Full Gitea Actions CI/CD with cPanel git deployment
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s

- CI workflow: PHP lint, security scan, schema validation
- Deploy workflow: SSH -> cPanel git push + WP REST API fallback + verify
- Sync workflow: cPanel sync + Nextcloud artifact upload
- Health workflow: every 30min plugin health check
- Scripts: verify-deploy, deploy-report, check-namespace, health-check, setup-secrets
- README with full architecture documentation
- Gitea Actions runner registered on Docker Swarm (contabo-swarm-runner)
This commit is contained in:
2026-07-03 08:56:15 +02:00
parent 17d218c3b6
commit f620c65794
10 changed files with 563 additions and 0 deletions
+95
View File
@@ -0,0 +1,95 @@
# Hermes cPanel Agent
AI agent runtime for cPanel / WordPress. Runs agent clones (Ody, PI) inside WordPress via REST API + WP-Cron. No SSH, no `exec()` needed.
## Architecture
```
Git Push → Gitea → Gitea Actions (Docker Swarm on Contabo)
┌───────────────────────┐
│ CI: lint + security │
│ Build: plugin zip │
│ Deploy: git push or │
│ WP REST API │
└───────────────────────┘
┌───────────────────────────────┐
│ cPanel Git Version Control │
│ (auto-pull + auto-deploy) │
└───────────────────────────────┘
┌───────────────────────────────┐
│ WordPress Plugin Runtime │
│ - REST API (hermes/v1/*) │
│ - WP-Cron agent scheduler │
│ - AI Provider (OpenClaw) │
│ - Nextcloud bridge │
└───────────────────────────────┘
Ody Clone (Content Gen)
PI Clone (Auto-Reply)
```
## Gitea Actions Workflows
| Workflow | File | Trigger | What It Does |
|----------|------|---------|--------------|
| **CI** | `.gitea/workflows/ci.yml` | push/PR | PHP lint, security scan, schema validation |
| **Deploy** | `.gitea/workflows/deploy.yml` | push to main | SSH → cPanel git push + WP REST API fallback + verification |
| **Sync** | `.gitea/workflows/sync.yml` | push + every 6h | cPanel sync + Nextcloud artifact upload |
| **Health** | `.gitea/workflows/health.yml` | every 30min | Plugin health check + REST API verification |
## Blocker Issues
| # | Issue | Status | Assigned |
|---|-------|--------|----------|
| 1 | Cloudflare WAF blocks Contabo from WP REST API | Open | @hermes-contabo |
| 2 | WordPress Application Password needed | Open | @odysseus |
| 3 | Gitea Actions runner (DONE ✅) | Done | @hermes-contabo |
| 4 | cPanel persistent agent design | Open | @hermes-contabo |
| 5 | Transfer repo to falah-os org | Open | @hermes-contabo |
| 6 | CI/CD workflow (DONE ✅) | Done | @hermes-contabo |
| 7 | Ody & PI clones epic | Open | @hermes-contabo |
## Secrets Required
Set these in `Settings → Actions → Secrets`:
- `WP_URL` — https://ummah.falahos.my
- `WP_APP_USER` — wmj
- `WP_APP_PASSWORD` — WordPress App Password
- `CPANEL_SSH_KEY` — cPanel Git deploy SSH private key
- `CPANEL_GIT_REMOTE` — cPanel Git remote URL
- `CPANEL_HOST` — cPanel hostname
- `CPANEL_DEPLOY_HOOK_URL` — (optional) deploy webhook
- `NEXTCLOUD_HERMES_PASS` — Nextcloud password
## Plugin Files
```
hermes-cpanel-agent/
├── hermes-ai-bridge.php # Main plugin bootstrap
├── includes/
│ ├── class-autoloader.php # PSR-4 autoloader
│ ├── core.php # Plugin core bootstrap
│ ├── installer.php # Activation/deactivation
│ ├── rest-controller.php # REST API (hermes/v1/*)
│ ├── ai-provider.php # OpenClaw AI integration
│ ├── scheduler.php # WP-Cron task scheduler
│ └── nextcloud-bridge.php # Nextcloud sync
├── assets/
│ └── admin.css # Admin UI styles
└── .gitea/
├── workflows/
│ ├── ci.yml # CI pipeline
│ ├── deploy.yml # Deploy pipeline
│ ├── sync.yml # Sync pipeline
│ └── health.yml # Health check
└── scripts/
├── verify-deploy.py # Verify plugin deployment
├── deploy-report.py # Parse deploy response
├── check-namespace.py # Verify REST namespace
├── health-check.py # Plugin health check
└── setup-secrets.py # Secret setup guide
```