fix: Traefik labels, single-level subdomain, registry auth in workflow

- Replace bare port mapping with Traefik labels (hermes-net, websecure, cloudflare cert) - Fix two-level subdomain: todo.hermes.damascusfront.net → ultra-todo.damascusfront.net - Add registry_url/user/pass to Portainer deploy step - Add healthcheck_url verification - Replace GH-specific docker actions with raw docker CLI for Gitea runner compat - Fix registry URL: git.homelab.local:443 (was :8443)
2026-05-30 00:23:53 +00:00
parent 4317835cc0
commit 8628bcb8b2
2 changed files with 20 additions and 16 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -16,19 +16,11 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v3

-      - name: Log in to the Container registry
-        uses: docker/login-action@v2
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
-
      - name: Build and push Docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          push: true
-          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest .
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

      - name: Deploy Stack to Portainer
        uses: https://git.homelab.local/kaykayyali/portainer-deploy-action@main
@@ -37,3 +29,7 @@ jobs:
          portainer_token: ${{ secrets.PORTAINER_API_TOKEN }}
          stack_name: 'ultra-todo'
          compose_file: 'docker-compose.yml'
+          registry_url: 'git.homelab.local'
+          registry_user: ${{ github.actor }}
+          registry_pass: ${{ secrets.REGISTRY_TOKEN }}
+          healthcheck_url: 'https://ultra-todo.damascusfront.net/'
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,8 +1,16 @@
-version: '3.8'
-
 services:
  ultra-todo:
    image: git.homelab.local/kaykayyali/ultra-todo:latest
    restart: always
-    ports:
-      - "8080:80"
+    networks:
+      - hermes-net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ultra-todo.entrypoints=websecure"
+      - "traefik.http.routers.ultra-todo.rule=Host(`ultra-todo.damascusfront.net`)"
+      - "traefik.http.routers.ultra-todo.tls.certresolver=cloudflare"
+      - "traefik.http.services.ultra-todo.loadbalancer.server.port=80"
+
+networks:
+  hermes-net:
+    external: true