Add CI deployment to app LXC

2026-04-15 06:28:30 -04:00 · 2026-04-15 06:28:30 -04:00 · 9049d367ea
commit 9049d367ea
parent 3d33a78f1f
6 changed files with 531 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -119,6 +119,31 @@ CI_CLONE_SECRET_NAME=CI_REPO_SSH_KEY

 The script generates a temporary Ed25519 keypair, adds the public key as a read-only deploy key on the repo, and stores the private key in the repo Actions secret `CI_REPO_SSH_KEY`.

+### Forgejo Actions LXC Deploy Bootstrap
+
+The `main` branch CI workflow deploys to the current Robot U LXC after checks pass. Create or rotate the deploy SSH key with:
+
+```bash
+export FORGEJO_API_TOKEN=your-forgejo-api-token
+./scripts/bootstrap_lxc_deploy_key.py
+```
+
+Defaults:
+
+```text
+FORGEJO_BASE_URL=https://aksal.cloud
+FORGEJO_REPO=Robot-U/robot-u-site
+LXC_DEPLOY_HOST=192.168.1.220
+LXC_DEPLOY_PORT=22
+LXC_DEPLOY_USER=root
+LXC_DEPLOY_KEY_COMMENT=robot-u-site-actions-deploy
+LXC_DEPLOY_SECRET_NAME=DEPLOY_SSH_KEY
+```
+
+The script generates a temporary Ed25519 keypair, appends the public key to the LXC user's `authorized_keys`, verifies SSH login with the generated key, and stores the private key in the repo Actions secret `DEPLOY_SSH_KEY`.
+
+The deploy job rsyncs the repository into `/opt/robot-u-site`, preserves production `.env` files, runs `./scripts/check_deploy_config.py`, rebuilds Docker Compose, and verifies `http://127.0.0.1:8800/health`.
+
 ### Required Production Settings

 Create a production `.env` from `.env.example` and set at least: