Files
wmj f620c65794
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s
Full Gitea Actions CI/CD with cPanel git deployment
- CI workflow: PHP lint, security scan, schema validation
- Deploy workflow: SSH -> cPanel git push + WP REST API fallback + verify
- Sync workflow: cPanel sync + Nextcloud artifact upload
- Health workflow: every 30min plugin health check
- Scripts: verify-deploy, deploy-report, check-namespace, health-check, setup-secrets
- README with full architecture documentation
- Gitea Actions runner registered on Docker Swarm (contabo-swarm-runner)
2026-07-03 08:56:15 +02:00

76 lines
2.6 KiB
Python

#!/usr/bin/env python3
"""Setup script: initializes required secrets and cPanel git remote.
Run interactively. Output is safe to log.
"""
import json, os, sys
REQUIRED_SECRETS = {
"WP_APP_PASSWORD": "WordPress Application Password for wmj user",
"WP_URL": "WordPress site URL (default: https://ummah.falahos.my)",
"WP_APP_USER": "WordPress username for app password (default: wmj)",
"CPANEL_SSH_KEY": "cPanel Git SSH private key",
"CPANEL_GIT_REMOTE": "cPanel git remote URL (e.g., ssh://user@host:port/path)",
"CPANEL_HOST": "cPanel hostname for SSH key scan",
"CPANEL_DEPLOY_HOOK_URL": "(Optional) cPanel deployment hook URL",
"NEXTCLOUD_HERMES_PASS": "Nextcloud password for hermes user",
}
SECRETS_TO_SET = [
"WP_APP_PASSWORD",
"WP_URL",
"WP_APP_USER",
"CPANEL_SSH_KEY",
"CPANEL_GIT_REMOTE",
"CPANEL_HOST",
"NEXTCLOUD_HERMES_PASS",
]
def main():
print("=== Hermes cPanel Agent: Gitea Secrets Setup ===")
print()
print("The following secrets are required for CI/CD workflows:\n")
for name, desc in REQUIRED_SECRETS.items():
print(f" {name:30s} - {desc}")
print("\n---")
print("To set each secret via Gitea API:")
print()
repo = "wmj/hermes-cpanel-agent"
for secret in SECRETS_TO_SET:
print(f" # Set {secret}")
print(f' curl -s -X PUT -u "wmj:YOUR_PASSWORD" \\')
print(f' -H "Content-Type: application/json" \\')
print(f' -d \'{{"data":"VALUE_BASE64"}}\' \\')
print(f' "https://git.falahos.my/api/v1/repos/{repo}/actions/secrets/{secret}"')
print()
print("=== Alternative: Set via Gitea Web UI ===")
print(f" Go to: https://git.falahos.my/{repo}/settings/actions/secrets")
print()
if len(sys.argv) > 1 and sys.argv[1] == "--init":
print("WARNING: --init is interactive. Only run in a terminal session.")
do_init(repo)
def do_init(repo):
"""Interactively set secrets (requires terminal)."""
import getpass
pw = getpass.getpass("Gitea password for wmj: ")
for secret in SECRETS_TO_SET:
val = input(f"{secret} [{REQUIRED_SECRETS.get(secret, '')}]: ")
if val:
import base64
encoded = base64.b64encode(val.encode()).decode()
cmd = (
f'curl -s -X PUT -u "wmj:{pw}" '
f'-H "Content-Type: application/json" '
f'-d \'{{"data":"{encoded}"}}\' '
f'"https://git.falahos.my/api/v1/repos/{repo}/actions/secrets/{secret}"'
)
result = os.popen(cmd).read()
print(f" → {result[:100]}")
if __name__ == "__main__":
main()