Erich Blume
7893c41020
All checks were successful
Test CI / test (push) Successful in 0s
## Summary - Refactor Forgejo app.ini to be managed by ansible with secrets from 1Password - Enable Forgejo Actions in config (`[actions] ENABLED = true`) - Add `repo.actions` to DEFAULT_REPO_UNITS - Clean up unused MySQL database fields (we use SQLite) ## Phase 1 Progress This PR covers the first part of Phase 1 (ci-cd-bootstrap plan): - [x] Refactor app.ini to ansible template - [x] Store secrets in 1Password - [x] Enable Actions in config - [ ] Deploy config changes (pending review) - [ ] Create runner registration token - [ ] Deploy runner to k8s - [ ] Test with simple workflow ## Deployment and Testing - [ ] Run `mise run provision-indri -- --tags forgejo` to deploy - [ ] Verify Forgejo restarts correctly - [ ] Verify Actions tab appears in repo settings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/48
32 lines
913 B
YAML
32 lines
913 B
YAML
---
|
|
# Forgejo role
|
|
#
|
|
# Currently uses brew-managed forgejo. Phase 3 of ci-cd-bootstrap will
|
|
# transition to mcquack LaunchAgent with CI-built binary.
|
|
#
|
|
# Secrets (lfs_jwt_secret, internal_token, oauth2_jwt_secret) are fetched
|
|
# from 1Password in the playbook pre_tasks.
|
|
|
|
- name: Install forgejo via homebrew
|
|
community.general.homebrew:
|
|
name: forgejo
|
|
state: present
|
|
|
|
- name: Ensure forgejo config directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ forgejo_work_path }}/custom/conf"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Deploy forgejo config
|
|
ansible.builtin.template:
|
|
src: app.ini.j2
|
|
dest: "{{ forgejo_config_path }}"
|
|
mode: '0600'
|
|
notify: Restart forgejo
|
|
|
|
- name: Ensure forgejo service is started
|
|
ansible.builtin.command: brew services start forgejo
|
|
register: forgejo_brew_start
|
|
changed_when: "'Successfully started' in forgejo_brew_start.stdout"
|
|
failed_when: false
|