f620c65794
CI - Test & Lint / lint (push) Failing after 1m11s
CI - Test & Lint / test-schema (push) Failing after 8s
🚀 Deploy to cPanel via Git / ci-check (push) Failing after 8s
🚀 Deploy to cPanel via Git / deploy-to-cpanel (push) Has been skipped
🚀 Deploy to cPanel via Git / deploy-fallback (push) Has been skipped
🚀 Deploy to cPanel via Git / verify (push) Has been skipped
🌊 Sync cPanel Git + WordPress / sync-cpanel (push) Failing after 9s
CI - Test & Lint / security (push) Successful in 1m42s
🌊 Sync cPanel Git + WordPress / sync-nextcloud (push) Failing after 10s
- CI workflow: PHP lint, security scan, schema validation - Deploy workflow: SSH -> cPanel git push + WP REST API fallback + verify - Sync workflow: cPanel sync + Nextcloud artifact upload - Health workflow: every 30min plugin health check - Scripts: verify-deploy, deploy-report, check-namespace, health-check, setup-secrets - README with full architecture documentation - Gitea Actions runner registered on Docker Swarm (contabo-swarm-runner)
76 lines
2.6 KiB
Python
76 lines
2.6 KiB
Python
#!/usr/bin/env python3
|
|
"""Setup script: initializes required secrets and cPanel git remote.
|
|
Run interactively. Output is safe to log.
|
|
"""
|
|
import json, os, sys
|
|
|
|
REQUIRED_SECRETS = {
|
|
"WP_APP_PASSWORD": "WordPress Application Password for wmj user",
|
|
"WP_URL": "WordPress site URL (default: https://ummah.falahos.my)",
|
|
"WP_APP_USER": "WordPress username for app password (default: wmj)",
|
|
"CPANEL_SSH_KEY": "cPanel Git SSH private key",
|
|
"CPANEL_GIT_REMOTE": "cPanel git remote URL (e.g., ssh://user@host:port/path)",
|
|
"CPANEL_HOST": "cPanel hostname for SSH key scan",
|
|
"CPANEL_DEPLOY_HOOK_URL": "(Optional) cPanel deployment hook URL",
|
|
"NEXTCLOUD_HERMES_PASS": "Nextcloud password for hermes user",
|
|
}
|
|
|
|
SECRETS_TO_SET = [
|
|
"WP_APP_PASSWORD",
|
|
"WP_URL",
|
|
"WP_APP_USER",
|
|
"CPANEL_SSH_KEY",
|
|
"CPANEL_GIT_REMOTE",
|
|
"CPANEL_HOST",
|
|
"NEXTCLOUD_HERMES_PASS",
|
|
]
|
|
|
|
def main():
|
|
print("=== Hermes cPanel Agent: Gitea Secrets Setup ===")
|
|
print()
|
|
print("The following secrets are required for CI/CD workflows:\n")
|
|
for name, desc in REQUIRED_SECRETS.items():
|
|
print(f" {name:30s} - {desc}")
|
|
|
|
print("\n---")
|
|
print("To set each secret via Gitea API:")
|
|
print()
|
|
|
|
repo = "wmj/hermes-cpanel-agent"
|
|
for secret in SECRETS_TO_SET:
|
|
print(f" # Set {secret}")
|
|
print(f' curl -s -X PUT -u "wmj:YOUR_PASSWORD" \\')
|
|
print(f' -H "Content-Type: application/json" \\')
|
|
print(f' -d \'{{"data":"VALUE_BASE64"}}\' \\')
|
|
print(f' "https://git.falahos.my/api/v1/repos/{repo}/actions/secrets/{secret}"')
|
|
print()
|
|
|
|
print("=== Alternative: Set via Gitea Web UI ===")
|
|
print(f" Go to: https://git.falahos.my/{repo}/settings/actions/secrets")
|
|
print()
|
|
|
|
if len(sys.argv) > 1 and sys.argv[1] == "--init":
|
|
print("WARNING: --init is interactive. Only run in a terminal session.")
|
|
do_init(repo)
|
|
|
|
def do_init(repo):
|
|
"""Interactively set secrets (requires terminal)."""
|
|
import getpass
|
|
pw = getpass.getpass("Gitea password for wmj: ")
|
|
for secret in SECRETS_TO_SET:
|
|
val = input(f"{secret} [{REQUIRED_SECRETS.get(secret, '')}]: ")
|
|
if val:
|
|
import base64
|
|
encoded = base64.b64encode(val.encode()).decode()
|
|
cmd = (
|
|
f'curl -s -X PUT -u "wmj:{pw}" '
|
|
f'-H "Content-Type: application/json" '
|
|
f'-d \'{{"data":"{encoded}"}}\' '
|
|
f'"https://git.falahos.my/api/v1/repos/{repo}/actions/secrets/{secret}"'
|
|
)
|
|
result = os.popen(cmd).read()
|
|
print(f" → {result[:100]}")
|
|
|
|
if __name__ == "__main__":
|
|
main()
|