admin/honey-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6eb9dc3ea06407161ef7a1bfe7cf1bae265557b
honey-be/docs/GITEA_VPS_DEPLOY.md
Mykhailo Svishchov e6ce77e38e
Some checks failed
Deploy to VPS / deploy (push) Failing after 29s
Details
gitea test
2026-03-07 20:11:39 +02:00

307 lines
11 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Gitea Actions: Deploy honey-be to VPS on push to main
This guide sets up automatic deployment of **honey-be** to your Honey VPS (188.116.23.7) when you push to the `main` branch. The workflow runs on your Gitea runner, syncs the repo via rsync over SSH, then runs the rolling-update script on the VPS.
## Prerequisites
- Gitea with Actions enabled and at least one runner registered (e.g. `ubuntu-latest`).
- Honey VPS (188.116.23.7) with backend at `/opt/app/backend/honey-be` and `scripts/rolling-update.staged.sh`.
- The **Gitea server (or the machine where the runner runs)** must be able to reach 188.116.23.7 over the network (e.g. outbound SSH). Gitea itself can stay Tailscale-only.
---
## 1. Create the deploy SSH key on your Mac
**Where:** Local Mac (Terminal).
**1.1** Generate a dedicated deploy key (Ed25519, no passphrase):
```bash
ssh-keygen -t ed25519 -C "gitea-deploy-honey-be" -f ~/.ssh/gitea_deploy_honey_be -N ""
```
**1.2** Where the keys are on your Mac:
| File on your Mac | Purpose |
|------------------|--------|
| `~/.ssh/gitea_deploy_honey_be` | **Private key** — you will paste this into Gitea (Step 3). Never put this on the Staged VPS. |
| `~/.ssh/gitea_deploy_honey_be.pub` | **Public key** — you will put this on the Staged VPS (Step 2). |
**1.3** Optional: display the keys so you can copy them later.
To show the **public** key (for Step 2):
```bash
cat ~/.ssh/gitea_deploy_honey_be.pub
```
To show the **private** key (for Step 3 — paste into Gitea):
```bash
cat ~/.ssh/gitea_deploy_honey_be
```
Copy each output as a whole (including `ssh-ed25519 ...` for the public key and `-----BEGIN ... KEY-----` / `-----END ... KEY-----` for the private key). You can run these commands again anytime.
---
## 2. Put the public key on the Staged VPS
The **Staged VPS** is your Honey server: **188.116.23.7**. The Gitea runner will SSH into this machine as `root` (or your deploy user), so the **public** key must be in that users `authorized_keys` on the Staged VPS.
**2.1 — On your Local Mac:** Copy the public key to the clipboard (so you can paste it on the VPS):
```bash
cat ~/.ssh/gitea_deploy_honey_be.pub | pbcopy
```
Or just note the single line that looks like:
`ssh-ed25519 AAAAC3... gitea-deploy-honey-be`
**2.2 — Log in to the Staged VPS** from your Mac:
```bash
ssh root@188.116.23.7
```
(Use the same user you normally use to manage this server, e.g. `root` or a user with sudo. If you use a different user, replace `root` in the next steps with that user.)
**2.3 — On the Staged VPS (188.116.23.7):** Ensure `.ssh` exists and add the public key.
Run these commands **one by one** on the Staged VPS (after youre logged in via SSH):
```bash
mkdir -p ~/.ssh
chmod 700 ~/.ssh
```
Then add the public key. **Either** paste the line you copied (replace `PASTE_YOUR_PUBLIC_KEY_LINE_HERE` with the actual line):
```bash
echo 'PASTE_YOUR_PUBLIC_KEY_LINE_HERE' >> ~/.ssh/authorized_keys
```
**Or**, if you have the key in your Mac clipboard, on the Staged VPS you can do (from Mac, one line):
```bash
ssh root@188.116.23.7 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && echo '$(cat ~/.ssh/gitea_deploy_honey_be.pub)' >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
```
If you ran the `echo ... >> authorized_keys` manually on the VPS, set permissions:
```bash
chmod 600 ~/.ssh/authorized_keys
```
**2.4 — Verify from your Mac:** Check that the deploy key can log in without a password:
```bash
ssh -i ~/.ssh/gitea_deploy_honey_be root@188.116.23.7 "echo OK"
```
You should see `OK`. If you get "Permission denied (publickey)", the public key was not added correctly to `~/.ssh/authorized_keys` on the Staged VPS.
