introduce Forgejo Actions CI for deploying website and staging envs

uses cryptoparty.hamburg.ccc.de for now and deploys this PR as the main
site

.forgejo/workflows/cleanup.yaml

@@ -0,0 +1,23 @@
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  cleanup-staging:
+    runs-on: docker
+    container:
+      image: code.forgejo.org/oci/node:20-bookworm
+    steps:
+      - name: Pipeline info PR
+        run: |
+          echo "Run triggered by ${{ github.event_name }} (${{ github.event.action }}) on ref ${{ github.ref_name }}"
+
+      - name: Staging Deployment - Prepare keys
+        run: |
+          echo "${{ secrets.SSH_DEPLOY_KEY }}" > deploykey.priv
+          chmod 400 deploykey.priv
+          echo "${{ secrets.SSH_KNOWN_HOSTS_FILE }}" > ./known_hosts
+      - name: Staging Deployment - Remove PR from staging
+        run: |
+          ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts' cryptoparty-website-deploy@public-web-static-intern.hamburg.ccc.de -t "rm -r /var/www/staging.cryptoparty-hamburg.de/pr${{ github.event.pull_request.number }}/"

.forgejo/workflows/deploy.yaml

@@ -0,0 +1,84 @@
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  TZ: Europe/Berlin
+
+jobs:
+  build:
+    runs-on: docker
+    container:
+      image: docker.io/hugomods/hugo:0.138.0
+    steps:
+      - name: Pipeline info
+        run: |
+          echo "Run triggered by ${{ github.event_name }} (${{ github.event.action }}) on ref ${{ github.ref_name }}"
+
+      - name: Install packages
+        run: |
+          apk update
+          # For CI actions.
+          apk add nodejs-current
+          # For website build.
+          apk add tzdata coreutils curl jq git
+          # For uploading.
+          apk add rsync openssh
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # pull full history for page lastmod by git commit date
+          submodules: recursive
+
+      - name: Patch baseURL (for now)
+        run: |
+          sed -i 's#baseurl = "https://cryptoparty-hamburg.de"#baseurl = "https://cryptoparty.hamburg.ccc.de"#' config.toml
+
+      - name: Patch baseURL (staging only)
+        if: github.ref_name != 'master'
+        run: |
+          sed -i 's#baseurl = "https://cryptoparty.hamburg.ccc.de.de"#baseurl = "https://staging.cryptoparty.hamburg.ccc.de/pr${{ github.event.pull_request.number }}/"#' config.toml
+
+      - name: Build website (prod)
+        # if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref_name == 'master'
+        run: |
+          hugo
+      # - name: Build website (staging)
+      #   if: github.ref_name != 'master'
+      #   run: |
+      #     hugo --buildFuture --buildDrafts
+
+      - name: Deploy - Prepare keys
+        if: github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'schedule'
+        run: |
+          echo "${{ secrets.SSH_DEPLOY_KEY }}" > deploykey.priv
+          chmod 400 deploykey.priv
+          echo "${{ secrets.SSH_KNOWN_HOSTS_FILE }}" > ./known_hosts
+
+      # - name: Deploy - Upload PR to staging
+      #   if: github.event_name == 'pull_request'
+      #   run: |
+      #     echo "Deploying to staging.cryptoparty.hamburg.ccc.de/pr${{ github.event.pull_request.number }}"
+      #     rsync -v -r --delete -e "ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts'" public/ cryptoparty-website-deploy@public-web-static-intern.hamburg.ccc.de:/var/www/staging.cryptoparty-hamburg.de/pr${{ github.event.pull_request.number }}/
+      # - name: Deploy - Add comment to PR with staging URL
+      #   if: github.event_name == 'pull_request' && github.event.action == 'opened'
+      #   run: |
+      #     curl \
+      #       -X POST \
+      #       ${{ github.event.pull_request.base.repo.url }}/issues/${{ github.event.pull_request.number }}/comments \
+      #       -H "Content-Type: application/json" \
+      #       -H "Authorization: token $GITHUB_TOKEN" \
+      #       --data '{ "body": "You can view your changes at https://staging.cryptoparty.hamburg.ccc.de/pr${{ github.event.pull_request.number }}/" }'
+
+      - name: Deploy - Upload to prod
+        # if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref_name == 'main'
+        run: |
+          rsync -v -r --delete -e "ssh -i deploykey.priv -o 'UserKnownHostsFile ./known_hosts'" public/ cryptoparty-website-deploy@public-web-static-intern.hamburg.ccc.de:/var/www/cryptoparty-hamburg.de/
+
+      - uses: actions/upload-artifact@v4
+        if: github.event_name == 'pull_request'
+        with:
+          name: website-build
+          path: public/

.gitlab-ci.yml

@@ -1,32 +0,0 @@
-image: debian:buster-slim
-before_script:
-  - apt update -qq
-
-stages:
-  - build
-  - deploy
-
-build_job:
-  stage: build
-  script:
-    - DEBIAN_FRONTEND=noninteractive apt install --no-install-recommends -y -qq -o=Dpkg::Use-Pty=0 make hugo
-    - make
-  artifacts:
-    paths:
-      - public
-  variables:
-    GIT_SUBMODULE_STRATEGY: normal
-
-deploy_job:
-  stage: deploy
-  script:
-    - DEBIAN_FRONTEND=noninteractive apt install --no-install-recommends -y -qq -o=Dpkg::Use-Pty=0 openssh-client rsync
-    - umask 0077
-    - mkdir $HOME/.ssh
-    - eval $(ssh-agent -s)
-    - echo "$RSYNC_TARGET_SECRET_KEY" | ssh-add -
-    - echo "[$RSYNC_TARGET_HOST]:$RSYNC_TARGET_PORT $RSYNC_TARGET_HOST_KEY" > $HOME/.ssh/known_hosts
-    - rsync -av --delete -e "ssh -p $RSYNC_TARGET_PORT" public/* "$RSYNC_TARGET_USER@$RSYNC_TARGET_HOST:/"
-  only:
-    - master
-    - hugo