# Woodpecker CI pipeline template. # # Runs on the local backend — image: bash specifies the shell. # Triggers on push to main branch. # # Flow: install → lint-fix (optional) → lint + test → deploy # # Secrets (add in Woodpecker UI → repo or global settings): # gitea_token — Gitea access token (for lint-fix auto-commit back) # # Deploy setup (one-time, as root on VPS): # 1. Create deploy script: # cp scripts/deploy.sh /usr/local/bin/deploy- # chmod 755 /usr/local/bin/deploy- # chown root:root /usr/local/bin/deploy- # # 2. Find Woodpecker agent user: # ps -o user= -p $(pgrep woodpecker-agent) # # 3. Set up sudoers (replace AGENT_USER and script name): # echo 'AGENT_USER ALL=(root) NOPASSWD: /usr/local/bin/deploy- *' \ # > /etc/sudoers.d/woodpecker-deploy # chmod 0440 /etc/sudoers.d/woodpecker-deploy # visudo -cf /etc/sudoers.d/woodpecker-deploy when: - event: push branch: main steps: - name: install image: bash commands: - npm ci # Optional: auto-fix lint issues and commit back. # Requires gitea_token secret. Remove this step if not needed. # The [CI SKIP] in commit message prevents infinite loops. # # - name: lint-fix # image: bash # environment: # GITEA_TOKEN: # from_secret: gitea_token # commands: # - bash scripts/ci-lint-fix.sh # depends_on: [install] - name: lint image: bash commands: - npx eslint . depends_on: [install] - name: test image: bash commands: - npm test depends_on: [install] - name: sonar image: bash environment: SONAR_TOKEN: from_secret: sonar_token commands: - /opt/sonar-scanner-6.2.1.4610-linux-x64/bin/sonar-scanner -Dsonar.token=$SONAR_TOKEN depends_on: [lint, test] # Uncomment when deploy script is set up on VPS: # # - name: deploy # image: bash # environment: # CI: "true" # commands: # - sudo /usr/local/bin/deploy- "${CI_WORKSPACE:-.}" # depends_on: [lint, test]