---
## 3. Put the private key into Gitea (repository secret)
**Where:** Private key stays on your Mac; you only **paste its contents** into Gitea in the browser.
**3.1 — On your Local Mac:** Show the private key so you can copy it:
```bash
cat ~/.ssh/gitea_deploy_honey_be
```
Copy the **entire** output, including:
- `-----BEGIN OPENSSH PRIVATE KEY-----`
- all lines in the middle
- `-----END OPENSSH PRIVATE KEY-----`
**3.2 — In Gitea (browser):** Add it as a repository secret.
1. Open your repo: `http://100.122.146.65:3000/admin/honey-be` (or your Gitea URL over Tailscale).
2. Go to **Settings****Secrets and Variables****Actions**.
3. Under **Repository Secrets**, click **Add Secret**.
4. **Name:** `DEPLOY_SSH_PRIVATE_KEY`
5. **Value:** Paste the full private key you copied from the previous command.
6. Save.
Optional secrets (workflow has defaults):
| Name | Value | When to set |
|------|--------|-------------|
| `DEPLOY_VPS_HOST` | `188.116.23.7` | Only if your Staged VPS has a different IP. |
| `DEPLOY_VPS_USER` | `root` | Only if the deploy user is not `root`. |
---
## 4. Add the workflow file to the repo and push it
The workflow is a YAML file that tells Gitea **what to do** when you push to `main`. It does not get “installed” anywhere except inside the repository.
**4.1 — What the file is and where it lives**
- **Path in repo:** `.gitea/workflows/deploy-vps.yaml`
- **What it does:** On every push to `main`, Gitea runs a job that: checks out the code → installs SSH/rsync → syncs the repo to the Staged VPS at `/opt/app/backend/honey-be` → runs `sudo ./scripts/rolling-update.staged.sh` on the VPS.
- Gitea only runs workflows that exist **on the branch you push**. So this file must be committed and pushed to `main`.
**4.2 — What you need to do**
**Where:** Local Mac (in your honey-be project directory).
1. Confirm the workflow file exists:
```bash
cd /path/to/your/honey-be
ls -la .gitea/workflows/deploy-vps.yaml
```
2. If its there, add it to git, commit, and push to `main`:
```bash
git add .gitea/workflows/deploy-vps.yaml
git commit -m "Add VPS deploy workflow"
git push origin main
```
3. If the file is not there, create the directory and the file (the file contents are in this repo), then run the same `git add` / `git commit` / `git push` as above.
After the push, Gitea will see the workflow. It will run **only when** a runner is available (Step 5). So you can push the workflow first and set up the runner next, or the other way around.
---
## 5. Set up Gitea Actions and the runner
Gitea needs **Actions enabled** and at least one **runner** registered. The runner is the machine (or container) that actually runs the workflow steps. Your Gitea runs on a VPS with Docker; the runner is usually the **act_runner** container next to Gitea.
**5.1 — Enable Actions (if not already)**
**Where:** Gitea in the browser (admin or repo).
- **Site-wide:** Log in as admin → **Site Administration** → **Actions** → enable **Enable Actions**.
- Or at **repo level:** open **honey-be** → **Settings** → **Actions** → enable if there is an option.
**5.2 — Ensure the runner container is running**
**Where:** Gitea VPS (the server where Giteas Docker runs, e.g. 100.122.146.65 over Tailscale).
SSH into the Gitea server and check that both `gitea` and `gitea_runner` (or your runner container name) are up:
```bash
docker ps
```
You should see something like `gitea` and `gitea_runner`. If the runner container is stopped:
```bash
cd ~/gitea # or wherever your docker-compose.yml is
docker compose up -d
```
**5.3 — Get the runner registration token from Gitea**
**Where:** Gitea in the browser.
1. Open the **honey-be** repository.
2. Go to **Settings** → **Actions** → **Runners**.
3. Click **Create new runner** (or **Add runner** / **Register runner**).
4. Gitea will show a **registration token** and often a command or instructions. Copy the token (youll use it in the next step if the runner is not already registered).
