From 85261efe700885a071bc3867f0765f6431cbfafb Mon Sep 17 00:00:00 2001 From: Denis Lugowski Date: Sat, 22 Nov 2025 17:09:25 +0100 Subject: [PATCH] feat(pipeline): Migration from Gitea pipeline to act runner --- .actrc | 18 +++++++ {.gitea => .github}/workflows/pipeline.yaml | 56 +++++++++------------ .gitignore | 3 ++ CLAUDE.md | 28 ++++++++++- README.md | 47 +++++++++++++++-- 5 files changed, 113 insertions(+), 39 deletions(-) create mode 100644 .actrc rename {.gitea => .github}/workflows/pipeline.yaml (73%) diff --git a/.actrc b/.actrc new file mode 100644 index 0000000..15082fb --- /dev/null +++ b/.actrc @@ -0,0 +1,18 @@ +# Act configuration file +# This file contains default options for the act command + +# Use the medium-sized Docker image (includes common tools) +-P ubuntu-latest=catthehacker/ubuntu:act-latest + +# Enable verbose logging (comment out if too noisy) +# --verbose + +# Always use secrets file if it exists +--secret-file .secrets + +# Set container architecture +--container-architecture linux/amd64 + +# Use Docker BuildKit +--env DOCKER_BUILDKIT=1 + diff --git a/.gitea/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml similarity index 73% rename from .gitea/workflows/pipeline.yaml rename to .github/workflows/pipeline.yaml index ad2dd2e..a25b053 100644 --- a/.gitea/workflows/pipeline.yaml +++ b/.github/workflows/pipeline.yaml @@ -1,5 +1,5 @@ name: CI/CD Pipeline -run-name: ${{ gitea.actor }} triggered pipeline on ${{ gitea.ref_name }} +run-name: ${{ github.actor }} triggered pipeline on ${{ github.ref_name }} on: pull_request: @@ -7,7 +7,7 @@ on: - 'legalconsenthub/**' - 'legalconsenthub-backend/**' - 'api/**' - - '.gitea/workflows/pipeline.yaml' + - '.github/workflows/pipeline.yaml' push: branches: - main @@ -15,10 +15,10 @@ on: - 'legalconsenthub/**' - 'legalconsenthub-backend/**' - 'api/**' - - '.gitea/workflows/pipeline.yaml' + - '.github/workflows/pipeline.yaml' concurrency: - group: ci-${{ gitea.ref }} + group: ci-${{ github.ref }} cancel-in-progress: true jobs: @@ -52,7 +52,7 @@ jobs: - name: Get pnpm store directory id: pnpm-cache run: | - echo "STORE_PATH=$(pnpm store path)" >> $GITEA_OUTPUT + echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - name: Setup pnpm cache uses: actions/cache@v4 @@ -78,20 +78,20 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Log in to Gitea Container Registry - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: gitea.lugnas.de - username: ${{ gitea.actor }} + username: ${{ github.actor }} password: ${{ secrets.DOCKER_PUSH_TOKEN }} - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: - images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub + images: gitea.lugnas.de/${{ github.repository_owner }}/legalconsenthub tags: | - type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=sha,prefix=,format=long - name: Build and push Docker image @@ -99,7 +99,7 @@ jobs: with: context: . file: ./legalconsenthub/Dockerfile - push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} + push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -107,14 +107,14 @@ jobs: cache-to: type=local,dest=/tmp/.buildx-cache - name: Image built successfully - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' run: | echo "✅ Docker image built and pushed successfully" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:latest" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub:${{ gitea.sha }}" + echo "📦 Image: gitea.lugnas.de/${{ github.repository_owner }}/legalconsenthub:latest" + echo "📦 Image: gitea.lugnas.de/${{ github.repository_owner }}/legalconsenthub:${{ github.sha }}" - name: Dry-run completed - if: gitea.event_name == 'pull_request' + if: github.event_name == 'pull_request' run: | echo "✅ Dry-run build completed successfully (image not pushed)" @@ -162,20 +162,20 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Log in to Gitea Container Registry - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' uses: docker/login-action@v3 with: registry: gitea.lugnas.de - username: ${{ gitea.actor }} + username: ${{ github.actor }} password: ${{ secrets.DOCKER_PUSH_TOKEN }} - name: Extract metadata for Docker id: meta uses: docker/metadata-action@v5 with: - images: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend + images: gitea.lugnas.de/${{ github.repository_owner }}/legalconsenthub-backend tags: | - type=raw,value=latest,enable=${{ gitea.ref == 'refs/heads/main' }} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=sha,prefix=,format=long - name: Build and push Docker image @@ -183,7 +183,7 @@ jobs: with: context: . file: ./legalconsenthub-backend/Dockerfile - push: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} + push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} platforms: linux/amd64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -191,33 +191,26 @@ jobs: cache-to: type=local,dest=/tmp/.buildx-cache - name: Image built successfully - if: gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' run: | echo "✅ Docker image