Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6a945fb8b7 | |||
| 7937c4ee6a | |||
| 204611e6ca | |||
| 52a0b6df45 | |||
| 23e7c88f1d | |||
| d4f25a0e1d | |||
| 6f55ccc442 | |||
| 7c7514e7c1 | |||
| 57db6afc1f | |||
| f87a430bbe | |||
| 53442cece2 | |||
| 1881e088d8 | |||
| 0ba3239ec9 | |||
| c9ac2c2968 | |||
| ee4cf9c608 | |||
| 6e9b032e64 |
61
.gitea/workflows/ci.yaml
Normal file
61
.gitea/workflows/ci.yaml
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
name: Build and Deploy
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-and-deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
run: |
|
||||||
|
rm -rf /tmp/watch-party
|
||||||
|
git clone https://gitea.home.arpa/nik/watch-party /tmp/watch-party
|
||||||
|
|
||||||
|
- name: Write deploy key
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.DEPLOY_KEY }}" > /tmp/deploy_key
|
||||||
|
chmod 600 /tmp/deploy_key
|
||||||
|
|
||||||
|
- name: Log in to Gitea registry
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.home.arpa \
|
||||||
|
--username ${{ secrets.REGISTRY_USERNAME }} \
|
||||||
|
--password-stdin
|
||||||
|
|
||||||
|
- name: Inject CA into buildkit
|
||||||
|
run: |
|
||||||
|
cat /etc/ssl/certs/homelab-ca.pem | docker exec -i buildx_buildkit_multiarch0 \
|
||||||
|
sh -c 'cat >> /etc/ssl/certs/ca-certificates.crt && cat >> /etc/ssl/cert.pem'
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
run: |
|
||||||
|
docker buildx create --use --name multiarch || docker buildx use multiarch
|
||||||
|
|
||||||
|
- name: Build and push backend
|
||||||
|
run: |
|
||||||
|
docker buildx build \
|
||||||
|
--platform linux/amd64,linux/arm64 \
|
||||||
|
-t gitea.home.arpa/nik/watch-party-backend:latest \
|
||||||
|
--push \
|
||||||
|
/tmp/watch-party/backend
|
||||||
|
|
||||||
|
- name: Build and push frontend
|
||||||
|
run: |
|
||||||
|
docker buildx build \
|
||||||
|
--platform linux/amd64,linux/arm64 \
|
||||||
|
-t gitea.home.arpa/nik/watch-party-frontend:latest \
|
||||||
|
--push \
|
||||||
|
/tmp/watch-party/frontend
|
||||||
|
|
||||||
|
- name: Deploy to Mac Mini
|
||||||
|
run: |
|
||||||
|
ssh -o StrictHostKeyChecking=no \
|
||||||
|
-i /tmp/deploy_key \
|
||||||
|
${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
|
||||||
|
"export PATH=/usr/local/bin:/opt/homebrew/bin:\$PATH && \
|
||||||
|
cd ~/repo/watch-party && \
|
||||||
|
docker compose pull && \
|
||||||
|
docker compose up -d"
|
||||||
@ -1,21 +1,8 @@
|
|||||||
name: watch-party
|
name: watch-party
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# Frontend (Vite built → nginx). Only public-facing service on LAN.
|
|
||||||
web:
|
web:
|
||||||
build:
|
image: gitea.home.arpa/nik/watch-party-frontend:latest
|
||||||
context: ./frontend
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
args:
|
|
||||||
PUBLIC_BASE_PATH: ${PUBLIC_BASE_PATH}
|
|
||||||
FRONTEND_MODE: ${FRONTEND_MODE:-production}
|
|
||||||
VITE_AUTH_ENABLED: ${VITE_AUTH_ENABLED:-true}
|
|
||||||
VITE_FIREBASE_API_KEY: ${VITE_FIREBASE_API_KEY}
|
|
||||||
VITE_FIREBASE_AUTH_DOMAIN: ${VITE_FIREBASE_AUTH_DOMAIN}
|
|
||||||
VITE_FIREBASE_PROJECT_ID: ${VITE_FIREBASE_PROJECT_ID}
|
|
||||||
VITE_FIREBASE_APP_ID: ${VITE_FIREBASE_APP_ID}
|
|
||||||
VITE_BACKEND_ORIGIN: ${VITE_BACKEND_ORIGIN:-/api}
|
|
||||||
image: watchparty-frontend:prod
|
|
||||||
container_name: watchparty-frontend
|
container_name: watchparty-frontend
|
||||||
environment:
|
environment:
|
||||||
BACKEND_ORIGIN: ${BACKEND_ORIGIN}
|
BACKEND_ORIGIN: ${BACKEND_ORIGIN}
|
||||||
@ -32,7 +19,6 @@ services:
|
|||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|
||||||
# Backend DB (internal only)
|
|
||||||
db:
|
db:
|
||||||
image: postgres:16-alpine
|
image: postgres:16-alpine
|
||||||
platform: ${COMPOSE_PLATFORM}
|
platform: ${COMPOSE_PLATFORM}
|
||||||
@ -42,7 +28,7 @@ services:
|
|||||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
TZ: ${TZ}
|
TZ: ${TZ}
|
||||||
ports:
|
ports:
|
||||||
- "${POSTGRES_PORT:-5432}:5432" ####### TEMPORARY EXPOSE #########
|
- "${POSTGRES_PORT:-5432}:5432"
|
||||||
volumes:
|
volumes:
|
||||||
- pgdata:/var/lib/postgresql/data
|
- pgdata:/var/lib/postgresql/data
|
||||||
command: >
|
command: >
|
||||||
@ -62,12 +48,8 @@ services:
|
|||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks: [internal]
|
networks: [internal]
|
||||||
|
|
||||||
# One-off migration job (idempotent)
|
|
||||||
migrate:
|
migrate:
|
||||||
build:
|
image: gitea.home.arpa/nik/watch-party-backend:latest
|
||||||
context: ./backend
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
image: watchparty-backend:latest
|
|
||||||
entrypoint: ["/app/migrate"]
|
entrypoint: ["/app/migrate"]
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env
|
- ./.env
|
||||||
@ -79,9 +61,8 @@ services:
|
|||||||
restart: "no"
|
restart: "no"
|
||||||
networks: [internal]
|
networks: [internal]
|
||||||
|
|
||||||
# API server (internal port only; reached via web → proxy)
|
|
||||||
api:
|
api:
|
||||||
image: watchparty-backend:latest
|
image: gitea.home.arpa/nik/watch-party-backend:latest
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env
|
- ./.env
|
||||||
depends_on:
|
depends_on:
|
||||||
@ -101,11 +82,11 @@ services:
|
|||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 10
|
retries: 10
|
||||||
ports:
|
ports:
|
||||||
- "${APP_PORT:-8082}:8082" ####### TEMPORARY EXPOSE #########
|
- "${APP_PORT:-8082}:8082"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
internal:
|
internal:
|
||||||
driver: bridge
|
driver: bridge
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
pgdata:
|
pgdata:
|
||||||
Loading…
x
Reference in New Issue
Block a user