Skip to content

Instantly share code, notes, and snippets.

@chofstede

chofstede/gist:873452c5d684ff0134e540be12c7b656

Last active November 15, 2025 17:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save chofstede/873452c5d684ff0134e540be12c7b656 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save chofstede/873452c5d684ff0134e540be12c7b656 to your computer and use it in GitHub Desktop.
Download ZIP
forgejo-runner via Podman plus Deploy
Raw
gistfile1.md
  1. Forgejo-runner Container definition (/var/lib/forgejo-runner/.config/containers/systemd/forgejo-runner.container)
[Unit]
Description=Forgejo Runner
After=network-online.target
Wants=network-online.target

[Container]
Exec=forgejo-runner daemon -c /data/runner.yaml 
Image=code.forgejo.org/forgejo/runner:6
ContainerName=forgejo-runner

UserNS=keep-id

Volume=/var/lib/forgejo-runner/data:/data:z
Volume=/run/user/990/podman/podman.sock:/var/run/docker.sock:z

[Install]
WantedBy=default.target
  1. Forgejo pipeline (git://.forgejo/workflows/build_publish.yaml):
name: Build and publish personal Jekyll site

on:
  push:
    branches: ["main"]

jobs:
  build:
    runs-on: docker
    container:
      image: docker.io/ruby:3.3
      volumes:
        - /var/lib/forgejo-runner/artifacts:/artifacts:Z

    steps:
      - name: Install build dependencies
        run: apt-get update && apt-get -y install nodejs

      - name: Checkout repository code
        uses: actions/checkout@v4

      - name: Install Jekyll and bundler
        run: gem install bundler jekyll

      - name: Build website
        run: bundle install && bundle exec jekyll build

      - name: Create deployment artifact
        run: |
          echo "Creating deployment artifact..."
          tar -czf /artifacts/site.tar.gz -C _site .
          echo "Artifact created successfully!"
  1. Deployment Script (/usr/local/bin/deploy-website.sh):
#!/bin/bash
set -euo pipefail

ARTIFACT_FILE="/var/lib/forgejo-runner/artifacts/site.tar.gz"
LIVE_DIR="/var/www/hofstede.it"

# Check if the specific artifact file exists
if [ ! -f "$ARTIFACT_FILE" ]; then
    echo "No new site artifact to deploy. Exiting."
    exit 0
fi

echo "Deploying artifact $ARTIFACT_FILE to $LIVE_DIR"

# Unpack the archive directly into the live directory, overwriting old files.
# The --no-same-owner flag is a good safety measure here.
tar -xzf "$ARTIFACT_FILE" -C "$LIVE_DIR"

# Clean up the artifact file so the watcher can trigger on the next run
echo "Cleaning up deployed artifact..."
rm -f "$ARTIFACT_FILE"

echo "Deployment complete."
  1. systemd File-Watcher (website-deploy.path):
[Unit]
Description=Watch for new website artifact to deploy

[Path]
PathModified=/var/lib/forgejo-runner/artifacts/site.tar.gz
Unit=website-deploy.service

[Install]
WantedBy=multi-user.target
  1. Deployment Unit-File (website-deploy.service):
[Unit]
Description=Deploy Jekyll website artifact from Forgejo runner

[Service]
Type=oneshot
ExecStart=/usr/local/bin/deploy-website.sh
  1. Nginx Container Definition (hofstede-it.container)
[Container]
ContainerName=hofstede_it
AutoUpdate=registry
Image=docker.io/library/nginx:alpine

Network=ipv6

NoNewPrivileges=true

Volume=/var/www/hofstede.it:/usr/share/nginx/html:Z

Label="traefik.enable=true"
Label="traefik.docker.network=ipv6"
Label="traefik.http.routers.hofstede_it.rule=Host(`hofstede.it`)"
Label="traefik.http.routers.hofstede_it.entrypoints=https"
Label="traefik.http.routers.hofstede_it.service=hofstede_it"
Label="traefik.http.routers.hofstede_it.tls.certresolver=traefiktls"
Label="traefik.http.routers.hofstede_it.middlewares=secure-headers@file"
Label="traefik.http.services.hofstede_it.loadbalancer.server.port=80"

[Service]
Restart=always

[Install]
WantedBy=default.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment