From 9ed43773bc6eb173b0f6bd130e109376a270788f Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:11:06 -0700
Subject: [PATCH 1/7] Add Gitea Actions workflow for build and deploy

Uses buildah to build/push to Harbor, then kubectl apply for deployment.
Replaces the old Woodpecker CI pipeline.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/deploy.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .gitea/workflows/deploy.yaml

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
new file mode 100644
index 0000000..fa64978
--- /dev/null
+++ b/.gitea/workflows/deploy.yaml
@@ -0,0 +1,36 @@
+name: Build and Deploy
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/buildah/stable
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build image
+        run: |
+          IMAGE=harbor.scottyah.com/scottyah/blog
+          buildah bud -t $IMAGE:${{ github.sha }} -t $IMAGE:latest .
+
+      - name: Push image
+        run: |
+          IMAGE=harbor.scottyah.com/scottyah/blog
+          buildah login -u "${{ secrets.HARBOR_USERNAME }}" -p "${{ secrets.HARBOR_PASSWORD }}" harbor.scottyah.com
+          buildah push $IMAGE:${{ github.sha }}
+          buildah push $IMAGE:latest
+
+      - name: Deploy
+        run: |
+          curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          mkdir -p ~/.kube
+          echo "${{ secrets.KUBECONFIG_DATA }}" | base64 -d > ~/.kube/config
+          sed -i "s|harbor.scottyah.com/scottyah/blog:latest|harbor.scottyah.com/scottyah/blog:${{ github.sha }}|" k8s.yaml
+          ./kubectl apply -f k8s.yaml
+          ./kubectl rollout status deployment/blog-dep -n blog --timeout=120s

From 14d4c82005725c01f81a01928ad44371c9de8c00 Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:19:32 -0700
Subject: [PATCH 2/7] Trigger CI test


From 318fc8831910df1d70890426ec590eac470a3077 Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:24:59 -0700
Subject: [PATCH 3/7] Add manual workflow dispatch trigger

---
 .gitea/workflows/deploy.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index fa64978..cb53e12 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -3,6 +3,7 @@ name: Build and Deploy
 on:
   push:
     branches: [main]
+  workflow_dispatch:
 
 jobs:
   build-and-deploy:

From 7e6319b7bb323baaa3a834b328c81af5b5da85d7 Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:31:07 -0700
Subject: [PATCH 4/7] Use git clone instead of actions/checkout for buildah
 container

---
 .gitea/workflows/deploy.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index cb53e12..d29c20f 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -12,7 +12,9 @@ jobs:
       image: quay.io/buildah/stable
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        run: |
+          git clone --depth 1 --branch "${{ github.ref_name }}" "${{ github.server_url }}/${{ github.repository }}.git" .
+          git checkout "${{ github.sha }}"
 
       - name: Build image
         run: |

From e66132a184864176c912bd2543bfaac0702064c1 Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:32:45 -0700
Subject: [PATCH 5/7] Use buildah --isolation chroot for container builds

---
 .gitea/workflows/deploy.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index d29c20f..8532723 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -19,14 +19,14 @@ jobs:
       - name: Build image
         run: |
           IMAGE=harbor.scottyah.com/scottyah/blog
-          buildah bud -t $IMAGE:${{ github.sha }} -t $IMAGE:latest .
+          buildah --isolation chroot bud -t $IMAGE:${{ github.sha }} -t $IMAGE:latest .
 
       - name: Push image
         run: |
           IMAGE=harbor.scottyah.com/scottyah/blog
           buildah login -u "${{ secrets.HARBOR_USERNAME }}" -p "${{ secrets.HARBOR_PASSWORD }}" harbor.scottyah.com
-          buildah push $IMAGE:${{ github.sha }}
-          buildah push $IMAGE:latest
+          buildah --isolation chroot push $IMAGE:${{ github.sha }}
+          buildah --isolation chroot push $IMAGE:latest
 
       - name: Deploy
         run: |

From 0ec58ed1dd388484df662c4432b21093e5ac2c4a Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:52:10 -0700
Subject: [PATCH 6/7] Debug secrets and add tls-verify=false for Harbor

---
 .gitea/workflows/deploy.yaml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 8532723..c2c89a7 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -21,12 +21,23 @@ jobs:
           IMAGE=harbor.scottyah.com/scottyah/blog
           buildah --isolation chroot bud -t $IMAGE:${{ github.sha }} -t $IMAGE:latest .
 
+      - name: Debug secrets
+        run: |
+          echo "HARBOR_USERNAME length: ${#HARBOR_USERNAME}"
+          echo "HARBOR_PASSWORD length: ${#HARBOR_PASSWORD}"
+        env:
+          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
+          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
+
       - name: Push image
         run: |
           IMAGE=harbor.scottyah.com/scottyah/blog
-          buildah login -u "${{ secrets.HARBOR_USERNAME }}" -p "${{ secrets.HARBOR_PASSWORD }}" harbor.scottyah.com
-          buildah --isolation chroot push $IMAGE:${{ github.sha }}
-          buildah --isolation chroot push $IMAGE:latest
+          buildah login --tls-verify=false -u "$HARBOR_USERNAME" -p "$HARBOR_PASSWORD" harbor.scottyah.com
+          buildah --isolation chroot push --tls-verify=false $IMAGE:${{ github.sha }}
+          buildah --isolation chroot push --tls-verify=false $IMAGE:latest
+        env:
+          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
+          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
 
       - name: Deploy
         run: |

From 8e343ccebe3f9a3b295773e358d58889e731bc74 Mon Sep 17 00:00:00 2001
From: Scott Hatlen <scotty.a.h@gmail.com>
Date: Mon, 9 Mar 2026 19:53:33 -0700
Subject: [PATCH 7/7] Fix buildah push flags

---
 .gitea/workflows/deploy.yaml | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index c2c89a7..6fbcec5 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -21,20 +21,12 @@ jobs:
           IMAGE=harbor.scottyah.com/scottyah/blog
           buildah --isolation chroot bud -t $IMAGE:${{ github.sha }} -t $IMAGE:latest .
 
-      - name: Debug secrets
-        run: |
-          echo "HARBOR_USERNAME length: ${#HARBOR_USERNAME}"
-          echo "HARBOR_PASSWORD length: ${#HARBOR_PASSWORD}"
-        env:
-          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
-          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
-
       - name: Push image
         run: |
           IMAGE=harbor.scottyah.com/scottyah/blog
           buildah login --tls-verify=false -u "$HARBOR_USERNAME" -p "$HARBOR_PASSWORD" harbor.scottyah.com
-          buildah --isolation chroot push --tls-verify=false $IMAGE:${{ github.sha }}
-          buildah --isolation chroot push --tls-verify=false $IMAGE:latest
+          buildah push --tls-verify=false $IMAGE:${{ github.sha }}
+          buildah push --tls-verify=false $IMAGE:latest
         env:
           HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
           HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}