- Submodule pins: dbis_core, cross-chain-pmm-lps, mcp-proxmox (local, push may be pending), metamask-integration, smom-dbis-138 - Atomic swap + cross-chain-pmm-lops-publish, deploy-portal workflow, phoenix deploy-targets, routing/aggregator matrices - Docs, token-lists, forge proxy, phoenix API, runbooks, verify scripts Made-with: Cursor
198 lines
5.9 KiB
Markdown
198 lines
5.9 KiB
Markdown
# Devin → Gitea → Proxmox CI/CD
|
|
|
|
**Status:** Working baseline for this repo
|
|
**Last Updated:** 2026-04-20
|
|
|
|
## Goal
|
|
|
|
Create a repeatable path where:
|
|
|
|
1. Devin lands code in Gitea.
|
|
2. Gitea Actions validates the repo on the site-wide `act_runner`.
|
|
3. A successful workflow calls `phoenix-deploy-api`.
|
|
4. `phoenix-deploy-api` resolves the repo/branch to a deploy target and runs the matching Proxmox publish command.
|
|
5. The deploy service checks the target health URL before it reports success.
|
|
|
|
## Current baseline in this repo
|
|
|
|
The path now exists for **`d-bis/proxmox`** on **`main`** and **`master`**:
|
|
|
|
- Workflow: [deploy-to-phoenix.yml](/home/intlc/projects/proxmox/.gitea/workflows/deploy-to-phoenix.yml)
|
|
- Manual app workflow: [deploy-portal-live.yml](/home/intlc/projects/proxmox/.gitea/workflows/deploy-portal-live.yml)
|
|
- Deploy service: [server.js](/home/intlc/projects/proxmox/phoenix-deploy-api/server.js)
|
|
- Target map: [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json)
|
|
- Current live publish script: [deploy-phoenix-deploy-api-to-dev-vm.sh](/home/intlc/projects/proxmox/scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh)
|
|
- Manual smoke trigger: [trigger-phoenix-deploy.sh](/home/intlc/projects/proxmox/scripts/dev-vm/trigger-phoenix-deploy.sh)
|
|
- Target validator: [validate-phoenix-deploy-targets.sh](/home/intlc/projects/proxmox/scripts/validation/validate-phoenix-deploy-targets.sh)
|
|
- Bootstrap helper: [bootstrap-phoenix-cicd.sh](/home/intlc/projects/proxmox/scripts/dev-vm/bootstrap-phoenix-cicd.sh)
|
|
|
|
That default target publishes the `phoenix-deploy-api` bundle to **VMID 5700** on the correct Proxmox node and starts the CT if needed.
|
|
|
|
A second target is now available:
|
|
|
|
- `portal-live` → runs [sync-sankofa-portal-7801.sh](/home/intlc/projects/proxmox/scripts/deployment/sync-sankofa-portal-7801.sh) and then checks `http://192.168.11.51:3000/`
|
|
|
|
## Flow
|
|
|
|
```text
|
|
Devin
|
|
-> push to Gitea
|
|
-> Gitea Actions on act_runner (5700)
|
|
-> bash scripts/verify/run-all-validation.sh --skip-genesis
|
|
-> validates deploy-targets.json structure
|
|
-> POST /api/deploy to phoenix-deploy-api
|
|
-> match repo + branch + target in deploy-targets.json
|
|
-> run deploy command
|
|
-> verify target health URL
|
|
-> update Gitea commit status success/failure
|
|
```
|
|
|
|
## Required setup
|
|
|
|
### 1. Runner
|
|
|
|
Bring up the site-wide Gitea runner on VMID **5700**:
|
|
|
|
```bash
|
|
bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh
|
|
```
|
|
|
|
Reference: [GITEA_ACT_RUNNER_SETUP.md](GITEA_ACT_RUNNER_SETUP.md)
|
|
|
|
### 0. One-command bootstrap
|
|
|
|
If root `.env` already contains the needed values, use:
|
|
|
|
```bash
|
|
bash scripts/dev-vm/bootstrap-phoenix-cicd.sh --repo d-bis/proxmox
|
|
```
|
|
|
|
This runs the validation gate, deploys `phoenix-deploy-api`, and smoke-checks the service.
