Robot-U/robot-u-site
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prepare deployment and Forgejo CI
Some checks failed
CI / check (push) Failing after 8s
Details

Browse source
This commit is contained in:
kacper 2026-04-14 20:17:29 -04:00
parent 51706d2d11
commit 853e99ca5f
21 changed files with 1402 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

31
AGENTS.md
View file

@ -67,6 +67,7 @@ Useful variables:
- `APP_BASE_URL=http://kacper-dev-pod:8800`
- `AUTH_SECRET_KEY=...`
- `AUTH_COOKIE_SECURE=false`
- `CORS_ALLOW_ORIGINS=http://kacper-dev-pod:8800`
- `FORGEJO_OAUTH_CLIENT_ID=...`
- `FORGEJO_OAUTH_CLIENT_SECRET=...`
- `FORGEJO_OAUTH_SCOPES=openid profile`
@ -80,7 +81,7 @@ Useful variables:
Notes:
- Browser sign-in uses Forgejo OAuth/OIDC. `APP_BASE_URL` must match the URL opened in the browser, and the Forgejo OAuth app must include `/api/auth/forgejo/callback` under that base URL.
- Browser sign-in uses Forgejo OAuth/OIDC. `APP_BASE_URL` must match the URL opened in the browser, `CORS_ALLOW_ORIGINS` should include that origin, and the Forgejo OAuth app must include `/api/auth/forgejo/callback` under that base URL.
- Browser OAuth requests only identity scopes. The backend stores the resulting Forgejo token in an encrypted `HttpOnly` cookie and may use it only after enforcing public-repository checks for writes.
- `FORGEJO_TOKEN` is optional and should be treated as a read-only local fallback for the public content cache. Browser sessions and API token calls may write issues/comments only after verifying the target repo is public.
- `/api/prototype` uses a server-side cache for public Forgejo content. `FORGEJO_CACHE_TTL_SECONDS=0` disables it; successful discussion replies invalidate it.
@ -110,6 +111,34 @@ Override host/port when needed:
HOST=0.0.0.0 PORT=8800 ./scripts/start.sh
```
## Deployment Commands
Bootstrap Forgejo Actions SSH clone credentials:
```bash
export FORGEJO_API_TOKEN=...
./scripts/bootstrap_ci_clone_key.py
```
Validate production environment before starting:
```bash
./scripts/check_deploy_config.py
```
Container deployment:
```bash
docker compose up --build -d
curl -fsS http://127.0.0.1:8800/health
```
Non-container production start after building `frontend/dist`:
```bash
HOST=0.0.0.0 PORT=8000 ./scripts/run_prod.sh
```
## Development Commands
### Backend only