flxbl/sfp-server-mangement-template
22
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use Docker image for CLI instead of Gitea DEB download

Browse Source 
Run sfp CLI directly from inside the pulled server image via
docker run, removing the need for a separate GITEA_TOKEN and
CLI download step. Default TLS mode changed to letsencrypt.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
azlam-salam
2026-04-14 11:20:31 +10:00
parent 718cb1c4e1
commit 44020ee09f
6 changed files with 127 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+9 -16
View File
@@ -21,9 +21,8 @@ Before using this repository, ensure you have:
3. **Domain name** (FQDN) resolving to the server
4. **TLS certificate + private key** (PEM format) -- or use Let's Encrypt for automatic TLS
5. **SSH access** to the server from GitHub Actions runners
6. **Gitea token** for `source.flxbl.io` (provided by flxbl)
7. **Docker registry token** for pulling SFP server images
8. **Port 443** open on the server firewall
6. **Docker registry token** for pulling SFP server images (the CLI runs from inside the image)
7. **Port 443** open on the server firewall
For detailed requirements, see the [Self-Hosting Prerequisites](https://source.flxbl.io/flxbl/sfp-pro/src/branch/main/docs/self-hosting-prerequisites.md) guide.
@@ -40,7 +39,6 @@ Go to **Settings** > **Secrets and variables** > **Actions** > **Secrets** and a
| Secret | Description |
|--------|-------------|
| `SSH_PRIVATE_KEY` | SSH private key for connecting to the server |
| `GITEA_TOKEN` | Token for `source.flxbl.io` (CLI downloads) |
| `DOCKER_REGISTRY_TOKEN` | Token for authenticating with your Docker registry |
| `ORIGIN_CERT` | TLS certificate in base64 PEM *(only if using custom TLS)* |
| `ORIGIN_KEY` | TLS private key in base64 PEM *(only if using custom TLS)* |
@@ -56,11 +54,10 @@ Go to **Settings** > **Secrets and variables** > **Actions** > **Variables** and
| `DOMAIN` | Yes | -- | FQDN for the server (e.g., `sfp.yourcompany.com`) |
| `DOCKER_REGISTRY` | Yes | -- | Docker registry hostname (e.g., `source.flxbl.io`) |
| `SSH_USER` | No | `root` | SSH username |
| `IMAGE_FQDN` | No | -- | Full Docker image path (e.g., `source.flxbl.io/flxbl/sfp-server`) |
| `IMAGE_FQDN` | Yes | -- | Full Docker image path (e.g., `ghcr.io/flxbl-io/sfp-server-rc`) |
| `IMAGE_TAG` | No | `latest` | Docker image tag (e.g., `latest`, `v3-latest`, `3.28.0`) |
| `WORKERS` | No | `1` | Number of background workers (1-10) |
| `BASE_DIR` | No | `./sfp-server` | Base directory on the server |
| `SFP_CLI_VERSION` | No | `latest` | Specific SFP CLI version to use |
### 4. Run Initialization
@@ -70,7 +67,7 @@ Go to **Settings** > **Secrets and variables** > **Actions** > **Variables** and
4. Click **Run workflow**
The init process will:
- Install SFP CLI on the GitHub Actions runner
- Pull the SFP server Docker image (the CLI runs from inside it)
- Connect to your server via SSH
- Create the directory structure and configuration
- Auto-generate database credentials
@@ -162,9 +159,10 @@ If the server is destroyed, you will need the backed-up `.env` to restore withou
## Troubleshooting
### Workflow fails at "Install SFP CLI"
- Verify `GITEA_TOKEN` is valid and has read access to `flxbl/sfp-pro` releases
- Check if a release exists with a `.deb` asset
### Workflow fails at image pull
- Verify `DOCKER_REGISTRY_TOKEN` is valid
- Verify `DOCKER_REGISTRY` and `IMAGE_FQDN` are correct
- Check if the specified `IMAGE_TAG` exists in the registry
### Workflow fails at SSH connection
- Verify `SSH_PRIVATE_KEY` is the full private key (including headers)
@@ -177,16 +175,11 @@ If the server is destroyed, you will need the backed-up `.env` to restore withou
- Check TLS certificate is valid for the domain
- SSH to the server and check logs: `docker compose logs caddy`
### Update fails during image pull
- Verify `DOCKER_REGISTRY_TOKEN` is valid
- Verify `DOCKER_REGISTRY` matches where your images are hosted
- Check if the specified `IMAGE_TAG` exists in the registry
## File Reference
| File | Purpose |
|------|---------|
| `.github/actions/setup-sfp/action.yml` | Composite action: install SFP CLI + configure SSH |
| `.github/actions/setup-sfp/action.yml` | Composite action: pull Docker image + configure SSH |
| `.github/workflows/init.yml` | One-time server initialization workflow |
| `.github/workflows/update.yml` | Server update workflow |
| `.github/workflows/check-update.yml` | Weekly version check workflow |