|
|
|
|
### 2. Deploy API service
|
|
|
|
Deploy the API to the dev VM:
|
|
|
|
```bash
|
|
./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --dry-run
|
|
./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --apply --start-ct
|
|
```
|
|
|
|
On the target VM, set at least:
|
|
|
|
```bash
|
|
PORT=4001
|
|
GITEA_URL=https://gitea.d-bis.org
|
|
GITEA_TOKEN=<token with repo status access>
|
|
PHOENIX_DEPLOY_SECRET=<shared secret>
|
|
PHOENIX_REPO_ROOT=/home/intlc/projects/proxmox
|
|
```
|
|
|
|
Optional:
|
|
|
|
```bash
|
|
DEPLOY_TARGETS_PATH=/opt/phoenix-deploy-api/deploy-targets.json
|
|
```
|
|
|
|
For the `portal-live` target, also set:
|
|
|
|
```bash
|
|
SANKOFA_PORTAL_SRC=/home/intlc/projects/Sankofa/portal
|
|
```
|
|
|
|
### 3. Gitea repo secrets
|
|
|
|
Set these in the Gitea repository that should deploy:
|
|
|
|
- `PHOENIX_DEPLOY_URL`
|
|
- `PHOENIX_DEPLOY_TOKEN`
|
|
|
|
Example:
|
|
|
|
- `PHOENIX_DEPLOY_URL=http://192.168.11.59:4001/api/deploy`
|
|
- `PHOENIX_DEPLOY_TOKEN=<same value as PHOENIX_DEPLOY_SECRET>`
|
|
|
|
For webhook signing, the bootstrap/helper path also expects:
|
|
|
|
- `PHOENIX_DEPLOY_SECRET`
|
|
- `PHOENIX_WEBHOOK_DEPLOY_ENABLED=1` only if you want webhook events themselves to execute deploys
|
|
|
|
Do not enable both repo Actions deploys and webhook deploys for the same repo unless you intentionally want duplicate deploy attempts.
|
|
|
|
## Adding more repos or VM targets
|
|
|
|
Extend [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) with another entry.
|
|
|
|
Each target is keyed by:
|
|
|
|
- `repo`
|
|
- `branch`
|
|
- `target`
|
|
|
|
Each target defines:
|
|
|
|
- `cwd`
|
|
- `command`
|
|
- `required_env`
|
|
- optional `healthcheck`
|
|
- optional `timeout_sec`
|
|
|
|
Example shape:
|
|
|
|
```json
|
|
{
|
|
"repo": "d-bis/another-service",
|
|
"branch": "main",
|
|
"target": "portal-live",
|
|
"cwd": "${PHOENIX_REPO_ROOT}",
|
|
"command": ["bash", "scripts/deployment/sync-sankofa-portal-7801.sh"],
|
|
"required_env": ["PHOENIX_REPO_ROOT"]
|
|
}
|
|
```
|
|
|
|
Use separate `target` names when the same repo can publish to different VMIDs or environments.
|
|
|
|
Target-map validation is already part of:
|
|
|
|
```bash
|
|
bash scripts/verify/run-all-validation.sh --skip-genesis
|
|
```
|
|
|
|
and can also be run directly:
|
|
|
|
```bash
|
|
bash scripts/validation/validate-phoenix-deploy-targets.sh
|
|
```
|
|
|
|
## Manual testing
|
|
|
|
Before trusting a new Gitea workflow, trigger the deploy service directly:
|
|
|
|
```bash
|
|
bash scripts/dev-vm/trigger-phoenix-deploy.sh
|
|
```
|
|
|
|
Trigger the live portal deployment target directly:
|
|
|
|
```bash
|
|
bash scripts/dev-vm/trigger-phoenix-deploy.sh d-bis/proxmox main portal-live
|
|
```
|
|
|
|
Inspect configured targets:
|
|
|
|
```bash
|
|
curl -s http://192.168.11.59:4001/api/deploy-targets | jq .
|
|
```
|
|
|
|
## Recommended next expansions
|
|
|
|
- Add a Phoenix API target for the repo that owns VMID **7800** or **8600**, depending on which deployment line is canonical.
|
|
- Add repo-specific workflows once the Sankofa source repos themselves are mirrored into Gitea Actions.
|
|
- Move secret values from ad hoc `.env` files into the final operator-managed secret source once you settle the production host for `phoenix-deploy-api`.
|
|
|
|
## Notes
|
|
|
|
- The Gitea workflow is gated by `scripts/verify/run-all-validation.sh --skip-genesis` before deploy.
|
|
- `phoenix-deploy-api` now returns `404` when no matching target exists and `500` when the deploy command fails.
|
|
- Commit status updates are written back to Gitea from the deploy service itself.
|