drone -> woodpecker (#593)
Reviewed-on: #593 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
30fbc6367a
commit
04a75ae752
10 changed files with 108 additions and 97 deletions
34
.drone.yml
34
.drone.yml
|
@ -1,34 +0,0 @@
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: gitleaks
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: gitleaks
|
|
||||||
image: plugins/gitleaks
|
|
||||||
settings:
|
|
||||||
path: .
|
|
||||||
when:
|
|
||||||
event:
|
|
||||||
exclude:
|
|
||||||
- tag
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: ansible-lint
|
|
||||||
steps:
|
|
||||||
- name: ansible-lint
|
|
||||||
image: quay.io/ansible/creator-ee
|
|
||||||
commands:
|
|
||||||
- ansible-lint --version
|
|
||||||
- echo $ANSIBLE_VAULT_PASSWORD > ./vault-pass.yml
|
|
||||||
- ansible-galaxy install -r requirements.yml
|
|
||||||
- ansible-lint --force-color --format pep8
|
|
||||||
when:
|
|
||||||
event:
|
|
||||||
exclude:
|
|
||||||
- tag
|
|
||||||
environment:
|
|
||||||
ANSIBLE_VAULT_PASSWORD:
|
|
||||||
from_secret: vault-pass
|
|
19
.woodpecker/ansible-lint.yml
Normal file
19
.woodpecker/ansible-lint.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: ansible-lint
|
||||||
|
depends_on:
|
||||||
|
- gitleaks
|
||||||
|
steps:
|
||||||
|
ansible-lint:
|
||||||
|
image: quay.io/ansible/creator-ee
|
||||||
|
commands:
|
||||||
|
- ansible-lint --version
|
||||||
|
- echo $VAULT-PASS > ./vault-pass.yml # nach des Secret in Großschreibung
|
||||||
|
- ansible-galaxy install -r requirements.yml
|
||||||
|
- ansible-lint --force-color --format pep8
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
exclude:
|
||||||
|
- tag
|
||||||
|
secret: [vault-pass] #dieses Secret darf verwendet werden
|
13
.woodpecker/gitleaks.yml
Normal file
13
.woodpecker/gitleaks.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: docker
|
||||||
|
name: gitleaks
|
||||||
|
steps:
|
||||||
|
gitleaks:
|
||||||
|
image: zricethezav/gitleaks:latest
|
||||||
|
commands:
|
||||||
|
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
exclude:
|
||||||
|
- tag
|
|
@ -1,54 +0,0 @@
|
||||||
version: '3.3'
|
|
||||||
services:
|
|
||||||
# server
|
|
||||||
drone:
|
|
||||||
volumes:
|
|
||||||
- 'data:/data'
|
|
||||||
environment:
|
|
||||||
DRONE_GITEA_SERVER: https://git.mgrote.net
|
|
||||||
DRONE_GITEA_CLIENT_ID: f8f0db2a-0089-4e23-9f5a-a5e52f20d765
|
|
||||||
DRONE_GITEA_CLIENT_SECRET: {{ lookup('keepass', 'drone_gitea_client_secret', 'password') }}
|
|
||||||
DRONE_RPC_SECRET: {{ lookup('keepass', 'drone_rpc_secret', 'password') }}
|
|
||||||
DRONE_SERVER_HOST: docker10.grote.lan:81
|
|
||||||
DRONE_SERVER_PROTO: http
|
|
||||||
DRONE_USER_CREATE: username:mg,admin:true # Gitea-Nutzer "mg" als Admin
|
|
||||||
#DRONE_LOGS_DEBUG: true
|
|
||||||
ports:
|
|
||||||
- '81:80'
|
|
||||||
- '444:443'
|
|
||||||
restart: always
|
|
||||||
container_name: drone-server
|
|
||||||
image: 'drone/drone:2'
|
|
||||||
networks:
|
|
||||||
- intern
|
|
||||||
labels:
|
|
||||||
com.centurylinklabs.watchtower.enable: true
|
|
||||||
|
|
||||||
# runner
|
|
||||||
drone-runner-docker:
|
|
||||||
volumes:
|
|
||||||
- '/var/run/docker.sock:/var/run/docker.sock'
|
|
||||||
environment:
|
|
||||||
DRONE_RPC_PROTO: http
|
|
||||||
# container-name des servers
|
|
||||||
DRONE_RPC_HOST: drone-server
|
|
||||||
DRONE_RPC_SECRET: {{ lookup('keepass', 'drone_rpc_secret', 'password') }}
|
|
||||||
DRONE_RUNNER_CAPACITY: 8
|
|
||||||
DRONE_RUNNER_NAME: drone-runner
|
|
||||||
ports:
|
|
||||||
- '3000:3000'
|
|
||||||
restart: always
|
|
||||||
container_name: drone-runner
|
|
||||||
image: 'drone/drone-runner-docker:latest'
|
|
||||||
networks:
|
|
||||||
- intern
|
|
||||||
labels:
|
|
||||||
com.centurylinklabs.watchtower.enable: true
|
|
||||||
com.centurylinklabs.watchtower.depends-on: drone-server
|
|
||||||
|
|
||||||
######## Volumes ########
|
|
||||||
volumes:
|
|
||||||
data:
|
|
||||||
######## Networks ########
|
|
||||||
networks:
|
|
||||||
intern: # hier kommunizieren Runner + Server
|
|
|
@ -33,14 +33,14 @@ services:
