Full Gitea Actions CI/CD with cPanel git deployment
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s
- CI workflow: PHP lint, security scan, schema validation - Deploy workflow: SSH -> cPanel git push + WP REST API fallback + verify - Sync workflow: cPanel sync + Nextcloud artifact upload - Health workflow: every 30min plugin health check - Scripts: verify-deploy, deploy-report, check-namespace, health-check, setup-secrets - README with full architecture documentation - Gitea Actions runner registered on Docker Swarm (contabo-swarm-runner)
This commit is contained in:
@@ -0,0 +1,75 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Setup script: initializes required secrets and cPanel git remote.
|
||||
Run interactively. Output is safe to log.
|
||||
"""
|
||||
import json, os, sys
|
||||
|
||||
REQUIRED_SECRETS = {
|
||||
"WP_APP_PASSWORD": "WordPress Application Password for wmj user",
|
||||
"WP_URL": "WordPress site URL (default: https://ummah.falahos.my)",
|
||||
"WP_APP_USER": "WordPress username for app password (default: wmj)",
|
||||
"CPANEL_SSH_KEY": "cPanel Git SSH private key",
|
||||
"CPANEL_GIT_REMOTE": "cPanel git remote URL (e.g., ssh://user@host:port/path)",
|
||||
"CPANEL_HOST": "cPanel hostname for SSH key scan",
|
||||
"CPANEL_DEPLOY_HOOK_URL": "(Optional) cPanel deployment hook URL",
|
||||
"NEXTCLOUD_HERMES_PASS": "Nextcloud password for hermes user",
|
||||
}
|
||||
|
||||
SECRETS_TO_SET = [
|
||||
"WP_APP_PASSWORD",
|
||||
"WP_URL",
|
||||
"WP_APP_USER",
|
||||
"CPANEL_SSH_KEY",
|
||||
"CPANEL_GIT_REMOTE",
|
||||
"CPANEL_HOST",
|
||||
"NEXTCLOUD_HERMES_PASS",
|
||||
]
|
||||
|
||||
def main():
|
||||
print("=== Hermes cPanel Agent: Gitea Secrets Setup ===")
|
||||
print()
|
||||
print("The following secrets are required for CI/CD workflows:\n")
|
||||
for name, desc in REQUIRED_SECRETS.items():
|
||||
print(f" {name:30s} - {desc}")
|
||||
|
||||
print("\n---")
|
||||
print("To set each secret via Gitea API:")
|
||||
print()
|
||||
|
||||
repo = "wmj/hermes-cpanel-agent"
|
||||
for secret in SECRETS_TO_SET:
|
||||
print(f" # Set {secret}")
|
||||
print(f' curl -s -X PUT -u "wmj:YOUR_PASSWORD" \\')
|
||||
print(f' -H "Content-Type: application/json" \\')
|
||||
print(f' -d \'{{"data":"VALUE_BASE64"}}\' \\')
|
||||
print(f' "https://git.falahos.my/api/v1/repos/{repo}/actions/secrets/{secret}"')
|
||||
print()
|
||||
|
||||
print("=== Alternative: Set via Gitea Web UI ===")
|
||||
print(f" Go to: https://git.falahos.my/{repo}/settings/actions/secrets")
|
||||
print()
|
||||
|
||||
if len(sys.argv) > 1 and sys.argv[1] == "--init":
|
||||
print("WARNING: --init is interactive. Only run in a terminal session.")
|
||||
do_init(repo)
|
||||
|
||||
def do_init(repo):
|
||||
"""Interactively set secrets (requires terminal)."""
|
||||
import getpass
|
||||
pw = getpass.getpass("Gitea password for wmj: ")
|
||||
for secret in SECRETS_TO_SET:
|
||||
val = input(f"{secret} [{REQUIRED_SECRETS.get(secret, '')}]: ")
|
||||
if val:
|
||||
import base64
|
||||
encoded = base64.b64encode(val.encode()).decode()
|
||||
cmd = (
|
||||
f'curl -s -X PUT -u "wmj:{pw}" '
|
||||
f'-H "Content-Type: application/json" '
|
||||
f'-d \'{{"data":"{encoded}"}}\' '
|
||||
f'"https://git.falahos.my/api/v1/repos/{repo}/actions/secrets/{secret}"'
|
||||
)
|
||||
result = os.popen(cmd).read()
|
||||
print(f" → {result[:100]}")
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user