marcel/familienarchiv
1
0
Fork 0
Code Issues 103 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat(infra): production deployment pipeline — Caddy, staging, Gitea Actions (#497) #499

Merged
marcel merged 39 commits from feat/issue-497-prod-deploy into main 2026-05-11 14:29:33 +02:00
Conversation 16 Commits 39 Files Changed 22 +12
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 440a191138 - Show all commits

6
.gitea/workflows/nightly.yml
View File

@@ -122,5 +122,11 @@ jobs:
echo "All smoke checks passed" echo "All smoke checks passed"
- name: Cleanup env file - name: Cleanup env file
# LOAD-BEARING: `if: always()` is the linchpin of the ADR-011
# single-tenant runner trust model. Every secret in .env.staging
# is plain text on the runner filesystem until this step runs.
# If a future refactor drops `if: always()`, a failed deploy
# leaves the env-file behind. Do not remove this conditional
# without first re-evaluating ADR-011.
if: always() if: always()
run: rm -f .env.staging run: rm -f .env.staging

6
.gitea/workflows/release.yml
View File

@@ -116,5 +116,11 @@ jobs:
echo "All smoke checks passed" echo "All smoke checks passed"
- name: Cleanup env file - name: Cleanup env file
# LOAD-BEARING: `if: always()` is the linchpin of the ADR-011
# single-tenant runner trust model. Every secret in
# .env.production is plain text on the runner filesystem until
# this step runs. If a future refactor drops `if: always()`, a
# failed deploy leaves the env-file behind. Do not remove this
# conditional without first re-evaluating ADR-011.
if: always() if: always()
run: rm -f .env.production run: rm -f .env.production