|
||||||
# - name: "Weather"
|
# - name: "Weather"
|
||||||
# location: "Burg" # your location.
|
# location: "Burg" # your location.
|
||||||
# locationId: "2941501" # OpenWeatherMap city ID.
|
# locationId: "2941501" # OpenWeatherMap city ID.
|
||||||
# apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://o#penweathermap.org/api. # key deactiviert
|
# apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://o#penweathermap.org/api. # key deactiviert #gitleaks:allow
|
||||||
# units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin.
|
# units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin.
|
||||||
# background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none.
|
# background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none.
|
||||||
# type: "OpenWeather"
|
# type: "OpenWeather"
|
||||||
# - name: "Weather"
|
# - name: "Weather"
|
||||||
# location: "Magdeburg"
|
# location: "Magdeburg"
|
||||||
# locationId: "2874545"
|
# locationId: "2874545"
|
||||||
# apiKey: "c1ec4c040abfa80b991c72d48b49d4a0"
|
# apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" #gitleaks:allow
|
||||||
# units: "metric"
|
# units: "metric"
|
||||||
# background: "none"
|
# background: "none"
|
||||||
# type: "OpenWeather"
|
# type: "OpenWeather"
|
||||||
|
|
10
docker-compose/homer/assets/icons/woodpecker.svg
Normal file
10
docker-compose/homer/assets/icons/woodpecker.svg
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" viewBox="0 0 22 22">
|
||||||
|
<style>
|
||||||
|
@media (prefers-color-scheme: dark) {
|
||||||
|
path {
|
||||||
|
fill: white;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<path d="M1.263 2.744C2.41 3.832 2.845 4.932 4.118 5.08l.036.007c-.588.606-1.09 1.402-1.443 2.423-.38 1.096-.488 2.285-.614 3.659-.19 2.046-.401 4.364-1.556 7.269-2.486 6.258-1.12 11.63.332 17.317.664 2.604 1.348 5.297 1.642 8.107a.857.857 0 00.633.744.86.86 0 00.922-.323c.227-.313.524-.797.86-1.424.84 3.323 1.355 6.13 1.783 8.697a.866.866 0 001.517.41c2.88-3.463 3.763-8.636 2.184-12.674.459-2.433 1.402-4.45 2.398-6.583.536-1.15 1.08-2.318 1.55-3.566.228-.084.569-.314.79-.441l1.707-.981-.256 1.052a.864.864 0 001.678.408l.68-2.858 1.285-2.95a.863.863 0 10-1.581-.687l-1.152 2.669-2.383 1.372a18.97 18.97 0 00.508-2.981c.432-4.86-.718-9.074-3.066-11.266-.163-.157-.208-.281-.247-.26.095-.12.249-.26.358-.374 2.283-1.693 6.047-.147 8.319.75.589.232.876-.337.316-.67-1.95-1.153-5.948-4.196-8.188-6.193-.313-.275-.527-.607-.89-.913C9.825.555 4.072 3.057 1.355 2.569c-.102-.018-.166.103-.092.175m10.98 5.899c-.06 1.242-.603 1.8-1 2.208-.217.224-.426.436-.524.738-.236.714.008 1.51.66 2.143 1.974 1.84 2.925 5.527 2.538 9.86-.291 3.288-1.448 5.763-2.671 8.385-1.031 2.207-2.096 4.489-2.577 7.259a.853.853 0 00.056.48c1.02 2.434 1.135 6.197-.672 9.46a96.586 96.586 0 00-1.97-8.711c1.964-4.488 4.203-11.75 2.919-17.668-.325-1.497-1.304-3.276-2.387-4.207-.208-.18-.402-.237-.495-.167-.084.06-.151.238-.062.444.55 1.266.879 2.599 1.226 4.276 1.125 5.443-.956 12.49-2.835 16.782l-.116.259-.457.982c-.356-2.014-.85-3.95-1.33-5.84-1.38-5.406-2.68-10.515-.401-16.254 1.247-3.137 1.483-5.692 1.672-7.746.116-1.263.216-2.355.526-3.252.905-2.605 3.062-3.178 4.744-2.852 1.632.316 3.24 1.593 3.156 3.42zm-2.868.62a1.177 1.177 0 10.736-2.236 1.178 1.178 0 10-.736 2.237z" />
|
||||||
|
</svg>
|
After Width: | Height: | Size: 1.8 KiB |
|
@ -51,11 +51,6 @@ services:
|
||||||
url: "https://docker10.grote.lan:8443"
|
url: "https://docker10.grote.lan:8443"
|
||||||
target: "_blank"
|
target: "_blank"
|
||||||
subtitle: "WLAN"
|
subtitle: "WLAN"
|
||||||
- name: "drone.io"
|
|
||||||
logo: "assets/icons/drone.png"
|
|
||||||
url: "http://docker10.grote.lan:81"
|
|
||||||
target: "_blank"
|
|
||||||
subtitle: "CI/CD"
|
|
||||||
- name: "httpd"
|
- name: "httpd"
