||
required: true
|
||||
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
- shell: bash
|
||||
run: |
|
||||
sudo apt-get update && sudo apt-get install -y sshpass
|
||||
mkdir -p ~/.ssh
|
||||
ssh-keyscan -p 22 "${{ inputs.ssh_host }}" >> ~/.ssh/known_hosts
|
||||
@@ -0,0 +1,29 @@
|
||||
name: '🧼 Telegram message escape'
|
||||
description: 'Automatically escapes dots, dashes, and exclamation marks for Telegram MarkdownV2'
|
||||
|
||||
inputs:
|
||||
message:
|
||||
description: 'The raw text string to escape'
|
||||
required: true
|
||||
|
||||
outputs:
|
||||
escaped_message:
|
||||
description: 'The safely escaped string ready for Telegram'
|
||||
value: ${{ steps.escape.outputs.result }}
|
||||
|
||||
runs:
|
||||
using: 'composite'
|
||||
steps:
|
||||
- id: escape
|
||||
shell: bash
|
||||
env:
|
||||
RAW_MESSAGE: ${{ inputs.message }}
|
||||
run: |
|
||||
MSG="$RAW_MESSAGE"
|
||||
MSG="${MSG//-/\\-}"
|
||||
MSG="${MSG//./\\.}"
|
||||
MSG="${MSG//!/\\!}"
|
||||
|
||||
echo "result<<EOF" >> $GITHUB_OUTPUT
|
||||
echo "$MSG" >> $GITHUB_OUTPUT
|
||||
echo "EOF" >> $GITHUB_OUTPUT
|
||||
@@ -0,0 +1,19 @@
|
||||
name: Gitea Actions Demo
|
||||
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
Explore-Gitea-Actions:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
|
||||
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
|
||||
- run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
- run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
|
||||
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
|
||||
- name: List files in the repository
|
||||
run: |
|
||||
ls ${{ gitea.workspace }}
|
||||
- run: echo "🍏 This job's status is ${{ job.status }}."
|
||||
@@ -0,0 +1,161 @@
|
||||
name: 🚀 Deploy
|
||||
run-name: '🚀 Deploy: ${{ gitea.ref_name }} by @${{ gitea.actor }}'
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 📂 Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: 🧼 Clean ref name
|
||||
run: |
|
||||
ORIGINAL_REF_NAME="${{ gitea.ref_name }}"
|
||||
CLEAN_REF_NAME=${ORIGINAL_REF_NAME//\//-}
|
||||
echo "Clean ref name: $CLEAN_REF_NAME"
|
||||
echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV
|
||||
|
||||
- name: ⚙️ Configure ssh client
|
||||
uses: ./.gitea/actions/configure-ssh-client
|
||||
with:
|
||||
ssh_host: ${{ secrets.SSH_HOST }}
|
||||
|
||||
- name: 📦 Create backup of data/ folder
|
||||
env:
|
||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
||||
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
||||
run: |
|
||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
||||
set -e
|
||||
cd "$DEPLOY_DIRECTORY"
|
||||
|
||||
mkdir -p backups
|
||||
|
||||
BACKUP_DATE=\$(date +%Y-%m-%d_%H-%M-%S)
|
||||
BACKUP_FILE="backups/backup-${REF_NAME}-\${BACKUP_DATE}.tar.gz"
|
||||
|
||||
echo "Creating backup of data/ into \${BACKUP_FILE}..."
|
||||
|
||||
if [ -d "data" ]; then
|
||||
tar -czf "\${BACKUP_FILE}" data
|
||||
echo "✅ Backup created successfully!"
|
||||
else
|
||||
echo "⚡️ No data/ folder, backup creation skipped."
|
||||
fi
|
||||
|
||||
find backups/ -type f -name "backup-*.tar.gz" -mtime +7 -delete
|
||||
EOT
|
||||
|
||||
- name: 🏗️ Create docker-compose file
|
||||
env:
|
||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
||||
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
||||
run: |
|
||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \
|
||||
"mkdir -p \"$DEPLOY_DIRECTORY\" && \
|
||||
cd \"$DEPLOY_DIRECTORY\" && \
|
||||
rm -f docker-compose-*.yml && \
|
||||
cat > \"docker-compose-$REF_NAME.yml\"" \
|
||||
< docker-compose.yml
|
||||
|
||||
- name: 🔐 Create secrets and envs
|
||||
env:
|
||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
||||
BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }}
|
||||
BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }}
|
||||
BESZEL_HUB_URL: ${{ vars.BESZEL_HUB_URL }}
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets.RUNNER_REGISTRATION_TOKEN }}
|
||||
GITEA_URL: ${{ vars.GIT_URL }}
|
||||
VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }}
|
||||
NEXTCLOUD_DOMAIN: ${{ vars.NEXTCLOUD_DOMAIN }}
|
||||
run: |
|
||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
||||
set -e
|
||||
cd "$DEPLOY_DIRECTORY"
|
||||
|
||||
cat << 'EOF_ENV' > .env
|
||||
BESZEL_HUB_URL=$BESZEL_HUB_URL
|
||||
NEXTCLOUD_DOMAIN=$NEXTCLOUD_DOMAIN
|
||||
GITEA_URL=$GITEA_URL
|
||||
EOF_ENV
|
||||
|
||||
mkdir -p secrets
|
||||
|
||||
cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt
|
||||
$BESZEL_AGENT_KEY
|
||||
EOF_SECRET
|
||||
|
||||
cat << 'EOF_SECRET' > secrets/beszel_agent_token.txt
|
||||
$BESZEL_AGENT_TOKEN
