CI: auto-deploy release to kai-server after publish #3

New issue

Open

opened 2026-05-23 20:54:18 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-23 20:54:18 +00:00

Owner

Originally filed by @coilysiren on 2026-04-28T07:26:44Z - https://github.com/coilysiren/eco-telemetry/issues/4

🤖 Filed by Claude Code on Kai's behalf.

release.yml publishes the GH release zip but doesn't install it on kai-server. Today the install flow is manual: coily ssh deploy eco-mod EcoTelemetry from a laptop, which fast-forwards infrastructure and runs install-eco-mod.sh EcoTelemetry.

Goal: after release.yml publishes, automatically run the install on kai-server, then restart eco-server.service so the new DLL loads.

Design notes:

Deploy path: ssh to kai-server (kai user), run bash ~/projects/coilysiren/infrastructure/scripts/install-eco-mod.sh EcoTelemetry. Files land under kai-owned paths, no sudo. Followed by sudo systemctl restart eco-server (sudo needed - either NOPASSWD entry for that specific systemctl call, or use the existing coily ssh deploy sudo-piping pattern).
Tailscale + ssh: bring the runner onto the tailnet via tailscale/github-action@v3 (same shape as canonical k3s deploy). Then ssh kai@100.69.164.66 (tailnet IP).
SSH key: needs a CI deploy key. Generate ed25519 on kai-server, append .pub to /home/kai/.ssh/authorized_keys, store private in SSM under /eco-telemetry/deploy-ssh-key, sync to GH secret DEPLOY_SSH_KEY. Restrict key in authorized_keys with command= to only allow the install script + restart, so a leak doesn't grant general shell.
Restart sudoers: /etc/sudoers.d/kai-eco-server-restart granting kai NOPASSWD on /usr/bin/systemctl restart eco-server only.

Once that's in place, the contract is: push to main -> release publishes -> kai-server pulls + restarts -> Eco loads new mod.

🤖 Filed by Claude Code on Kai's behalf.

_Originally filed by @coilysiren on 2026-04-28T07:26:44Z - [https://github.com/coilysiren/eco-telemetry/issues/4](https://github.com/coilysiren/eco-telemetry/issues/4)_ > 🤖 Filed by Claude Code on Kai's behalf. `release.yml` publishes the GH release zip but doesn't install it on kai-server. Today the install flow is manual: `coily ssh deploy eco-mod EcoTelemetry` from a laptop, which fast-forwards `infrastructure` and runs `install-eco-mod.sh EcoTelemetry`. Goal: after `release.yml` publishes, automatically run the install on kai-server, then restart `eco-server.service` so the new DLL loads. Design notes: - **Deploy path**: ssh to kai-server (kai user), run `bash ~/projects/coilysiren/infrastructure/scripts/install-eco-mod.sh EcoTelemetry`. Files land under kai-owned paths, no sudo. Followed by `sudo systemctl restart eco-server` (sudo needed - either NOPASSWD entry for that specific systemctl call, or use the existing `coily ssh deploy` sudo-piping pattern). - **Tailscale + ssh**: bring the runner onto the tailnet via `tailscale/github-action@v3` (same shape as canonical k3s deploy). Then ssh `kai@100.69.164.66` (tailnet IP). - **SSH key**: needs a CI deploy key. Generate ed25519 on kai-server, append `.pub` to `/home/kai/.ssh/authorized_keys`, store private in SSM under `/eco-telemetry/deploy-ssh-key`, sync to GH secret `DEPLOY_SSH_KEY`. Restrict key in `authorized_keys` with `command=` to only allow the install script + restart, so a leak doesn't grant general shell. - **Restart sudoers**: `/etc/sudoers.d/kai-eco-server-restart` granting `kai` NOPASSWD on `/usr/bin/systemctl restart eco-server` only. Once that's in place, the contract is: push to main -> release publishes -> kai-server pulls + restarts -> Eco loads new mod. > 🤖 Filed by Claude Code on Kai's behalf.

coilysiren added the

label

2026-05-31 01:54:24 +00:00

coilysiren added

and removed

labels

2026-05-31 07:00:26 +00:00

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/eco-telemetry#3

No description provided.

Rows
Columns