daniel/furtka
1
1
Fork 0
Code Issues 1 Pull requests Projects 1 Releases 13 Packages Wiki Activity Actions
furtka/.forgejo/workflows/deploy-site.yml
Daniel Maksymilian Syrnicki b77ef80b56
All checks were successful
CI / lint (pull_request) Successful in 1m2s
Details
CI / test (pull_request) Successful in 1m19s
Details
CI / validate-json (pull_request) Successful in 55s
Details
CI / markdown-links (pull_request) Successful in 27s
Details
feat(website): legal pages (Impressum/Datenschutz) + auto-deploy on push-to-main 
Two coupled changes that make sense to land together:

1. Legal pages required under German law
   - /imprint/ + /de/impressum/ — §5 DDG disclosure (contact is email
     plus Forgejo-Issues as the second quick-contact channel, per ECJ
     C-298/07 no phone number required)
   - /privacy/ + /de/datenschutz/ — Art. 13 GDPR minimum: server-log
     processing (IP, UA, URL, retention ≤30 days), no cookies, no
     tracking, no third-party embeds. RLP Landesbeauftragter as the
     competent supervisory authority.
   - Footer partial linked from every page, localized per language.
   - DE versions are legally binding; EN versions are courtesy
     translations noting that.

2. Auto-deploy wired up
   - New workflow .forgejo/workflows/deploy-site.yml fires on
     push-to-main with paths under website/**. Runs on the self-hosted
     runner, which *is* forge-runner-01 — so "deploy" is just a local
     rsync into /srv/furtka-site and a hugo build into
     /var/www/furtka.org. No SSH, no secrets.
   - website/deploy-ci.sh is the SSH-free counterpart of deploy.sh,
     invoked by the workflow.
   - compose.yml bind-mounts /srv/furtka-site and /var/www/furtka.org
     into the runner container at matching paths so the workflow can
     reach them. Requires a one-time `docker compose up -d` on the
     runner host to pick the mounts up.
   - deploy.sh is kept for out-of-band manual deploys (testing from a
     local branch, CI outage) but gets a header comment pointing at
     the CI path as the normal flow.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 12:10:06 +02:00

39 lines
1.2 KiB
YAML
Raw Blame History

name: Deploy site
# Auto-deploy the Hugo site to /var/www/furtka.org on push-to-main.
# Only fires when content under website/ changes — everything else
# (Python code, ISO build, runbook docs) is unaffected.
#
# Runs on the self-hosted runner, which is forge-runner-01 — the same
# host that serves furtka.org. So the "deploy" is just a local rsync
# of the Hugo source into /srv/furtka-site and a `hugo` build into
# /var/www/furtka.org. No SSH, no secrets, no cross-host anything.
#
# Requires two bind-mounts on the runner container (/srv/furtka-site
# and /var/www/furtka.org → same paths inside). See compose.yml.
on:
push:
branches: [main]
paths:
- 'website/**'
concurrency:
group: deploy-site
cancel-in-progress: true
jobs:
deploy:
runs-on: self-hosted
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: Install hugo + rsync
# Runner image is alpine-based; apk is fast and cached.
# Pinning is intentionally skipped — alpine:latest moves hugo
# forward in lockstep with upstream, and the site only uses
# baseline features.
run: apk add --no-cache hugo rsync
- name: Deploy
run: ./website/deploy-ci.sh
Reference in a new issue View git blame Copy permalink