Clone
1
Gitea Actions CICD
WMJ Ismail edited this page 2026-07-03 09:00:59 +02:00
Gitea Actions CI/CD
Full CI/CD pipeline documentation for the Hermes cPanel Agent.
Runner
A Gitea Actions runner is deployed as a Docker Swarm service on Contabo:
| Detail | Value |
|---|---|
| Name | contabo-swarm-runner |
| Host | Docker Swarm leader (vmi3361598) |
| Image | gitea/act_runner:v0.6.1 |
| Network | gitea_gitea-net |
| Labels | ubuntu-latest, self-hosted |
Runner Setup
# Get registration token from Gitea CLI
docker exec -u git gitea_gitea.1.xxx gitea actions generate-runner-token
# Deploy as Swarm service
docker service create \
--name gitea-runner \
--network gitea_gitea-net \
--restart-condition any \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--env GITEA_INSTANCE_URL=https://git.falahos.my \
--env GITEA_RUNNER_REGISTRATION_TOKEN=TOKEN \
--env GITEA_RUNNER_NAME=contabo-swarm-runner \
gitea/act_runner:latest
Workflows
1. CI (ci.yml)
Trigger: Push to main/develop, PRs
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ PHP Syntax │ → │ Security │ → │ Schema │
│ Check │ │ Scan │ │ Validation │
└─────────────┘ └──────────────┘ └─────────────┘
php -lon all PHP files- Greps for banned functions (
exec,shell_exec,system,eval) - Validates WordPress plugin headers
- Verifies REST namespace declaration
2. Deploy (deploy.yml)
Trigger: Push to main
┌──────────┐ ┌─────────────────┐ ┌──────────────┐
│ CI Check │ → │ Git Push to │ → │ WP REST API │
│ (pass) │ │ cPanel Remote │ │ Fallback │
└──────────┘ └─────────────────┘ └──────────────┘
↓
┌──────────────┐
│ Verify │
│ Deployment │
└──────────────┘
Primary path: SSH into cPanel Git remote, force-push main branch.
Fallback: Build plugin zip and upload via WP REST API /wp/v2/plugins.
Verification: Check plugin is active + hermes/v1 namespace is registered.
3. Sync (sync.yml)
Trigger: Push to main + every 6 hours
- Syncs code to cPanel git
- Uploads plugin zip to Nextcloud artifacts folder
4. Health (health.yml)
Trigger: Every 30 minutes
- Checks plugin is active on WordPress
- Verifies REST API responds
- Alerts on failure via Gitea notifications
Secrets
Set these in Settings → Actions → Secrets:
| Secret | Purpose | Required |
|---|---|---|
WP_URL |
WordPress site URL | ✅ Set |
WP_APP_USER |
WordPress username | ✅ Set |
WP_APP_PASSWORD |
Application Password | ❌ Pending |
CPANEL_SSH_KEY |
cPanel deploy SSH key | ❌ Pending |
CPANEL_GIT_REMOTE |
cPanel git remote URL | ❌ Pending |
CPANEL_HOST |
cPanel SSH hostname | ❌ Pending |
CPANEL_DEPLOY_HOOK_URL |
Optional deploy webhook | Optional |
NEXTCLOUD_HERMES_PASS |
Nextcloud sync password | ❌ Pending |
Setting Secrets via API
curl -X PUT -u "wmj:Abedib%4099" \
-H "Content-Type: application/json" \
-d '{"data":"BASE64_ENCODED_VALUE"}' \
"https://git.falahos.my/api/v1/repos/wmj/hermes-cpanel-agent/actions/secrets/SECRET_NAME"
Architecture
Developer Push
↓
Gitea (git.falahos.my)
↓
Gitea Actions Runner (Docker Swarm on Contabo)
├── CI: lint, security, schema
├── Deploy: git push → cPanel OR WP REST API
├── Sync: cPanel sync + Nextcloud
└── Health: every 30min
↓
cPanel Hosting (ummah.falahos.my)
├── cPanel Git Version Control (auto-pull)
├── WordPress + Hermes Plugin
└── WP-Cron agent scheduler
↓
Agents Running:
├── Ody Clone: Content Generator (REST API)
└── PI Clone: Auto-Reply (planned)
Adding a New Workflow
- Create
.gitea/workflows/your-workflow.yml - Use
runs-on: ubuntu-latest(handled by our self-hosted runner) - Any helper scripts go in
.gitea/scripts/ - Push to main — runner picks it up automatically
Monitoring
- Check runner status:
docker service logs gitea-runner --tail 20 - View runs: https://git.falahos.my/wmj/hermes-cpanel-agent/actions
- Health checks: every 30 min, reports in Gitea Actions tab