sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): resolve 3 Gitea Actions pipeline failures
Some checks failed
CI / validate (push) Failing after 19s
Details
CI / deploy (push) Has been skipped
Details
CI / ruff (push) Successful in 8s
Details
CI / pytest (push) Successful in 34m16s
Details
CI / dependency-scanning (push) Successful in 28s
Details
CI / docs (push) Has been skipped
Details

Browse Source 
- Remove upload-artifact step (unsupported on Gitea GHES)
- Replace architecture+audit jobs with unified validate job running validate_all.py
- Update docs: DEPLOY_HOST must be 172.17.0.1 (Docker bridge), not 127.0.0.1
- Add ufw rule for Docker bridge network SSH access

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-02-14 21:39:50 +01:00
parent 3c2b559282
commit 488d5a6f0e
3 changed files with 27 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/deployment/hetzner-server-setup.md
View File

@@ -688,14 +688,14 @@ Verify the runner shows as **Online** in Gitea: **Site Administration > Actions
## Step 16: Continuous Deployment
Automate deployment on every successful push to master. The Gitea Actions runner and the app both run on the same server, so the deploy job SSHes from the CI Docker container to `127.0.0.1`.
Automate deployment on every successful push to master. The Gitea Actions runner and the app both run on the same server, so the deploy job SSHes from the CI Docker container to `172.17.0.1` (Docker bridge gateway — see note in 16.2).
```
push to master
├── ruff ──────┐
├── pytest ────┤
└── architecture ─┤
└── deploy (SSH → scripts/deploy.sh)
└── validate ──┤
└── deploy (SSH → scripts/deploy.sh)
├── git stash / pull / pop
├── docker compose up -d --build
├── alembic upgrade heads
@@ -716,10 +716,13 @@ In **Repository Settings > Actions > Secrets**, add:
| Secret | Value |
|---|---|
| `DEPLOY_SSH_KEY` | Contents of `~/.ssh/deploy_ed25519` (private key) |
| `DEPLOY_HOST` | `127.0.0.1` |
| `DEPLOY_HOST` | `172.17.0.1` (Docker bridge gateway — **not** `127.0.0.1`) |
| `DEPLOY_USER` | `samir` |
| `DEPLOY_PATH` | `/home/samir/apps/orion` |
!!! important "Why `172.17.0.1` and not `127.0.0.1`?"
CI jobs run inside Docker containers where `127.0.0.1` is the container, not the host. `172.17.0.1` is the Docker bridge gateway that routes to the host. Ensure the firewall allows SSH from the Docker bridge network: `sudo ufw allow from 172.17.0.0/16 to any port 22`. When Gitea and Orion are on separate servers, replace with the Orion server's IP.
### 16.3 Deploy Script
The deploy script lives at `scripts/deploy.sh` in the repository. It:
@@ -735,13 +738,13 @@ Exit codes: `0` success, `1` git pull failed, `2` docker compose failed, `3` mig
### 16.4 CI Workflow
The deploy job in `.gitea/workflows/ci.yml` runs only on master push, after `ruff`, `pytest`, and `architecture` pass:
The deploy job in `.gitea/workflows/ci.yml` runs only on master push, after `ruff`, `pytest`, and `validate` pass:
```yaml
deploy:
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
needs: [ruff, pytest, architecture]
needs: [ruff, pytest, validate]
steps:
- name: Deploy to production
uses: appleboy/ssh-action@v1