|
||||||
logo: "assets/icons/roundcube.png"
|
logo: "assets/icons/roundcube.png"
|
||||||
url: "http://docker10.grote.lan:3344"
|
url: "http://docker10.grote.lan:3344"
|
||||||
|
@ -66,6 +61,11 @@ services:
|
||||||
url: "https://registry.mgrote.net/ui/index.html"
|
url: "https://registry.mgrote.net/ui/index.html"
|
||||||
target: "_blank"
|
target: "_blank"
|
||||||
subtitle: "Container-Registry"
|
subtitle: "Container-Registry"
|
||||||
|
- name: "Woodpecker"
|
||||||
|
logo: "assets/icons/woodpecker.svg"
|
||||||
|
url: "http://docker10.grote.lan:8000"
|
||||||
|
target: "_blank"
|
||||||
|
subtitle: "CI/CD"
|
||||||
|
|
||||||
- name: "Infra"
|
- name: "Infra"
|
||||||
icon: "fas fa-cloud"
|
icon: "fas fa-cloud"
|
||||||
|
|
57
docker-compose/woodpecker/docker-compose.yml.j2
Normal file
57
docker-compose/woodpecker/docker-compose.yml.j2
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# https://woodpecker-ci.org/docs/administration/setup
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
woodpecker-server:
|
||||||
|
container_name: woodpecker-server
|
||||||
|
image: woodpeckerci/woodpecker-server:latest
|
||||||
|
ports:
|
||||||
|
- 8000:8000
|
||||||
|
volumes:
|
||||||
|
- server-data:/var/lib/woodpecker/
|
||||||
|
environment:
|
||||||
|
WOODPECKER_OPEN: false
|
||||||
|
WOODPECKER_HOST: http://docker10.grote.lan:8000
|
||||||
|
WOODPECKER_GITEA: true
|
||||||
|
WOODPECKER_GITEA_URL: https://git.mgrote.net
|
||||||
|
WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
|
||||||
|
WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
|
||||||
|
WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}
|
||||||
|
WOODPECKER_ADMIN: mg
|
||||||
|
WOODPECKER_LOG_LEVEL: info
|
||||||
|
WOODPECKER_DEBUG_PRETTY: true
|
||||||
|
|
||||||
|
labels:
|
||||||
|
com.centurylinklabs.watchtower.enable: true
|
||||||
|
|
||||||
|
woodpecker-agent:
|
||||||
|
container_name: woodpecker-agent
|
||||||
|
image: woodpeckerci/woodpecker-agent:latest
|
||||||
|
command: agent
|
||||||
|
restart: always
|
||||||
|
depends_on:
|
||||||
|
- woodpecker-server
|
||||||
|
ports:
|
||||||
|
- 3032:3000
|
||||||
|
volumes:
|
||||||
|
- agent-config:/etc/woodpecker
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
environment:
|
||||||
|
WOODPECKER_SERVER: woodpecker-server:9000
|
||||||
|
WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}
|
||||||
|
WOODPECKER_MAX_WORKFLOWS: 4
|
||||||
|
WOODPECKER_DEBUG_PRETTY: true
|
||||||
|
WOODPECKER_LOG_LEVEL: info
|
||||||
|
WOODPECKER_HEALTHCHECK: true
|
||||||
|
WOODPECKER_BACKEND: docker
|
||||||
|
labels:
|
||||||
|
com.centurylinklabs.watchtower.enable: true
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
server-data:
|
||||||
|
agent-config:
|
||||||
|
|
||||||
|
# git.mgrote.net -> Settings -> Applications -> woodpecker
|
||||||
|
# WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
|
||||||
|
# WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
|
||||||
|
# Redirect URL: http://docker10.grote.lan:8000/authorize
|
|
@ -31,8 +31,6 @@ compose_files:
|
||||||
network: traefik
|
network: traefik
|
||||||
- name: homer
|
- name: homer
|
||||||
state: present
|
state: present
|
||||||
- name: drone
|
|
||||||
state: present
|
|
||||||
- name: nextcloud
|
- name: nextcloud
|
||||||
state: present
|
state: present
|
||||||
network: traefik
|
network: traefik
|
||||||
|
@ -56,6 +54,8 @@ compose_files:
|
||||||
- name: mail-relay
|
- name: mail-relay
|
||||||
state: present
|
state: present
|
||||||
network: mail-relay
|
network: mail-relay
|
||||||
|
- name: woodpecker
|
||||||
|
state: present
|
||||||
|
|
||||||
### oefenweb.ufw
|
### oefenweb.ufw
|
||||||
ufw_rules:
|
ufw_rules:
|
||||||
|
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
Loading…
Reference in a new issue