Initial commit

Author: ghxm

.env.example

@@ -0,0 +1,13 @@
+# Hetzner S3
+S3_ENDPOINT_URL=https://nbg1.your-objectstorage.com
+S3_ACCESS_KEY=
+S3_SECRET_KEY=
+S3_BUCKET=openstage
+
+# Dataverse (optional for local dev)
+DATAVERSE_API_TOKEN=
+DATAVERSE_SERVER_URL=https://dataverse.harvard.edu
+
+# Per-case Dataverse dataset persistent IDs (one DOI per case)
+# DATASET_PERSISTENT_ID_EU=doi:10.7910/DVN/XXXXXX
+# DATASET_PERSISTENT_ID_DE=doi:10.7910/DVN/YYYYYY

.github/workflows/cleanup.yml

@@ -0,0 +1,26 @@
+name: Cleanup Orphaned Servers
+on:
+  schedule:
+    - cron: '0 6 * * *'
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install hcloud
+        run: |
+          curl -sL https://github.com/hetznercloud/cli/releases/latest/download/hcloud-linux-amd64.tar.gz | tar xz
+          sudo mv hcloud /usr/local/bin/
+
+      - name: Delete orphaned servers
+        env:
+          HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }}
+        run: |
+          hcloud server list -l purpose=backstage-pipeline -o json | jq -r '.[].id' | while read id; do
+            CREATED=$(hcloud server describe $id -o json | jq -r '.created')
+            AGE_HOURS=$(( ($(date +%s) - $(date -d "$CREATED" +%s)) / 3600 ))
+            if [ $AGE_HOURS -gt 12 ]; then
+              echo "Deleting orphaned server $id (age: ${AGE_HOURS}h)"
+              hcloud server delete $id
+            fi
+          done

.github/workflows/docs.yml

@@ -0,0 +1,40 @@
+name: Deploy docs
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "docs/**"
+      - "mkdocs.yml"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: astral-sh/setup-uv@v6
+
+      - run: uv sync --extra docs
+
+      - run: uv run mkdocs build --strict
+
+      - uses: actions/upload-pages-artifact@v3
+        with:
+          path: site/
+
+      - id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/monthly-pipeline.yml

@@ -0,0 +1,41 @@
+name: Monthly Pipeline
+on:
+  schedule:
+    - cron: '0 2 1 * *'
+  workflow_dispatch:
+    inputs:
+      cases:
+        description: 'Comma-separated cases to run (default: eu)'
+        default: 'eu'
+      server_type:
+        description: 'Hetzner server type'
+        default: 'cx32'
+
+jobs:
+  launch:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: deploy/terraform
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Apply
+        run: |
+          terraform apply -auto-approve \
+            -var="hcloud_token=${{ secrets.HCLOUD_TOKEN }}" \
+            -var="s3_endpoint=${{ secrets.S3_ENDPOINT_URL }}" \
+            -var="s3_access_key=${{ secrets.S3_ACCESS_KEY }}" \
+            -var="s3_secret_key=${{ secrets.S3_SECRET_KEY }}" \
+            -var="s3_bucket=${{ secrets.S3_BUCKET }}" \
+            -var="github_token=${{ secrets.PIPELINE_GITHUB_TOKEN }}" \
+            -var="dataverse_token=${{ secrets.DATAVERSE_API_TOKEN }}" \
+            -var="dataverse_url=${{ secrets.DATAVERSE_SERVER_URL }}" \
+            -var="dataset_persistent_id_eu=${{ secrets.DATASET_PERSISTENT_ID_EU }}" \
+            -var="cases=${{ github.event.inputs.cases || 'eu' }}" \
+            -var="server_type=${{ github.event.inputs.server_type || 'cx32' }}"

.github/workflows/notify.yml

@@ -0,0 +1,28 @@
+name: Pipeline Notification
+on:
+  repository_dispatch:
+    types: [pipeline-complete]
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log pipeline result
+        run: |
+          echo "Pipeline status: ${{ github.event.client_payload.status }}"
+          echo "Date: ${{ github.event.client_payload.date }}"
+
+      - name: Send email on failure
+        if: github.event.client_payload.status == 'failure'
+        uses: dawidd6/action-send-mail@v3
+        with:
+          server_address: ${{ secrets.SMTP_SERVER }}
+          server_port: ${{ secrets.SMTP_PORT }}
+          username: ${{ secrets.SMTP_USERNAME }}
+          password: ${{ secrets.SMTP_PASSWORD }}
+          subject: "backstage pipeline FAILED"
+          body: |
+            Pipeline run on ${{ github.event.client_payload.date }} failed.
+            Check S3 logs at logs/${{ github.event.client_payload.date }}/run.log
+          to: ${{ secrets.NOTIFICATION_EMAIL }}
+          from: ${{ secrets.SMTP_FROM }}