Skip to content

Reoclo in CI

Reoclo’s CI integrations let your pipeline drive your servers — clone a repo onto a server, run commands, authenticate to a private registry, and sync proxy routes after a deploy — with every operation audited. The same four operations are available on every CI system, because each integration is a thin wrapper around one engine: the reoclo CLI.

CI systemHow you use itGuide
GitHub Actionsuses: reoclo/checkout@v2 (+ run, docker-auth)GitHub Actions
Gitea Actionsuses: https://github.com/reoclo/checkout@v2below
Woodpeckerimage: reoclo/ci with settings.commandbelow
Anything elsecurl -sSL https://get.reoclo.com | sh then reoclo …CLI in CI

All of them authenticate with a Reoclo automation API key (rca_*) — create one under API Keys → Automation Keys (reference) and store it as a CI secret. The CI run context (repository, workflow, actor, commit) is detected automatically and recorded in your audit trail.

OperationWhat it doesGitHub/Gitea actionWoodpecker commandCLI
checkoutClone/update a repo on the serverreoclo/checkoutcheckoutreoclo checkout
runExecute a command on the serverreoclo/runexecreoclo exec
docker-authLog in/out of a registry on the serverreoclo/docker-authregistry-login / registry-logoutreoclo registry login/logout
deploy-syncSync proxy routes after a deployreoclo/deploy-syncdeploy-syncreoclo deploy sync

The primary, fully-documented surface. Actions are published at reoclo/{checkout,run,docker-auth,deploy-sync} with a moving v2 tag:

- uses: reoclo/checkout@v2
with:
api_key: ${{ secrets.REOCLO_API_KEY }}
server_id: ${{ secrets.REOCLO_SERVER_ID }}
path: /srv/reoclo/myapp
- uses: reoclo/run@v2
with:
api_key: ${{ secrets.REOCLO_API_KEY }}
server_id: ${{ secrets.REOCLO_SERVER_ID }}
working_directory: /srv/reoclo/myapp
command: docker compose -f docker-compose.prod.yml up -d

See the GitHub Actions guide for the full input/output reference and recipes (multi-environment, sparse checkout, GHES, registry auth, blue/green).

The same actions run on a self-hosted Gitea act_runner. The integrations are pure shell (no Node runtime), so they behave identically to GitHub. Reference them by their full GitHub URL — this works on any runner that can reach github.com:

- uses: https://github.com/reoclo/checkout@v2
with:
api_key: ${{ secrets.REOCLO_API_KEY }}
server_id: ${{ secrets.REOCLO_SERVER_ID }}
- uses: https://github.com/reoclo/run@v2
with:
api_key: ${{ secrets.REOCLO_API_KEY }}
server_id: ${{ secrets.REOCLO_SERVER_ID }}
command: docker compose up -d

All GitHub Actions inputs/outputs are identical on Gitea — the GitHub Actions guide applies verbatim.

Woodpecker has no action runtime, so the integration ships as a single plugin image, reoclo/ci (also ghcr.io/reoclo/ci), with the CLI baked in. settings.command selects the operation and the other settings.* map to flags:

steps:
deploy:
image: reoclo/ci:1
settings:
command: exec
api_key: { from_secret: reoclo_key }
server_id: 00000000-0000-0000-0000-000000000000
command_line: docker compose -f docker-compose.prod.yml up -d
timeout: 600

Notes specific to Woodpecker:

  • settings.command is the operation (exec | checkout | registry-login | registry-logout | deploy-sync); for exec the shell command is settings.command_line (because command is taken).
  • There are no step outputs — set settings.output_file (e.g. .reoclo/out.env) to write KEY=value lines for a later step to source.
  • There’s no post hook, so docker-auth cleanup is a separate registry-logout step with when: { status: [success, failure] }.

Every wrapper is just the CLI. On any runner with a shell, install it and call it directly:

Terminal window
curl -sSL https://get.reoclo.com | sh
export REOCLO_AUTOMATION_KEY="$REOCLO_API_KEY" # rca_* automation key
reoclo checkout "$SERVER_ID" --repository owner/repo --ref "$COMMIT" --path /srv/reoclo/myapp --output json
reoclo exec "$SERVER_ID" --cwd /srv/reoclo/myapp -- docker compose up -d

See Using the CLI in CI for the full command surface and output contracts.