gitea-actions[bot]
4.4 KiB
4.4 KiB
← Home
Deployment & CI/CD Workflows
This template includes a complete Gitea Actions workflow suite for automated deployment, releases, and repository health.
Workflow Summary
| Workflow | File | Trigger | Purpose |
|---|---|---|---|
| Deploy | deploy.yml |
Push to dev or main (src/ changes) |
Auto-deploy to dev; additionally to production on main |
| Deploy Manual | deploy-manual.yml |
Manual dispatch | One-off SFTP deploy to dev server |
| Sync Media | sync-media.yml |
Every 6 hours + manual | Bidirectional rsync of images/files/media between dev and production |
| Build & Release | auto-release.yml |
PR merge to main + manual | Version bump, ZIP package, Gitea release, GitHub mirror |
| Pre-Release | pre-release.yml |
Manual dispatch | Build dev/alpha/beta/rc packages from any branch |
| CI | ci-joomla.yml |
Push + PR | Joomla compatibility testing |
| PR Check | pr-check.yml |
Pull request | PR validation gates |
| Security Audit | security-audit.yml |
Weekly + PR (dependency changes) | Composer/NPM vulnerability scanning |
| Repo Health | repo-health.yml |
Push + PR + manual | Repository guardrails validation |
| Cleanup | cleanup.yml |
Weekly (Sunday 03:00 UTC) | Delete merged branches and old workflow runs |
| Notifications | notify.yml |
Workflow completion | Push notifications via ntfy on release/failure |
Deploy Workflow
The main deploy.yml workflow handles automatic deployment:
Push to dev branch -> deploy src/ to dev server only
Push to main branch -> deploy src/ to dev server first, then production
Production deployment only runs after dev succeeds, providing a natural safety gate.
Required Variables
Set these in Gitea > Repository > Settings > Actions > Variables:
Dev Server
| Variable | Example |
|---|---|
DEV_FTP_HOST |
dev.example.com |
DEV_FTP_PORT |
22 |
DEV_FTP_USERNAME |
deployuser |
DEV_FTP_PATH |
/home/user/public_html |
Production Server
| Variable | Example |
|---|---|
LIVE_SSH_HOST |
prod.example.com |
LIVE_SSH_PORT |
22 |
LIVE_SSH_USER |
deployuser |
LIVE_DEPLOY_PATH |
/home/user/public_html |
Required Secrets
Set these in Gitea > Repository > Settings > Actions > Secrets:
| Secret | Purpose |
|---|---|
DEV_FTP_KEY |
SSH private key for dev server (or DEV_FTP_PASSWORD) |
LIVE_SSH_KEY |
SSH private key for production server |
GA_TOKEN |
Gitea personal access token (for moko-platform clone) |
Media Sync Workflow
The sync-media.yml workflow handles bidirectional media file synchronization between dev and production servers.
Required Variables
| Variable | Example |
|---|---|
DEV_SYNC_HOST |
dev.example.com |
DEV_SYNC_PORT |
22 |
DEV_SYNC_USERNAME |
deployuser |
DEV_SYNC_PATH |
/home/user/public_html |
PROD_SYNC_HOST |
prod.example.com |
PROD_SYNC_PORT |
22 |
PROD_SYNC_USERNAME |
deployuser |
PROD_SYNC_PATH |
/home/user/public_html |
Required Secrets
| Secret | Purpose |
|---|---|
DEV_SYNC_KEY |
SSH private key for dev server |
PROD_SYNC_KEY |
SSH private key for production server |
Sync Directions
When triggered manually, you can choose:
- dev-to-prod — push dev media to production
- prod-to-dev — pull production media to dev
- bidirectional — sync both ways (default, used by schedule)
A dry run option is available to preview changes without modifying files.
Notifications
All workflows can send push notifications via ntfy. Configure with:
| Variable | Default |
|---|---|
NTFY_URL |
https://ntfy.mokoconsulting.tech |
NTFY_TOPIC |
gitea-releases (notify) / gitea-security (audit) / gitea-sync (media) |
Quick Setup Checklist
- Fork or create a repo from this template
- Set all required variables in Gitea Actions settings
- Set all required secrets (SSH keys, GA_TOKEN)
- Push a change to
src/on thedevbranch to trigger the first deploy - Verify dev deployment, then merge to
mainfor production
Repo: Template-Client-WaaS · MokoStandards
| Revision | Date | Author | Description |
|---|---|---|---|
| 1.0 | 2026-05-09 | Moko Consulting | Initial version |