daniel/furtka
1
1
Fork 0
Code Issues 1 Pull requests Projects 1 Releases 13 Packages Wiki Activity Actions
furtka/ops/forgejo-runner/compose.yml
Daniel Maksymilian Syrnicki b77ef80b56
All checks were successful
CI / lint (pull_request) Successful in 1m2s
Details
CI / test (pull_request) Successful in 1m19s
Details
CI / validate-json (pull_request) Successful in 55s
Details
CI / markdown-links (pull_request) Successful in 27s
Details
feat(website): legal pages (Impressum/Datenschutz) + auto-deploy on push-to-main 
Two coupled changes that make sense to land together:

1. Legal pages required under German law
   - /imprint/ + /de/impressum/ — §5 DDG disclosure (contact is email
     plus Forgejo-Issues as the second quick-contact channel, per ECJ
     C-298/07 no phone number required)
   - /privacy/ + /de/datenschutz/ — Art. 13 GDPR minimum: server-log
     processing (IP, UA, URL, retention ≤30 days), no cookies, no
     tracking, no third-party embeds. RLP Landesbeauftragter as the
     competent supervisory authority.
   - Footer partial linked from every page, localized per language.
   - DE versions are legally binding; EN versions are courtesy
     translations noting that.

2. Auto-deploy wired up
   - New workflow .forgejo/workflows/deploy-site.yml fires on
     push-to-main with paths under website/**. Runs on the self-hosted
     runner, which *is* forge-runner-01 — so "deploy" is just a local
     rsync into /srv/furtka-site and a hugo build into
     /var/www/furtka.org. No SSH, no secrets.
   - website/deploy-ci.sh is the SSH-free counterpart of deploy.sh,
     invoked by the workflow.
   - compose.yml bind-mounts /srv/furtka-site and /var/www/furtka.org
     into the runner container at matching paths so the workflow can
     reach them. Requires a one-time `docker compose up -d` on the
     runner host to pick the mounts up.
   - deploy.sh is kept for out-of-band manual deploys (testing from a
     local branch, CI outage) but gets a header comment pointing at
     the CI path as the normal flow.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 12:10:06 +02:00

31 lines
1.4 KiB
YAML
Raw Permalink Blame History

services:
runner:
image: code.forgejo.org/forgejo/runner:6
container_name: forgejo-runner
restart: unless-stopped
# Running as root so (1) apk can install nodejs + docker-cli at
# startup (needed by host-mode jobs that execute JS actions and by
# `iso/build.sh` which shells out to `docker run`), and (2) access
# to the host docker socket doesn't require group juggling.
user: "0:0"
environment:
- DOCKER_HOST=unix:///var/run/docker.sock
- CONFIG_FILE=/data/config.yml
# Mount at /data so the container's data path matches the host path
# /data (which is a symlink to this directory — see runner-setup.md).
# When a host-mode job does `docker run -v /data/.cache/act/…:/work`,
# host docker resolves the source via the symlink instead of failing
# with "no such file or directory".
volumes:
- ./data:/data
- /var/run/docker.sock:/var/run/docker.sock
# Auto-deploy of furtka.org runs inside this container — the
# runner host *is* the web server. Bind these at matching paths
# so rsync/hugo just see plain local filesystem. Without these
# mounts, .forgejo/workflows/deploy-site.yml can't reach the
# source tree or the webroot.
- /srv/furtka-site:/srv/furtka-site
- /var/www/furtka.org:/var/www/furtka.org
command: >-
/bin/sh -c "apk add --no-cache nodejs docker-cli && sleep 5 &&
forgejo-runner daemon --config /data/config.yml"
Reference in a new issue View git blame Copy permalink