MinIO Storage - Gitea Actions
This directory contains automated CI/CD workflows for MinIO deployment and maintenance.
Workflows
1. deploy.yml - Production Deployment
Trigger: Push to main or master branch
What it does:
- Uploads docker-compose.prod.yml to server
- Creates/updates MinIO production container
- Sets up buckets automatically
- Performs health checks
Deployment location: /var/www/apps/minio-storage
Access:
- S3 API: https://minio.crewsportswear.com
- Console: https://console.crewsportswear.com
2. deploy-dev.yml - Development Deployment
Trigger: Push to dev branch
What it does:
- Deploys MinIO to development environment
- Uses default credentials (minioadmin/minioadmin123)
- Exposed on ports 9000/9001
- Sets up development buckets
Deployment location: /var/www/apps/minio-storage-dev
Access:
- S3 API: http://dev.crewsportswear.com:9000
- Console: http://dev.crewsportswear.com:9001
3. backup.yml - Automated Backups
Trigger:
- Daily at 2 AM (cron:
0 2 * * *) - Manual via workflow_dispatch
What it does:
- Backs up all MinIO buckets
- Compresses backups (.tar.gz)
- Stores in
/var/backups/minio/ - Keeps last 7 days of backups
- Verifies backup completion
Manual trigger:
# Via Gitea UI: Actions → Backup MinIO Buckets → Run Workflow
Required Secrets
Configure these in your Gitea repository settings:
Settings → Secrets → Actions
| Secret | Description | Example |
|---|---|---|
DEPLOY_SSH_KEY |
Private SSH key for deployment | -----BEGIN OPENSSH PRIVATE KEY-----... |
DEPLOY_HOST |
Production server hostname/IP | 123.45.67.89 or server.example.com |
DEPLOY_USER |
SSH username on server | deploy or ubuntu |
Generate SSH Key
# On your local machine
ssh-keygen -t ed25519 -C "gitea-minio-deploy" -f ~/.ssh/gitea_minio_deploy
# Copy public key to server
ssh-copy-id -i ~/.ssh/gitea_minio_deploy.pub user@server
# Copy private key content to Gitea secret
cat ~/.ssh/gitea_minio_deploy
Deployment Process
Production Deployment
- Make changes to docker-compose.prod.yml or setup scripts
- Commit and push to
mainbranch:git add . git commit -m "Update MinIO configuration" git push origin main - Watch workflow in Gitea: Repository → Actions
- Verify deployment:
curl https://minio.crewsportswear.com/minio/health/live # Should return: OK
Development Deployment
- Create/switch to dev branch:
git checkout -b dev - Push changes:
git push origin dev - Access dev environment:
- Console: http://dev.crewsportswear.com:9001
Manual Workflow Trigger
You can manually trigger any workflow:
- Go to: Repository → Actions
- Select workflow (e.g., "Deploy MinIO Production")
- Click "Run Workflow"
- Select branch
- Click "Run Workflow" button
First-Time Setup
1. Configure Server
Ensure your server has:
- Docker and Docker Compose installed
- Networks created:
traefik-public,crew-app-net - Traefik running (for production HTTPS)
# On server
docker network create traefik-public
docker network create crew-app-net
2. Configure Gitea Secrets
Add the three required secrets (see table above).
3. Initial Deployment
# Clone repo
git clone your-gitea-url/minio-storage.git
cd minio-storage
# Push to trigger deployment
git push origin main
4. Post-Deployment Setup
After first deployment, SSH into server and configure:
ssh user@server
# Set production credentials
cd /var/www/apps/minio-storage
nano .env
# Update these:
MINIO_ROOT_USER=your_secure_username
MINIO_ROOT_PASSWORD=your_secure_password_32chars
# For secured console, add BasicAuth
htpasswd -nb admin YourPassword
# Copy output to .env:
TRAEFIK_CONSOLE_AUTH='admin:$$apr1$$...'
# Restart
docker compose down && docker compose up -d
Monitoring
Check Deployment Status
# On server
cd /var/www/apps/minio-storage
# Check container status
docker ps | grep minio
# Check logs
docker logs crew-minio-prod
# View recent deployments
ls -lt /var/www/apps/minio-storage
View Backups
# On server
ls -lh /var/backups/minio/
# Extract a backup
cd /tmp
tar -xzf /var/backups/minio/minio_backup_YYYYMMDD_HHMMSS.tar.gz
# Restore if needed (see README.md for restore procedure)
Troubleshooting
Deployment Failed
# Check Gitea Actions logs
# Repository → Actions → Failed workflow → View logs
# Common issues:
# 1. SSH key not added to server authorized_keys
# 2. Server disk space full
# 3. Docker not running on server
Container Not Starting
ssh user@server
cd /var/www/apps/minio-storage
# Check .env file exists
cat .env
# Check Docker logs
docker logs crew-minio-prod
# Check networks
docker network ls | grep crew-app-net
# Recreate manually
docker compose down
docker compose up -d
Backup Failed
# Check backup directory permissions
ls -ld /var/backups/minio/
# Check disk space
df -h
# Manual backup
cd /var/www/apps/minio-storage
docker exec crew-minio-prod mc mirror backup/crewsportswear /tmp/manual_backup
Workflow Customization
Change Backup Schedule
Edit .gitea/workflows/backup.yml:
on:
schedule:
- cron: '0 2 * * *' # Daily 2 AM
# Change to:
- cron: '0 */6 * * *' # Every 6 hours
- cron: '0 0 * * 0' # Weekly on Sunday
Add Post-Deployment Hooks
Edit .gitea/workflows/deploy.yml, add step:
- name: Notify team
shell: sh
run: |
curl -X POST https://your-webhook-url \
-d "MinIO deployed successfully"
Custom Health Checks
Add to deploy.yml:
- name: Test bucket access
shell: sh
run: |
# Test upload
echo "test" > test.txt
curl -X PUT https://minio.crewsportswear.com/crewsportswear/test.txt \
--upload-file test.txt
Security Best Practices
- Rotate SSH keys regularly
- Use strong MinIO credentials (32+ characters)
- Enable BasicAuth for console (production)
- Monitor backup logs for failures
- Test restore procedure quarterly
- Limit Gitea Actions secrets access to admins only
Related Documentation
- Main README - MinIO setup and usage
- Security Guide - Security best practices
- Gitea Actions Docs
Quick Reference
# View workflows
ls .gitea/workflows/
# Trigger production deploy
git push origin main
# Trigger dev deploy
git push origin dev
# Manual backup (via Gitea UI)
Repository → Actions → Backup MinIO Buckets → Run Workflow
# Check deployment
ssh user@server
docker ps | grep minio
docker logs crew-minio-prod