first commit

.gitea/workflows/agent-release.yml

@@ -0,0 +1,50 @@
+name: Agent Release
+
+on:
+  push:
+    tags:
+      - "agent/v*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
+          cache: true
+          cache-dependency-path: agent/go.sum
+
+      - name: Extract version
+        id: version
+        run: echo "VERSION=${GITHUB_REF_NAME#agent/}" >> $GITHUB_OUTPUT
+
+      - name: Build
+        working-directory: agent
+        env:
+          VERSION: ${{ steps.version.outputs.VERSION }}
+        run: |
+          mkdir -p dist
+          GOOS=linux GOARCH=amd64 go build \
+            -ldflags="-s -w -X main.Version=${VERSION}" \
+            -o dist/keymanager-agent-linux-amd64 ./cmd
+          GOOS=linux GOARCH=arm64 go build \
+            -ldflags="-s -w -X main.Version=${VERSION}" \
+            -o dist/keymanager-agent-linux-arm64 ./cmd
+
+      - name: Checksums
+        working-directory: agent/dist
+        run: sha256sum keymanager-agent-linux-amd64 keymanager-agent-linux-arm64 > checksums.txt
+
+      - name: Create release
+        uses: https://gitea.com/actions/gitea-release-action@v1
+        with:
+          token: ${{ secrets.RELEASE_TOKEN }}
+          files: |
+            agent/dist/keymanager-agent-linux-amd64
+            agent/dist/keymanager-agent-linux-arm64
+            agent/dist/checksums.txt

.gitea/workflows/server-deploy.yml

@@ -0,0 +1,50 @@
+name: Server Deploy
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "server/**"
+      - "web/**"
+      - "proto/**"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Log in to registry
+        run: |
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
+            docker login ${{ vars.GITEA_HOST }} \
+              -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+
+      - name: Build and push server image
+        run: |
+          IMAGE="${{ vars.GITEA_HOST }}/${{ github.repository_owner }}/keymanager/server:latest"
+          docker build -t "$IMAGE" -f server/Dockerfile server/
+          docker push "$IMAGE"
+
+      - name: Build and push web image
+        run: |
+          IMAGE="${{ vars.GITEA_HOST }}/${{ github.repository_owner }}/keymanager/web:latest"
+          docker build \
+            --build-arg NEXT_PUBLIC_API_URL="https://${{ vars.GITEA_HOST }}" \
+            -t "$IMAGE" \
+            -f web/Dockerfile web/
+          docker push "$IMAGE"
+
+      - name: Deploy via SSH
+        uses: https://github.com/appleboy/ssh-action@v1
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USER }}
+          key: ${{ secrets.DEPLOY_SSH_KEY }}
+          script: |
+            cd /opt/keymanager
+            docker compose pull
+            docker compose up -d --remove-orphans
+            docker image prune -f