Full Gitea Actions CI/CD with cPanel git deployment
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s
- CI workflow: PHP lint, security scan, schema validation - Deploy workflow: SSH -> cPanel git push + WP REST API fallback + verify - Sync workflow: cPanel sync + Nextcloud artifact upload - Health workflow: every 30min plugin health check - Scripts: verify-deploy, deploy-report, check-namespace, health-check, setup-secrets - README with full architecture documentation - Gitea Actions runner registered on Docker Swarm (contabo-swarm-runner)
This commit is contained in:
@@ -0,0 +1,115 @@
|
||||
name: 🚀 Deploy to cPanel via Git
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
ci-check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: PHP Lint
|
||||
run: |
|
||||
ERROR=0
|
||||
for f in $(find . -name "*.php" -not -path "./.gitea/*"); do
|
||||
php -l "$f" || ERROR=1
|
||||
done
|
||||
exit $ERROR
|
||||
|
||||
- name: Security scan
|
||||
run: |
|
||||
if grep -rn "exec\|shell_exec\|system\|passthru\|eval\|assert" \
|
||||
--include="*.php" . | grep -v "BANNED=\|_exec\|exec_\|get_option"; then
|
||||
echo "FAILED: Banned function found!"
|
||||
exit 1
|
||||
fi
|
||||
echo "OK: Security check passed"
|
||||
|
||||
deploy-to-cpanel:
|
||||
needs: [ci-check]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup SSH for cPanel Git
|
||||
env:
|
||||
CPANEL_SSH_KEY: ${{ secrets.CPANEL_SSH_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
chmod 700 ~/.ssh
|
||||
echo "$CPANEL_SSH_KEY" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H "${{ secrets.CPANEL_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
- name: Push to cPanel Git
|
||||
env:
|
||||
CPANEL_GIT_REMOTE: ${{ secrets.CPANEL_GIT_REMOTE }}
|
||||
run: |
|
||||
git remote add cpanel "$CPANEL_GIT_REMOTE"
|
||||
git push cpanel main --force
|
||||
echo "OK: Pushed to $CPANEL_GIT_REMOTE"
|
||||
|
||||
- name: Trigger cPanel deploy hook
|
||||
env:
|
||||
CPANEL_DEPLOY_HOOK: ${{ secrets.CPANEL_DEPLOY_HOOK_URL }}
|
||||
run: |
|
||||
if [ -n "$CPANEL_DEPLOY_HOOK" ]; then
|
||||
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
|
||||
"$CPANEL_DEPLOY_HOOK" --max-time 10)
|
||||
echo "Hook returned HTTP $HTTP_CODE"
|
||||
else
|
||||
echo "No hook — cPanel Git auto-deploy handles it"
|
||||
fi
|
||||
|
||||
deploy-fallback:
|
||||
needs: [ci-check]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Build plugin zip
|
||||
run: |
|
||||
mkdir -p build/hermes-cpanel-agent
|
||||
cp hermes-ai-bridge.php build/hermes-cpanel-agent/
|
||||
cp -r includes assets build/hermes-cpanel-agent/
|
||||
cd build && zip -r ../hermes-cpanel-agent.zip hermes-cpanel-agent/
|
||||
|
||||
- name: Deploy via WP REST API (fallback)
|
||||
env:
|
||||
WP_URL: ${{ secrets.WP_URL }}
|
||||
WP_APP_USER: ${{ secrets.WP_APP_USER }}
|
||||
WP_APP_PASSWORD: ${{ secrets.WP_APP_PASSWORD }}
|
||||
run: |
|
||||
PLUGIN_ZIP=$(base64 -w0 hermes-cpanel-agent.zip)
|
||||
RESP=$(curl -s -w "\n%{http_code}" -X POST \
|
||||
"$WP_URL/wp-json/wp/v2/plugins" \
|
||||
-H "Content-Type: application/json" \
|
||||
-u "$WP_APP_USER:$WP_APP_PASSWORD" \
|
||||
-d "{\"slug\":\"hermes-cpanel-agent\",\"status\":\"active\",\"source\":\"data:application/zip;base64,$PLUGIN_ZIP\"}")
|
||||
HTTP_CODE=$(echo "$RESP" | tail -1)
|
||||
BODY=$(echo "$RESP" | head -n -1)
|
||||
echo "WP REST API: HTTP $HTTP_CODE"
|
||||
echo "$BODY" | python3 .gitea/scripts/deploy-report.py
|
||||
|
||||
verify:
|
||||
needs: [deploy-to-cpanel, deploy-fallback]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Verify plugin deployment
|
||||
env:
|
||||
WP_URL: ${{ secrets.WP_URL }}
|
||||
WP_APP_USER: ${{ secrets.WP_APP_USER }}
|
||||
WP_APP_PASSWORD: ${{ secrets.WP_APP_PASSWORD }}
|
||||
run: |
|
||||
curl -s "$WP_URL/wp-json/wp/v2/plugins" \
|
||||
-u "$WP_APP_USER:$WP_APP_PASSWORD" | python3 .gitea/scripts/verify-deploy.py
|
||||
|
||||
- name: Verify hermes/v1 namespace
|
||||
env:
|
||||
WP_URL: ${{ secrets.WP_URL }}
|
||||
run: |
|
||||
curl -s "$WP_URL/wp-json" | python3 .gitea/scripts/check-namespace.py
|
||||
Reference in New Issue
Block a user