move to forgejo actions

Signed-off-by: Naman Sood <mail@nsood.in>

apparently I need node for setup-go

Signed-off-by: Naman Sood <mail@nsood.in>

setup-node needs node I'm sobbing

Signed-off-by: Naman Sood <mail@nsood.in>

go wants version now

Signed-off-by: Naman Sood <mail@nsood.in>

tailscale action needs sudo

Signed-off-by: Naman Sood <mail@nsood.in>

add cap net admin for tailscale

Signed-off-by: Naman Sood <mail@nsood.in>

troubleshoot

Signed-off-by: Naman Sood <mail@nsood.in>

runner doesn't have pipefail

Signed-off-by: Naman Sood <mail@nsood.in>

checkout v1 ded

Signed-off-by: Naman Sood <mail@nsood.in>

don't output the ssh private key

I voided the old one but man wtf

long live tailscale ssh

Signed-off-by: Naman Sood <mail@nsood.in>

.forgejo/workflows/main.yml

@@ -0,0 +1,58 @@
+on:
+  push:
+    branches:
+      - 'main'
+
+jobs:
+  deploy:
+    runs-on: docker
+    container:
+      image: node:lts-bullseye
+      options: "--cap-add=NET_ADMIN --device=/dev/net/tun"
+    name: Deploy blog to deuterium
+    env:
+      MACHINE: deuterium
+    steps:
+    - name: Setup Go
+      id: go
+      with:
+        go-version: '>=1.23.0'
+      uses: https://code.forgejo.org/actions/setup-go@v5
+    - name: Install tailscale deps
+      id: deps
+      run: |
+        apt update && apt install -y sudo iptables iproute2
+    - name: Setup Tailscale
+      id: tailscale
+      uses: https://github.com/tailscale/github-action@v2
+      with:
+        oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+        oauth-secret: ${{ secrets.TS_OAUTH_CLIENT_SECRET }}
+        tags: tag:public
+    - name: See what happened to tailscale
+      id: failscale
+      if: failure()
+      run: |
+        cat ~/tailscaled.log
+
+    - name: Fetch code
+      id: fetch
+      uses: https://code.forgejo.org/actions/checkout@v3
+
+    - name: Compile blog binary
+      id: compile
+      run: go build -o prose ./cmd/prose
+
+    - name: Build tarball and ship it
+      id: tarball
+      run: |
+        TIME=$(date +%Y%m%d-%H%M%S)
+        FILENAME=prose-${TIME}.tar.gz
+        mkdir -p static/css
+        tar -czf $FILENAME prose static/ styles/ templates/ posts/
+        echo $FILENAME "www@$MACHINE:/home/www/"
+        mkdir -p ~/.ssh
+        ssh-keyscan $MACHINE >> ~/.ssh/known_hosts
+        scp $FILENAME "www@$MACHINE:/home/www/"
+        ssh "www@$MACHINE" "tar -C /var/www/prose.nsood.in -xzf ~/$FILENAME"
+        ssh "www@$MACHINE" "sudo systemctl restart prose"

.github/workflows/main.yml

@@ -1,51 +0,0 @@
-on: [push]
-
-jobs:
-  deploy:
-    runs-on: ubuntu-latest
-    name: Deploy blog to deuterium
-    if: github.ref == 'refs/heads/main'
-    env:
-      MACHINE: deuterium
-    steps:
-    - name: Setup Go 1.19
-      id: go
-      uses: actions/setup-go@v2
-    - name: Setup Tailscale
-      id: tailscale
-      uses: tailscale/github-action@v2
-      with:
-        oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
-        oauth-secret: ${{ secrets.TS_OAUTH_CLIENT_SECRET }}
-        tags: tag:public
-    - name: Add SSH key
-      id: ssh
-      env:
-        SSH_KEY: ${{ secrets.SSH_KEY }}
-      run: |
-        set -euxo pipefail
-        tailscale ping -c 2 $MACHINE
-        mkdir -p ~/.ssh
-        ssh-keyscan $MACHINE > ~/.ssh/known_hosts
-        printf "%s" "$SSH_KEY" > ~/.ssh/key
-        chmod 600 ~/.ssh/key
-
-    - name: Fetch code
-      id: fetch
-      uses: actions/checkout@v1
-
-    - name: Compile blog binary
-      id: compile
-      run: go build -o prose ./cmd/prose
-
-    - name: Build tarball and ship it
-      id: tarball
-      run: |
-        TIME=$(date +%Y%m%d-%H%M%S)
-        FILENAME=prose-${TIME}.tar.gz
-        mkdir -p static/css
-        tar -czf $FILENAME prose static/ styles/ templates/ posts/
-        echo $FILENAME "www@$MACHINE:/home/www/"
-        scp -i ~/.ssh/key $FILENAME "www@$MACHINE:/home/www/"
-        ssh -i ~/.ssh/key "www@$MACHINE" "tar -C /var/www/prose.nsood.in -xzf ~/$FILENAME"
-        ssh -i ~/.ssh/key "www@$MACHINE" "sudo systemctl restart prose"