kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

ci: add Forgejo Actions pipeline + runner setup
Some checks are pending
KiteStacks CI / Validate compose files (push) Waiting to run
Details
KiteStacks CI / Check for accidental secrets (push) Waiting to run
Details
KiteStacks CI / Shellcheck scripts (push) Waiting to run
Details

Browse source 
- apps/forgejo/docker-compose.yml: enable FORGEJO__actions__ENABLED=true
- apps/forgejo-runner/docker-compose.yml: forgejo-runner:3.5.0 container
  mounts docker.sock so jobs can spin up containers on monk
- .forgejo/workflows/ci.yml: 3-job pipeline on every push to main
    compose-lint   → validates all apps/*/docker-compose.yml
    secrets-check  → scans for hardcoded passwords/tokens/keys
    shellcheck     → lints all scripts/*.sh
- docs/ci-cd-setup.md: runner registration steps + extension guide

PENDING (needs user action):
  1. docker compose up -d --force-recreate in apps/forgejo/ to apply env
  2. Get runner token from Forgejo admin panel
  3. Run forgejo-runner register with token, then docker compose up

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kenpat 2026-06-19 03:03:29 -05:00
parent dbcf51993d
commit f38decc285
4 changed files with 195 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

91
docs/ci-cd-setup.md Normal file
View file

@ -0,0 +1,91 @@
# Forgejo Actions CI/CD Setup
Forgejo Actions is GitHub Actions-compatible CI/CD built into Forgejo. Every push to `kitestacks-homelab` triggers: compose validation, secret leak scan, and shellcheck.
## Architecture
```
Developer pushes to Forgejo
Forgejo Actions scheduler
forgejo-runner container
├── compose-lint job (validates all apps/*/docker-compose.yml)
├── secrets-check job (scans for hardcoded passwords/tokens)
└── shellcheck job (lints all scripts/*.sh)
```
## One-time setup
### 1. Restart Forgejo to enable Actions
Actions is now enabled via `FORGEJO__actions__ENABLED=true` in the compose env. Restart to apply:
```bash
cd ~/kitestacks-homelab/apps/forgejo
docker compose up -d --force-recreate
```
Verify in the Forgejo UI: Admin Panel → Configuration → Actions = Enabled
### 2. Get a runner registration token
In Forgejo web UI:
- Site Admin → Actions → Runners → **Create new runner token**
- Copy the token (starts with `grt_...`)
### 3. Register and start the runner
```bash
cd ~/kitestacks-homelab/apps/forgejo-runner
mkdir -p config
# Register the runner (one-time, interactive)
docker run --rm -it \
-v $(pwd)/config:/etc/act_runner \
code.forgejo.org/forgejo/runner:3.5.0 \
register \
--instance http://forgejo:3000 \
--token <paste-grt-token-here> \
--name monk-runner \
--labels docker:docker://node:20
# Start the runner daemon
docker compose up -d
```
### 4. Verify
Push any change to kitestacks-homelab → Forgejo → Actions tab shows the pipeline running.
## Workflow file
`.forgejo/workflows/ci.yml` — runs on every push/PR to main:
| Job | What it does |
|-----|-------------|
| `compose-lint` | `docker compose config --quiet` on all compose files |
| `secrets-check` | grep for hardcoded passwords, tokens, private keys |
| `shellcheck` | static analysis on all `scripts/*.sh` |
## Adding workflows to other repos
Copy `.forgejo/workflows/ci.yml` into any repo that has a runner label matching `docker`. The runner on monk can serve all repos in your Forgejo instance.
## Extending the pipeline
Add a deploy job that runs after tests pass:
```yaml
deploy:
name: Deploy to monk
runs-on: docker
needs: [compose-lint, secrets-check, shellcheck]
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Redeploy changed app
run: docker compose -f apps/myapp/docker-compose.yml up -d --pull always
```