kenpat/kitestacks-homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
kitestacks-homelab/docs/ci-cd-setup.md
kenpat f38decc285
Some checks are pending
KiteStacks CI / Validate compose files (push) Waiting to run
Details
KiteStacks CI / Check for accidental secrets (push) Waiting to run
Details
KiteStacks CI / Shellcheck scripts (push) Waiting to run
Details
ci: add Forgejo Actions pipeline + runner setup 
- apps/forgejo/docker-compose.yml: enable FORGEJO__actions__ENABLED=true
- apps/forgejo-runner/docker-compose.yml: forgejo-runner:3.5.0 container
  mounts docker.sock so jobs can spin up containers on monk
- .forgejo/workflows/ci.yml: 3-job pipeline on every push to main
    compose-lint   → validates all apps/*/docker-compose.yml
    secrets-check  → scans for hardcoded passwords/tokens/keys
    shellcheck     → lints all scripts/*.sh
- docs/ci-cd-setup.md: runner registration steps + extension guide

PENDING (needs user action):
  1. docker compose up -d --force-recreate in apps/forgejo/ to apply env
  2. Get runner token from Forgejo admin panel
  3. Run forgejo-runner register with token, then docker compose up

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19 03:03:29 -05:00

2.5 KiB
Raw Permalink Blame History

Forgejo Actions CI/CD Setup

Forgejo Actions is GitHub Actions-compatible CI/CD built into Forgejo. Every push to kitestacks-homelab triggers: compose validation, secret leak scan, and shellcheck.

Architecture

Developer pushes to Forgejo
         │
         ▼
Forgejo Actions scheduler
         │
         ▼
forgejo-runner container
  ├── compose-lint job   (validates all apps/*/docker-compose.yml)
  ├── secrets-check job  (scans for hardcoded passwords/tokens)
  └── shellcheck job     (lints all scripts/*.sh)

One-time setup

1. Restart Forgejo to enable Actions

Actions is now enabled via FORGEJO__actions__ENABLED=true in the compose env. Restart to apply:

cd ~/kitestacks-homelab/apps/forgejo
docker compose up -d --force-recreate

Verify in the Forgejo UI: Admin Panel → Configuration → Actions = Enabled

2. Get a runner registration token

In Forgejo web UI:

  • Site Admin → Actions → Runners → Create new runner token
  • Copy the token (starts with grt_...)

3. Register and start the runner

cd ~/kitestacks-homelab/apps/forgejo-runner
mkdir -p config

# Register the runner (one-time, interactive)
docker run --rm -it \
  -v $(pwd)/config:/etc/act_runner \
  code.forgejo.org/forgejo/runner:3.5.0 \
  register \
    --instance http://forgejo:3000 \
    --token <paste-grt-token-here> \
    --name monk-runner \
    --labels docker:docker://node:20

# Start the runner daemon
docker compose up -d

4. Verify

Push any change to kitestacks-homelab → Forgejo → Actions tab shows the pipeline running.

Workflow file

.forgejo/workflows/ci.yml — runs on every push/PR to main:

Job What it does
compose-lint docker compose config --quiet on all compose files
secrets-check grep for hardcoded passwords, tokens, private keys
shellcheck static analysis on all scripts/*.sh

Adding workflows to other repos

Copy .forgejo/workflows/ci.yml into any repo that has a runner label matching docker. The runner on monk can serve all repos in your Forgejo instance.

Extending the pipeline

Add a deploy job that runs after tests pass:

  deploy:
    name: Deploy to monk
    runs-on: docker
    needs: [compose-lint, secrets-check, shellcheck]
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
      - name: Redeploy changed app
        run: docker compose -f apps/myapp/docker-compose.yml up -d --pull always