domverse/ciaovolo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: migrate to Portainer Git stack + registry-pushed images
Some checks failed
Deploy / deploy (push) Failing after 29s
Details

Browse Source 
- Compose: build → image (Gitea registry ci namespace) for backend + frontend
- Workflow: build + push both + POST Portainer webhook (3-attempt retry)
- Drop docker compose up on host
- Add crowdsec@file to middlewares chain

Repo secrets required: REGISTRY_TOKEN, PORTAINER_WEBHOOK_URL.
Rollback branch: pre-portainer-migration.
This commit is contained in:
domverse
2026-06-20 12:30:35 +02:00
parent 5c65e4d2ee
commit 3c8aab4cc5
2 changed files with 45 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
.gitea/workflows/deploy.yml
View File

@@ -1,27 +1,11 @@
# ──────────────────────────────────────────────────────────────────────────────
# Flight Radar — Gitea Actions CI/CD # Flight Radar — Gitea Actions CI/CD
# #
# PREREQUISITES (one-time setup — see README for full instructions): # Build backend + frontend images, push to Gitea registry, trigger Portainer
# redeploy via webhook. Stack managed by Portainer (type=git).
# #
# 1. Add the act_runner service to your Gitea Portainer stack. # Repo secrets required:
# # REGISTRY_TOKEN ci user token, scope write:package
# 2. Pre-create the runner config file on the host: # PORTAINER_WEBHOOK_URL POST URL from Portainer stack auto-update setting
# /srv/docker/traefik/stacks/gitea/volumes/act_runner/config.yaml
# (see content in the README / deployment docs)
#
# 3. Start the runner, then grab the registration token from:
# Gitea → Site Administration → Runners → Create Runner
# Add ACT_RUNNER_TOKEN to Portainer stack environment variables.
#
# 4. Give the runner access to Docker (socket mounted via config.yaml).
#
# PIPELINE BEHAVIOUR:
# • Triggers on every push to the default branch (main).
# • Builds both Docker images on the server (no registry needed).
# • Brings the app up with docker compose; only changed services restart.
# • If the build fails the old containers keep running — no downtime.
# • Prunes dangling images after a successful deploy.
# ──────────────────────────────────────────────────────────────────────────────
name: Deploy name: Deploy
@@ -30,24 +14,47 @@ on:
branches: branches:
- main - main
workflow_dispatch: workflow_dispatch:
env: env:
COMPOSE_PROJECT: flight-radar BACKEND_IMAGE: git.domverse-berlin.eu/ci/ciaovolo/backend
COMPOSE_FILE: flight-comparator/docker-compose.yml FRONTEND_IMAGE: git.domverse-berlin.eu/ci/ciaovolo/frontend
CONTEXT: flight-comparator
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest # resolved to catthehacker/ubuntu:act-22.04 by runner config runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Deploy with docker compose - name: Login to Gitea registry
run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.domverse-berlin.eu -u ci --password-stdin
- name: Build and push backend
run: | run: |
echo "=== Deploying commit ${{ gitea.sha }} to ${{ gitea.ref_name }} ===" docker build -f "$CONTEXT/Dockerfile.backend" \
docker compose -f "$COMPOSE_FILE" -p "$COMPOSE_PROJECT" up --build -d --remove-orphans -t "$BACKEND_IMAGE:latest" -t "$BACKEND_IMAGE:${{ gitea.sha }}" \
"$CONTEXT"
docker push "$BACKEND_IMAGE:latest"
docker push "$BACKEND_IMAGE:${{ gitea.sha }}"
- name: Build and push frontend
run: |
docker build -f "$CONTEXT/Dockerfile.frontend" \
-t "$FRONTEND_IMAGE:latest" -t "$FRONTEND_IMAGE:${{ gitea.sha }}" \
"$CONTEXT"
docker push "$FRONTEND_IMAGE:latest"
docker push "$FRONTEND_IMAGE:${{ gitea.sha }}"
- name: Trigger Portainer redeploy (retry on transient pull-lease failure)
run: |
for i in 1 2 3; do
code=$(curl -sk -X POST -o /dev/null -w '%{http_code}' "${{ secrets.PORTAINER_WEBHOOK_URL }}")
echo "attempt $i -> $code"
[ "$code" = "204" ] && exit 0
sleep 5
done
exit 1
- name: Prune dangling images - name: Prune dangling images
run: docker image prune -f run: docker image prune -f
- name: Show running containers
run: docker compose -f "$COMPOSE_FILE" -p "$COMPOSE_PROJECT" ps

22
flight-comparator/docker-compose.yml
View File

@@ -1,10 +1,8 @@
name: flight-radar # pins the project name — must match COMPOSE_PROJECT in .gitea/workflows/deploy.yml name: flight-radar
services: services:
backend: backend:
build: image: git.domverse-berlin.eu/ci/ciaovolo/backend:${TAG:-latest}
context: .
dockerfile: Dockerfile.backend
container_name: flight-radar-backend container_name: flight-radar-backend
restart: unless-stopped restart: unless-stopped
environment: environment:
@@ -16,37 +14,31 @@ services:
networks: networks:
- default - default
- domverse - domverse
# No ports exposed — only reachable by the frontend via nginx proxy
frontend: frontend:
build: image: git.domverse-berlin.eu/ci/ciaovolo/frontend:${TAG:-latest}
context: .
dockerfile: Dockerfile.frontend
container_name: flight-radar-frontend container_name: flight-radar-frontend
restart: unless-stopped restart: unless-stopped
depends_on: depends_on:
- backend - backend
networks: networks:
- default # shares default compose network with backend (nginx → http://backend:8000) - default
- domverse # Traefik discovers the container on this network - domverse
labels: labels:
# Traefik routing
- "traefik.docker.network=domverse" - "traefik.docker.network=domverse"
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.flight-radar.rule=Host(`flights.domverse-berlin.eu`)" - "traefik.http.routers.flight-radar.rule=Host(`flights.domverse-berlin.eu`)"
- "traefik.http.routers.flight-radar.entrypoints=https" - "traefik.http.routers.flight-radar.entrypoints=https"
- "traefik.http.routers.flight-radar.tls.certresolver=http" - "traefik.http.routers.flight-radar.tls.certresolver=http"
- "traefik.http.routers.flight-radar.middlewares=authentik@docker" - "traefik.http.routers.flight-radar.middlewares=crowdsec@file,authentik@docker"
- "traefik.http.services.flight-radar.loadbalancer.server.port=80" - "traefik.http.services.flight-radar.loadbalancer.server.port=80"
# AutoKuma monitoring
- "kuma.flight-radar.http.name=Flight Radar" - "kuma.flight-radar.http.name=Flight Radar"
- "kuma.flight-radar.http.url=https://flights.domverse-berlin.eu" - "kuma.flight-radar.http.url=https://flights.domverse-berlin.eu"
- "kuma.flight-radar.http.interval=60" - "kuma.flight-radar.http.interval=60"
- "kuma.flight-radar.http.max_retries=2" - "kuma.flight-radar.http.max_retries=2"
- "kuma.flight-radar.http.retry_interval=60" - "kuma.flight-radar.http.retry_interval=60"
# Homepage dashboard
- "homepage.group=Productivity" - "homepage.group=Productivity"
- "homepage.name=Flight Radar" - "homepage.name=Flight Radar"
- "homepage.icon=mdi-airplane" - "homepage.icon=mdi-airplane"
@@ -59,6 +51,6 @@ volumes:
driver: local driver: local
networks: networks:
default: {} # explicit declaration required when any service has a custom networks block default: {}
domverse: domverse:
external: true external: true