gitea_admin/fabiennefoehn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add synology auto-deploy setup

Browse Source
This commit is contained in:
Mathias Gläser
2026-03-22 09:27:14 +01:00
parent 73564f578e
commit 6b80ef55e9
3 changed files with 118 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
DEPLOYMENT.md Normal file
View File

@@ -0,0 +1,42 @@
# Deployment
Dieses Repository ist fuer Auto-Deployment von `main` auf die Synology-Testumgebung vorbereitet.
## Ziel
- Repo-Pfad auf Synology: `/volume2/webssd/fabiennefoehn`
- Webroot auf Synology: `/volume2/webssd/fabiennefoehn`
- Branch: `main`
- Repo-Owner: `admin_hz2`
- Webserver-User: `http`
## Dateien
- `deploy-staging.sh`: wird serverseitig per Webhook ausgefuehrt
- `deploy.php`: Gitea-Webhook-Endpunkt im Webroot
## Gitea Webhook
- URL: `https://fabienne.imhochrain.ch/deploy.php`
- Content Type: `application/json`
- Secret: in DSM/Apache als `GITEA_WEBHOOK_SECRET` setzen
- Event: `Push Events`
- Branch-Filter: `main`
## Synology sudoers
Datei in `/etc/sudoers.d/fabiennefoehn`:
```sudoers
http ALL=(admin_hz2) NOPASSWD: /bin/bash /volume2/webssd/fabiennefoehn/deploy-staging.sh
```
## Apache / Web Station
Der Webserver muss die Umgebungsvariable setzen:
```apache
SetEnv GITEA_WEBHOOK_SECRET "nsR7MKmnsHeKpuMUj6baP8CVsjAvo5GmRrPwaTbtswswNiyN7gPu8Wfq1IJn"
```
Danach Webserver neu laden.

21
deploy-staging.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
set -euo pipefail
umask 022
ROOT="/volume2/webssd/fabiennefoehn"
LOG="$ROOT/deploy.log"
BRANCH="main"
cd "$ROOT" || exit 1
{
echo "----- $(date) -----"
whoami
echo "PATH=$PATH"
echo "Deploying branch: $BRANCH"
} >> "$LOG"
/usr/bin/git fetch origin >> "$LOG" 2>&1
/usr/bin/git reset --hard "origin/$BRANCH" >> "$LOG" 2>&1
echo "DONE" >> "$LOG"

55
deploy.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
$method = $_SERVER['REQUEST_METHOD'] ?? '';
if ($method !== 'POST') {
http_response_code(405);
echo 'Method Not Allowed';
exit;
}
$payload = file_get_contents('php://input');
if ($payload === false || $payload === '') {
http_response_code(400);
echo 'Empty payload';
exit;
}
$event = $_SERVER['HTTP_X_GITEA_EVENT'] ?? '';
$secret = getenv('GITEA_WEBHOOK_SECRET');
$signature = $_SERVER['HTTP_X_GITEA_SIGNATURE'] ?? '';
if ($secret !== false && $secret !== '') {
if ($signature === '') {
http_response_code(401);
echo 'Missing signature';
exit;
}
$hash = hash_hmac('sha256', $payload, $secret, false);
if (!hash_equals($hash, $signature)) {
http_response_code(401);
echo 'Invalid signature';
exit;
}
}
$decoded = json_decode($payload, true);
if (json_last_error() !== JSON_ERROR_NONE) {
http_response_code(400);
echo 'Invalid JSON';
exit;
}
if ($event !== 'push') {
http_response_code(202);
echo 'Ignored';
exit;
}
$ref = $decoded['ref'] ?? '';
if ($ref !== 'refs/heads/main') {
http_response_code(202);
echo 'Ignored';
exit;
}
exec('/bin/sudo -u admin_hz2 /bin/bash /volume2/webssd/fabiennefoehn/deploy-staging.sh > /dev/null 2>&1 &');
echo 'Deploy triggered';