New blog post: Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman
-
New blog post: Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman
The pipeline is tag-driven and fully automated. A git push v0.2.9 triggers a Forgejo Actions workflow that builds a UBI10-based image, cosign-signs it, and writes a trigger file. A systemd path unit picks it up, verifies the signature, pulls by digest, and restarts the four app services. No SSH, no webhook receiver, no additional daemon. The CI runner lives in the same rootless Podman user context as the app it deploys.
The filesystem is the API between CI and host.
Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman
A walk through the MastoSum deployment pipeline: a version tag triggers Forgejo Actions, builds and signs a UBI-based image, then hands deployment to a rootl...
Larvitz Blog (blog.hofstede.it)
-
R relay@relay.an.exchange shared this topic
-
New blog post: Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman
The pipeline is tag-driven and fully automated. A git push v0.2.9 triggers a Forgejo Actions workflow that builds a UBI10-based image, cosign-signs it, and writes a trigger file. A systemd path unit picks it up, verifies the signature, pulls by digest, and restarts the four app services. No SSH, no webhook receiver, no additional daemon. The CI runner lives in the same rootless Podman user context as the app it deploys.
The filesystem is the API between CI and host.
Tag-Driven Deployments: How MastoSum Ships Itself with Forgejo Actions and Rootless Podman
A walk through the MastoSum deployment pipeline: a version tag triggers Forgejo Actions, builds and signs a UBI-based image, then hands deployment to a rootl...
Larvitz Blog (blog.hofstede.it)
