CI/CD Infrastructure

AC/DC uses Forgejo Actions with native shell runners for continuous integration and deployment.

Overview

┌─────────────────────────────────────────────────────────────────────┐
│                        CI/CD Pipeline                                │
├─────────────────────────────────────────────────────────────────────┤
│                                                                      │
│  ┌─────────┐     ┌─────────┐     ┌─────────┐     ┌─────────┐        │
│  │  Push   │ ──► │  Build  │ ──► │  Test   │ ──► │ Deploy  │        │
│  └─────────┘     └─────────┘     └─────────┘     └─────────┘        │
│       │               │               │               │              │
│       │               │               │               │              │
│       ▼               ▼               ▼               ▼              │
│  ┌─────────────────────────────────────────────────────────┐        │
│  │                    Radicle Sync                          │        │
│  └─────────────────────────────────────────────────────────┘        │
│                                                                      │
└─────────────────────────────────────────────────────────────────────┘

Runner Configuration

Native Runner

CI jobs execute directly on the CI Runner server (no Docker containers):

Property	Value
Runner Type	Native shell
Server	ci.ac-dc.network (10.106.0.3)
User	devops
Labels	`native`
Work Directory	`/home/devops/working-repos/`

Available Tools

Pre-installed on the CI Runner:

Rust: rustc, cargo (with nightly toolchain)
Node.js: node, npm, pnpm, bun
Python: python3, pip
Aleo: snarkos, leo (for ALPHA chain contracts)
Git: Full git tooling
Radicle: rad CLI

Workflow Structure

Standard Rust Project

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: native
    steps:
      - uses: actions/checkout@v4

      - name: Build
        run: cargo build --release

      - name: Test
        run: cargo test

      - name: Clippy
        run: cargo clippy -- -D warnings

  radicle-sync:
    runs-on: native
    needs: [build]
    if: github.ref == 'refs/heads/main'
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          path: forgejo-src

      - name: Sync to Radicle
        run: |
          export PATH=$HOME/.radicle/bin:$PATH
          RID="rad:YOUR_REPO_ID"
          # ... sync logic ...

      - name: Sync to network via source server
        run: |
          $HOME/radicle-full-sync.sh "rad:YOUR_REPO_ID"

Standard Node.js Project

jobs:
  build:
    runs-on: native
    steps:
      - uses: actions/checkout@v4

      - name: Install dependencies
        run: pnpm install

      - name: Build
        run: pnpm build

      - name: Test
        run: pnpm test

ADL Contract Project

jobs:
  build:
    runs-on: native
    steps:
      - uses: actions/checkout@v4

      - name: Build contracts
        run: |
          for contract in contracts/*/; do
            cd "$contract"
            leo build
            cd ../..
          done

      - name: Test contracts
        run: |
          for contract in contracts/*/; do
            cd "$contract"
            leo test
            cd ../..
          done

CI Dashboard

Access

URL: http://source.ac-dc.network:8081
No authentication required (internal network)

Features

Real-time build status for all repositories
Forgejo-Radicle sync status comparison
Build history and logs
Webhook status

API Endpoints

# Get all repos with CI and sync status
curl http://source.ac-dc.network:8081/api/repos

# Get CI status for specific repo
curl http://source.ac-dc.network:8081/api/ci/REPO_NAME

# Get sync status
curl http://source.ac-dc.network:8081/api/sync/REPO_NAME

Best Practices

Workflow Design

Use concurrency groups to prevent overlapping runs
Keep jobs focused - separate build, test, and deploy
Use needs for job dependencies
Radicle sync should be last - only after tests pass

Resource Management

Clean up artifacts - use if: always() cleanup steps
Limit parallel jobs - native runner has finite resources
Cache dependencies when possible

Security

Never commit secrets - use Forgejo secrets
Pin action versions - actions/checkout@v4 not @main
Validate inputs - especially for deployment workflows

Troubleshooting

Build Fails: "Command not found"

Check if the tool is installed on the runner:

ssh -p 2584 devops@ci.ac-dc.network "which TOOL"

Build Hangs

Check for interactive prompts or blocking operations:

Ensure all commands are non-interactive
Add timeouts to long-running steps

Radicle Sync Fails

See Radicle Sync Architecture for troubleshooting.

Disk Space Issues

The CI runner has limited disk space. Clean up old artifacts:

ssh -p 2584 devops@ci.ac-dc.network "/home/devops/cleanup-tmp-radicle.sh"

Adding CI to a New Repository

Create .forgejo/workflows/ci.yml (or sync.yml for docs repos)
Add the repository to the CI dashboard configuration
Set up Radicle tracking: rad track RID
Push to trigger first CI run
Verify sync status on dashboard

Radicle ID Assignment

New repositories need a Radicle ID. Initialize with:

cd REPO
rad init --name "repo-name" --description "Description"

The RID will be output. Use this in your CI workflow.

Overview​

Runner Configuration​

Native Runner​

Available Tools​

Workflow Structure​

Standard Rust Project​

Standard Node.js Project​

ADL Contract Project​

CI Dashboard​

Access​

Features​

API Endpoints​

Best Practices​

Workflow Design​

Resource Management​

Security​

Troubleshooting​

Build Fails: "Command not found"​

Build Hangs​

Radicle Sync Fails​

Disk Space Issues​

Adding CI to a New Repository​

Radicle ID Assignment​