From 64694d94f2fa4504eaba1c51810a19d0313309b0 Mon Sep 17 00:00:00 2001
From: Francisco Penedo Alvarez <fran@franpenedo.com>
Date: Tue, 31 Mar 2026 17:26:11 +0200
Subject: [PATCH] Add CI and deployment workflows for Gitea

---
 .gitea/workflows/ci.yml     | 35 +++++++++++++++++++++++
 .gitea/workflows/deploy.yml | 57 +++++++++++++++++++++++++++++++++++++
 Caddyfile                   |  3 --
 docker-compose.yml          |  8 ++++--
 docker-entrypoint.sh        |  3 ++
 5 files changed, 101 insertions(+), 5 deletions(-)
 create mode 100644 .gitea/workflows/ci.yml
 create mode 100644 .gitea/workflows/deploy.yml

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
new file mode 100644
index 0000000..7232d25
--- /dev/null
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,35 @@
+name: CI
+
+on:
+  push:
+    branches: ["*"]
+  pull_request:
+    branches: ["*"]
+
+jobs:
+  quality-checks:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.14"
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "0.11.1"
+          enable-cache: true
+
+      - name: Run pre-commit hooks
+        run: uv run pre-commit run --all-files
+
+      - name: Run type checking with ty
+        run: uv run ty check
+
+      - name: Run tests with pytest
+        run: uv run pytest
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
new file mode 100644
index 0000000..c70bd0d
--- /dev/null
+++ b/.gitea/workflows/deploy.yml
@@ -0,0 +1,57 @@
+name: Deploy
+
+on:
+  push:
+    branches: ["main"]
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+    branches: ["main"]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    # Only deploy if CI workflow succeeded
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'push' }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Stop existing containers
+        run: |
+          # Stop and remove existing containers if they exist
+          docker compose down --remove-orphans || true
+
+      - name: Build and deploy with Docker Compose
+        run: |
+          # Build images
+          docker compose build
+
+          # Deploy the stack in detached mode
+          export GOOGLE_BOOKS_API_KEY="${{ secrets.GOOGLE_BOOKS_API_KEY }}"
+          docker compose up -d
+
+          # Wait for health checks to pass
+          echo "Waiting for application to be healthy..."
+          timeout 300 sh -c 'until docker compose ps | grep -q "healthy"; do sleep 5; done'
+
+      - name: Verify deployment
+        run: |
+          # Check if all services are running
+          docker compose ps
+
+          # Test if the application responds
+          sleep 10
+          wget --spider --no-check-certificate https://172.17.0.1:5123 || exit 1
+
+          echo "Deployment successful!"
+
+      - name: Cleanup old images
+        run: |
+          # Remove dangling images to save space
+          docker image prune -f
diff --git a/Caddyfile b/Caddyfile
index 22a4bfc..e7ca3f3 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -33,9 +33,6 @@ localhost {
         
         # Forward real IP to app
         header_up X-Real-IP {remote}
-        header_up X-Forwarded-For {remote}
-        header_up X-Forwarded-Proto {scheme}
-        header_up X-Forwarded-Host {host}
     }
 
     # Optional: Enable compression for better performance
diff --git a/docker-compose.yml b/docker-compose.yml
index c34620e..a32eada 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,6 +9,8 @@ services:
       - instance:/app/instance
       # Mount shared directory for static files that Caddy can access
       - static:/shared/static
+      # Mount caddy_file for Caddy configuration
+      - caddy_file:/app/caddy
     expose:
       - "5000"
     environment:
@@ -32,10 +34,10 @@ services:
     image: caddy:2-alpine
     restart: unless-stopped
     ports:
-      - "5123:80"
+      - "5123:443"
     volumes:
       # Caddyfile configuration
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_file:/etc/caddy
       # Media files served directly by Caddy
       - media:/var/www/media:ro
       # Static files served directly by Caddy (populated by app container)
@@ -64,3 +66,5 @@ volumes:
     driver: local
   caddy_config:
     driver: local
+  caddy_file:
+    driver: local
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 98df65c..499e9df 100644
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -12,6 +12,9 @@ else
     echo "Static files already present in shared volume"
 fi
 
+# Copy Caddyfile to shared volume
+cp /app/Caddyfile /app/caddy/Caddyfile
+
 # Initialize database if it doesn't exist or run migrations if it does
 echo "Checking database status..."
 if [ ! -f /app/instance/hxbooks.sqlite ]; then