|
||||
EOF_SECRET
|
||||
|
||||
cat << 'EOF_SECRET' > secrets/gitea_runner_registration_token.txt
|
||||
$GITEA_RUNNER_REGISTRATION_TOKEN
|
||||
EOF_SECRET
|
||||
|
||||
cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt
|
||||
$VAULTWARDEN_ADMIN_TOKEN
|
||||
EOF_SECRET
|
||||
|
||||
chmod 700 secrets
|
||||
chmod 600 secrets/*.txt
|
||||
EOT
|
||||
|
||||
- name: 🚀 Run new containers
|
||||
env:
|
||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
||||
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
||||
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
||||
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }}
|
||||
TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
|
||||
PROXY_URL: ${{ secrets.PROXY_URL }}
|
||||
SUCCESS_MESSAGE: |-
|
||||
✅ <b>Успешный деплой!</b>
|
||||
Релиз: <code>${{ gitea.ref_name }}</code>
|
||||
FAILURE_MESSAGE: |-
|
||||
❌ <b>Ошибка деплоя!</b>
|
||||
Релиз: <code>${{ gitea.ref_name }}</code>
|
||||
DEPLOY_LOG_FILE: /tmp/deploy-${{ env.CLEAN_REF_NAME }}.log
|
||||
run: |
|
||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
||||
set -e
|
||||
cd "$DEPLOY_DIRECTORY"
|
||||
|
||||
nohup bash -c '
|
||||
sleep 5
|
||||
|
||||
if docker compose --dry-run -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > ${DEPLOY_LOG_FILE} 2>&1; then
|
||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
|
||||
--proxy "${PROXY_URL}" \
|
||||
-d "chat_id=${TELEGRAM_CHAT}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=${SUCCESS_MESSAGE}" > /dev/null
|
||||
else
|
||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
|
||||
--proxy "${PROXY_URL}" \
|
||||
-d "chat_id=${TELEGRAM_CHAT}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=${FAILURE_MESSAGE}" > /dev/null
|
||||
fi
|
||||
|
||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendDocument" \
|
||||
--proxy "${PROXY_URL}" \
|
||||
-F "chat_id=${TELEGRAM_CHAT}" \
|
||||
-F "document=@${DEPLOY_LOG_FILE}" > /dev/null && rm -f ${DEPLOY_LOG_FILE}
|
||||
' > /dev/null 2>&1 &
|
||||
EOT
|
||||
|
||||
echo "New containers will be started after 5 seconds"
|
||||
@@ -0,0 +1,36 @@
|
||||
name: 🤖 Test telegram deploy bot
|
||||
run-name: '🤖 Test telegram deploy bot: ${{ gitea.ref_name }} by @${{ gitea.actor }}'
|
||||
on:
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
send_test_message:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: 📂 Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: ⚙️ Configure ssh client
|
||||
uses: ./.gitea/actions/configure-ssh-client
|
||||
with:
|
||||
ssh_host: ${{ secrets.SSH_HOST }}
|
||||
|
||||
- name: 💬 Send message
|
||||
env:
|
||||
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
||||
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
||||
SSH_HOST: ${{ secrets.SSH_HOST }}
|
||||
TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }}
|
||||
TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
|
||||
PROXY_URL: ${{ secrets.PROXY_URL }}
|
||||
MESSAGE: ${{ steps.prepare_message.outputs.escaped_message }}
|
||||
run: |
|
||||
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
||||
set -e
|
||||
|
||||
curl -s --connect-timeout 10 -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \
|
||||
--proxy "${PROXY_URL}" \
|
||||
-d "chat_id=${TELEGRAM_CHAT}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=💬 Test message"
|
||||
EOT
|
||||
+25
-1
@@ -73,11 +73,32 @@ services:
|
||||
image: 'docker.gitea.com/gitea:1.26.2'
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./data/gitea:/data
|
||||
- ./data/gitea/gitea:/data
|
||||
environment:
|
||||
GITEA__service__DISABLE_REGISTRATION: true
|
||||
GITEA__other__SHOW_FOOTER_VERSION: false
|
||||
GITEA__other__SHOW_FOOTER_POWERED_BY: false
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
|
||||
git-runner:
|
||||
image: 'gitea/act_runner:latest'
|
||||
depends_on:
|
||||
git:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
CONFIG_FILE: /config.yaml
|
||||
GITEA_INSTANCE_URL: "${GITEA_URL}"
|
||||
GITEA_RUNNER_REGISTRATION_TOKEN_FILE: /run/secrets/gitea_runner_registration_token
|
||||
volumes:
|
||||
- ./data/gitea/runner/config.yaml:/config.yaml
|
||||
- ./data/gitea/runner/data:/data
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
secrets:
|
||||
- gitea_runner_registration_token
|
||||
|
||||
networks:
|
||||
default:
|
||||
@@ -90,3 +111,6 @@ secrets:
|
||||
file: secrets/beszel_agent_key.txt
|
||||
beszel_agent_token:
|
||||
file: secrets/beszel_agent_token.txt
|
||||
gitea_runner_registration_token:
|
||||
file: secrets/gitea_runner_registration_token.txt
|
||||
|
||||
Reference in New Issue
Block a user