added deploy compose to repo to avoid volume mounts from workers

.gitea/workflows/deploy.yml

@@ -123,36 +123,42 @@ jobs:
         run: |
           #!/bin/bash -ex
 
-          # Set deployment path
+          # Define path to compose file WITHIN the checked-out workspace
-          DEPLOY_PATH="/config/stacks/maia"
+          COMPOSE_FILE="${{ gitea.workspace }}/backend/docker-compose.deploy.yml"
 
-          echo "--- Start Deploy Locally ---"
+          echo "--- Start Deploy Locally (using compose file from repo) ---"
-          echo "Workspace: $(pwd)"
+          echo "Workspace root: ${{ gitea.workspace }}"
-          echo "Checking existence of DEPLOY_PATH: ${DEPLOY_PATH}"
+          echo "Using compose file: ${COMPOSE_FILE}"
-          ls -la /config # Check if the parent dir exists
-          ls -la "${DEPLOY_PATH}" # Check if the target dir exists and list contents/permissions
 
+          # Verify compose file exists
+          if [ ! -f "${COMPOSE_FILE}" ]; then
+            echo "ERROR: Compose file not found at ${COMPOSE_FILE}"
+            ls -la "${{ gitea.workspace }}/backend/" # List contents for debugging
+            exit 1
+          fi
 
           # Pull the specific image version built in this workflow
           echo "Pulling image ${{ gitea.sha }}..."
           docker pull ghcr.io/${{ secrets.DOCKER_REGISTRY_USERNAME }}/maia:${{ gitea.sha }}
+          echo "Pull complete."
 
-          # Change to the directory containing the compose file
+          # Pull other images defined in compose using the specific file
-          echo "Changing directory to ${DEPLOY_PATH}"
+          # Ensures base images like redis/db are up-to-date if specified in compose
-          cd "${DEPLOY_PATH}" || { echo "cd to ${DEPLOY_PATH} FAILED!"; exit 1; }
-          echo "Current directory: $(pwd)"
-          echo "Listing files in current directory:"
-          ls -la
-
-          # Pull the latest images for other services to ensure they stay up to date
           echo "Pulling other compose services..."
-          docker compose -f docker-compose.yml pull redis db
+          docker compose -f "${COMPOSE_FILE}" pull redis db
           echo "Other service pull complete."
 
-          echo "Running sed on docker-compose.yml..."
+          # Update the image tag IN THE CHECKED-OUT COMPOSE FILE
-          sed -i 's|image: ghcr.io/${{ secrets.DOCKER_REGISTRY_USERNAME }}/maia:.*|image: ghcr.io/${{ secrets.DOCKER_REGISTRY_USERNAME }}/maia:${{ gitea.sha }}|g' docker-compose.yml
+          # This change only exists within the job's workspace, it doesn't modify the repo source
+          echo "Running sed on ${COMPOSE_FILE}..."
+          sed -i 's|image: ghcr.io/${{ secrets.DOCKER_REGISTRY_USERNAME }}/maia:.*|image: ghcr.io/${{ secrets.DOCKER_REGISTRY_USERNAME }}/maia:${{ gitea.sha }}|g' "${COMPOSE_FILE}"
+          echo "sed complete. Showing updated line:"
+          grep "image: ghcr.io/${{ secrets.DOCKER_REGISTRY_USERNAME }}/maia" "${COMPOSE_FILE}" || echo "Image line not found after sed!"
 
+          # Restart the services using the updated compose file from the workspace
+          # Docker compose interacts with the HOST daemon via the mounted socket
           echo "Bringing compose stack down and up with new image..."
-          docker compose up -d --force-recreate --remove-orphans
+          docker compose -f "${COMPOSE_FILE}" up -d --force-recreate --remove-orphans
+          echo "Docker compose up command finished."
           echo "--- Local deployment complete! ---"
           

backend/docker-compose.deploy.yml

@@ -0,0 +1,63 @@
+services:
+  server:
+    image: docker.gitea.com/gitea:latest
+    container_name: gitea
+    environment:
+      - USER_UID=1020
+      - USER_GID=1020
+      - GITEA__service__DISABLE_REGISTRATION=true
+      - GITEA__database__DB_TYPE=postgres
+      - GITEA__database__HOST=db:5432
+      - GITEA__database__NAME=gitea
+      - GITEA__database__USER=gitea
+      - GITEA__database__PASSWD=cams_very_special_GITEA_pwd_2o25
+    restart: unless-stopped
+    networks:
+      - default
+    volumes:
+      - /home/git/gitea:/data
+      - /home/git/.ssh/:/data/git/.ssh
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "2222:22"
+    expose:
+      - "3000"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`git.depaoli.id.au`)"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.entrypoints=secureweb"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
+      - "traefik.docker.network=host"
+    depends_on:
+      - "db"
+  runner:
+    image: docker.io/gitea/act_runner:latest
+    container_name: gitea_runner
+    restart: unless-stopped
+    depends_on:
+      - server
+    networks:
+      - default
+    environment:
+      GITEA_RUNNER_LABELS: "ubuntu-latest:docker://gitea-runner-base:ubuntu-node16"
+      GITEA_INSTANCE_URL: "https://git.depaoli.id.au"
+      GITEA_RUNNER_REGISTRATION_TOKEN: "JRrwF2HYSFKzFRVodBjiX4jIaMgZqrsaPgP9g6eh"
+      GITEA_RUNNER_NAME: "gitea_runner"
+    volumes:
+      # needs docker sock to spin up children runners
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /srv/docker/container/gitea/runner:/data
+  db:
+    image: docker.io/library/postgres:14
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=gitea
+      - POSTGRES_PASSWORD=cams_very_special_GITEA_pwd_2o25
+      - POSTGRES_DB=gitea
+    networks:
+      - default
+    volumes:
+      - /srv/docker/container/gitea/db:/var/lib/postgresql/data