**5.4 — Register the runner (if it isnt already)**
**Where:** Gitea VPS (SSH).
Your `docker-compose` may already set `GITEA_RUNNER_REGISTRATION_TOKEN` and the runner registers on startup. Check in Gitea: **Settings** → **Actions** → **Runners**. If you see a runner with status **Idle** and label **ubuntu-latest**, you can skip to 5.5.
If no runner appears, register it manually on the Gitea VPS:
```bash
docker exec -it gitea_runner sh
```
Inside the container:
```bash
act_runner register --instance http://server:3000 --token PASTE_TOKEN_FROM_STEP_5.3
```
Use the token from step 5.3. For `--instance` use the URL your runner uses to reach Gitea (in your compose its `http://127.0.0.1:3000` from the host; from inside the runner container it might be `http://server:3000` if the service name is `server`). Then exit and restart the runner container so it runs the daemon:
```bash
exit
docker restart gitea_runner
```
**5.5 — Check that the runner has the right label**
**Where:** Gitea in the browser.
1. Go to **honey-be** → **Settings** → **Actions** → **Runners**.
2. You should see at least one runner with:
- **Status:** Idle (or Running when a job is active)
- **Labels:** must include **ubuntu-latest**, because the workflow file has `runs-on: ubuntu-latest`.
If your runner has a different label (e.g. `linux`), you have two options:
- **Option A:** In Gitea when registering the runner, add the label **ubuntu-latest** (if the UI lets you choose labels).
- **Option B:** Edit `.gitea/workflows/deploy-vps.yaml` and change the line `runs-on: ubuntu-latest` to your runners label (e.g. `runs-on: linux`), then commit and push.
**5.6 — Summary**
- Actions enabled in Gitea.
- Runner container running on the Gitea VPS.
- Runner registered and visible under **Settings** → **Actions** → **Runners** with label **ubuntu-latest** (or workflow updated to match your label).
---
## 6. Test the deployment
Do this **after** the workflow file is on `main` (Step 4) and the runner is set up (Step 5).
**6.1 — Trigger a run**
Push a commit to `main` (e.g. a small change or the workflow/docs you added):
```bash
cd /path/to/your/honey-be
git add .gitea/workflows/deploy-vps.yaml docs/GITEA_VPS_DEPLOY.md
git commit -m "Add VPS deploy workflow and guide"
git push origin main
```
**6.2 — Check the run in Gitea**
**Where:** Gitea in the browser.
1. Open **honey-be** → **Actions** (tab in the repo).
2. You should see a run for the “Deploy to VPS” workflow. Open it.
3. Confirm all steps are green. If something fails, open the failed step to see the log.
**6.3 — Check the Staged VPS**
**Where:** Staged VPS (188.116.23.7) or your Mac (SSH to VPS).
1. SSH in: `ssh root@188.116.23.7`
2. Check that code was updated: `ls -la /opt/app/backend/honey-be`
3. Check that the app restarted: `docker ps` (or your usual way to verify the backend is running).
---
## Troubleshooting
- **Permission denied (publickey)**
Check: public key in `authorized_keys` on VPS, private key in `DEPLOY_SSH_PRIVATE_KEY`, no extra spaces/newlines when pasting.
- **Runner doesnt pick up the job**
In Gitea: **Settings** → **Actions** → **Runners**. Confirm runner is “idle” and has label `ubuntu-latest`.
- **rsync or SSH fails from runner**
From the **runner host** (Gitea VPS), test: `ssh -i /path/to/private_key root@188.116.23.7 "echo OK"`. If it fails, the runner cannot reach the VPS or the key is wrong.
- **sudo or script fails on VPS**
SSH in as the deploy user and run manually:
`cd /opt/app/backend/honey-be && sudo ./scripts/rolling-update.staged.sh`
Fix permissions or sudo rules as needed.
Reference in New Issue View Git Blame Copy Permalink