2.2 KiB
Automated tasks
Gitea has action runners which are essentially a drop in replacement for Github Actions.
These actions are typically specified as a script that will use a base image, install all the tools needed for the task at hand and then execute that task. This breaks DRY but in execution space rather than code space.
To address this gitea.efforting.tech will be using a system where you have image declarations and task declarations. Multiple tasks could be using the same image, and the image will be reused. This should make tasks execute faster, invoke less network traffic and be greener.
One thing not yet addressed is building for other platforms, like if you want to make sure your project can compile on windows or mac. But if we address this, this would probably be handled by additional VPS since it might be a bit too resource intensive to run multiple QEMU sub systems for this purpose. But we will burn that bridge once we get to it.
Security considerations
One can essentially go two routes where you either have a network where you block certain subnets to prevent LAN or local access while still allowing WAN access (the runners might need to fetch stuff but we don't want them to fetch internal stuff).
This comment is also relevant here. A custom egress on the VPS might make this easy to reuse across services.
Simple deployment
For simple deployments (or as part of more complex deployments) the following pattern can be used
sudo -u nginx-user GIT_INDEX_FILE=/tmp/to-name-better git --git-dir=/gitea-data/git/repositories/mikael-lovqvist/websperiments.git --work-tree=websperiments checkout --force
nginx-user must be able to read the bare repository at --git-dir. The /tmp/to-name-better base filename should be randomized and properly cleaned up (this is a base name and has stuff tacked on, such as index.lock or perhaps only .lock - will have to investigate further).