built and pushed successfully" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:latest" - echo "📦 Image: gitea.lugnas.de/${{ gitea.repository_owner }}/legalconsenthub-backend:${{ gitea.sha }}" + echo "📦 Image: gitea.lugnas.de/${{ github.repository_owner }}/legalconsenthub-backend:latest" + echo "📦 Image: gitea.lugnas.de/${{ github.repository_owner }}/legalconsenthub-backend:${{ github.sha }}" - name: Dry-run completed - if: gitea.event_name == 'pull_request' + if: github.event_name == 'pull_request' run: | echo "✅ Dry-run build completed successfully (image not pushed)" deploy: runs-on: ubuntu-latest needs: [frontend, backend] - if: ${{ gitea.event_name == 'push' && gitea.ref == 'refs/heads/main' }} + if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} steps: - name: Checkout code uses: actions/checkout@v4 - - name: Setup SSH - run: | - mkdir -p ~/.ssh - chmod 700 ~/.ssh - echo "${{ secrets.SYNOLOGY_DEPLOY_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - name: Deploy to server run: | ssh -i ~/.ssh/id_rsa -p 32766 -o StrictHostKeyChecking=accept-new deploy@ds218 "sudo /usr/local/bin/deployLegalconsenthub.sh" @@ -226,4 +219,3 @@ jobs: run: | echo "✅ Deployment triggered successfully" echo "🚀 Application is being deployed to production" - diff --git a/.gitignore b/.gitignore index 96f7a14..729e3da 100644 --- a/.gitignore +++ b/.gitignore @@ -32,6 +32,9 @@ sqlite.db .env.* !.env.example +# Act secrets file +.secrets + HELP.md .gradle build/ diff --git a/CLAUDE.md b/CLAUDE.md index 9a220dd..c2ffac6 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -54,7 +54,7 @@ The application follows a **three-tier architecture**: #### Infrastructure - **Containerization**: Docker - **Orchestration**: Docker Compose (dev and prod configurations) -- **CI/CD**: Gitea workflows (`.gitea/workflows/pipeline.yaml`) +- **CI/CD**: Local act execution with GitHub Actions format (`.github/workflows/pipeline.yaml`) --- @@ -475,6 +475,7 @@ Main config in `src/main/resources/application.yaml`: - pnpm 10.11.0+ - Java 21 - PostgreSQL (or use Docker) +- act (for running CI/CD workflows locally) **Frontend**: ```bash @@ -501,6 +502,28 @@ docker-compose -f deployment/docker-compose-dev.yaml up docker-compose -f deployment/docker-compose-prod.yaml up ``` +### CI/CD with Act + +Workflows are executed locally using nektos/act: + +```bash +# List workflows +act -l + +# Run specific jobs +act -j frontend +act -j backend + +# Run all jobs +act push + +# Run with secrets (for Docker push/deploy) +act push --secret-file .secrets + +# Dry run +act -n +``` + --- ## Testing @@ -532,7 +555,8 @@ docker-compose -f deployment/docker-compose-prod.yaml up - OpenAPI Specification: `api/legalconsenthub.yml` - Thymeleaf Template: `legalconsenthub-backend/src/main/resources/templates/application_form_template.html` -- CI/CD Pipeline: `.gitea/workflows/pipeline.yaml` +- CI/CD Pipeline: `.github/workflows/pipeline.yaml` +- Act Configuration: `.actrc` and `.secrets.example` - Database Management Script: `manage-db.sh` - Test Data: `testdata.json` - IT System Config: `it-system.json` diff --git a/README.md b/README.md index 29bd53c..16ce7cf 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,48 @@ A comprehensive platform for digital applications, approvals, and discussions, d ## Documentation -For detailed documentation, architecture, and development guidelines, see [claude.md](./claude.md). +For detailed documentation, architecture, and development guidelines, see [CLAUDE.md](./CLAUDE.md). -## Issues +## CI/CD with Act -### Pipeline Issues +This project uses [nektos/act](https://nektosact.com/) for local workflow execution. Workflows are defined in `.github/workflows/` in GitHub Actions format. -- Gitea config can cause issues. When runner is not picking up jobs, run runner without config. -- Backend tests fail when a Postgres database is running on the host machine. +### Running Workflows Locally + +```bash +# List available workflows and jobs +act -l + +# Run specific jobs +act -j frontend # Run frontend job only +act -j backend # Run backend job only + +# Run all jobs for push event +act push + +# Run with secrets (required for Docker push and deployment) +act push --secret-file .secrets + +# Dry run to see what would execute +act -n + +# Run a specific workflow file +act -W .github/workflows/pipeline.yaml +``` + +### Setup + +1. Ensure [act](https://nektosact.com/) is installed (already available locally) +2. Copy `.secrets.example` to `.secrets` and fill in your credentials: + ```bash + cp .secrets.example .secrets + # Edit .secrets with your actual tokens/keys + ``` +3. The `.actrc` file contains default configuration for act + +### Important Notes + +- **Manual Execution**: Workflows must be run manually via `act` command +- **Secrets Required**: Docker push and deployment require secrets from `.secrets` file +- **No Automation**: Unlike traditional CI/CD, act runs locally on demand +- Backend tests may fail if PostgreSQL is running on the host machine