Add Gitea Actions CI/CD and use private registry

Add CI workflow mirroring celery pipeline: SSH to deploy server, git pull, build and push to registry, deploy docker stack. Update docker-compose to pull l2-server from registry.rose-ash.com:5000. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 19:23:22 +00:00
parent 655f533439
commit 8f1ba74c53
2 changed files with 73 additions and 1 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,62 @@
+name: Build and Deploy
+
+on:
+  push:
+    branches: [main]
+
+env:
+  REGISTRY: registry.rose-ash.com:5000
+  IMAGE: l2-server
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install tools
+        run: |
+          apt-get update && apt-get install -y --no-install-recommends openssh-client
+
+      - name: Set up SSH
+        env:
+          SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H "$DEPLOY_HOST" >> ~/.ssh/known_hosts 2>/dev/null || true
+
+      - name: Pull latest code on server
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          ssh "root@$DEPLOY_HOST" "
+            cd /root/art-dag/activity-pub
+            git fetch origin main
+            git reset --hard origin/main
+          "
+
+      - name: Build and push image
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          ssh "root@$DEPLOY_HOST" "
+            cd /root/art-dag/activity-pub
+            docker build --build-arg CACHEBUST=\$(date +%s) -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }} .
+            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:latest
+            docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ github.sha }}
+          "
+
+      - name: Deploy stack
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+        run: |
+          ssh "root@$DEPLOY_HOST" "
+            cd /root/art-dag/activity-pub
+            docker stack deploy -c docker-compose.yml activitypub
+            echo 'Waiting for services to update...'
+            sleep 10
+            docker stack services activitypub
+          "
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,6 +16,10 @@ services:
      interval: 5s
      timeout: 5s
      retries: 5
+    deploy:
+      placement:
+        constraints:
+          - node.labels.gpu != true

  ipfs:
    image: ipfs/kubo:latest
@@ -31,9 +35,12 @@ services:
      replicas: 1
      restart_policy:
        condition: on-failure
+      placement:
+        constraints:
+          - node.labels.gpu != true

  l2-server:
-    image: git.rose-ash.com/art-dag/l2-server:latest
+    image: registry.rose-ash.com:5000/l2-server:latest
    env_file:
      - .env
    environment:
@@ -55,6 +62,9 @@ services:
      replicas: 1
      restart_policy:
        condition: on-failure
+      placement:
+        constraints:
+          - node.labels.gpu != true

 volumes:
  l2_data: