drone -> woodpecker (#593)

Reviewed-on: #593
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-11-07 16:35:27 +01:00 committed by mg
parent 30fbc6367a
commit 04a75ae752
10 changed files with 108 additions and 97 deletions

View file

@ -1,34 +0,0 @@
---
kind: pipeline
type: docker
name: gitleaks
steps:
- name: gitleaks
image: plugins/gitleaks
settings:
path: .
when:
event:
exclude:
- tag
---
kind: pipeline
type: docker
name: ansible-lint
steps:
- name: ansible-lint
image: quay.io/ansible/creator-ee
commands:
- ansible-lint --version
- echo $ANSIBLE_VAULT_PASSWORD > ./vault-pass.yml
- ansible-galaxy install -r requirements.yml
- ansible-lint --force-color --format pep8
when:
event:
exclude:
- tag
environment:
ANSIBLE_VAULT_PASSWORD:
from_secret: vault-pass

View file

@ -0,0 +1,19 @@
---
kind: pipeline
type: docker
name: ansible-lint
depends_on:
- gitleaks
steps:
ansible-lint:
image: quay.io/ansible/creator-ee
commands:
- ansible-lint --version
- echo $VAULT-PASS > ./vault-pass.yml # nach des Secret in Großschreibung
- ansible-galaxy install -r requirements.yml
- ansible-lint --force-color --format pep8
when:
event:
exclude:
- tag
secret: [vault-pass] #dieses Secret darf verwendet werden

13
.woodpecker/gitleaks.yml Normal file
View file

@ -0,0 +1,13 @@
---
kind: pipeline
type: docker
name: gitleaks
steps:
gitleaks:
image: zricethezav/gitleaks:latest
commands:
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
when:
event:
exclude:
- tag

View file

@ -1,54 +0,0 @@
version: '3.3'
services:
# server
drone:
volumes:
- 'data:/data'
environment:
DRONE_GITEA_SERVER: https://git.mgrote.net
DRONE_GITEA_CLIENT_ID: f8f0db2a-0089-4e23-9f5a-a5e52f20d765
DRONE_GITEA_CLIENT_SECRET: {{ lookup('keepass', 'drone_gitea_client_secret', 'password') }}
DRONE_RPC_SECRET: {{ lookup('keepass', 'drone_rpc_secret', 'password') }}
DRONE_SERVER_HOST: docker10.grote.lan:81
DRONE_SERVER_PROTO: http
DRONE_USER_CREATE: username:mg,admin:true # Gitea-Nutzer "mg" als Admin
#DRONE_LOGS_DEBUG: true
ports:
- '81:80'
- '444:443'
restart: always
container_name: drone-server
image: 'drone/drone:2'
networks:
- intern
labels:
com.centurylinklabs.watchtower.enable: true
# runner
drone-runner-docker:
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
environment:
DRONE_RPC_PROTO: http
# container-name des servers
DRONE_RPC_HOST: drone-server
DRONE_RPC_SECRET: {{ lookup('keepass', 'drone_rpc_secret', 'password') }}
DRONE_RUNNER_CAPACITY: 8
DRONE_RUNNER_NAME: drone-runner
ports:
- '3000:3000'
restart: always
container_name: drone-runner
image: 'drone/drone-runner-docker:latest'
networks:
- intern
labels:
com.centurylinklabs.watchtower.enable: true
com.centurylinklabs.watchtower.depends-on: drone-server
######## Volumes ########
volumes:
data:
######## Networks ########
networks:
intern: # hier kommunizieren Runner + Server

View file

@ -33,14 +33,14 @@ services:
# - name: "Weather" # - name: "Weather"
# location: "Burg" # your location. # location: "Burg" # your location.
# locationId: "2941501" # OpenWeatherMap city ID. # locationId: "2941501" # OpenWeatherMap city ID.
# apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://o#penweathermap.org/api. # key deactiviert # apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # insert your own API key here. Request one from https://o#penweathermap.org/api. # key deactiviert #gitleaks:allow
# units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin. # units: "metric" # units to display temperature. Can be one of: metric, imperial, kelvin. Defaults to kelvin.
# background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none. # background: "none" # choose which type of background you want behind the image. Can be one of: square, cicle, none. Defaults to none.
# type: "OpenWeather" # type: "OpenWeather"
# - name: "Weather" # - name: "Weather"
# location: "Magdeburg" # location: "Magdeburg"
# locationId: "2874545" # locationId: "2874545"
# apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" # apiKey: "c1ec4c040abfa80b991c72d48b49d4a0" #gitleaks:allow
# units: "metric" # units: "metric"
# background: "none" # background: "none"
# type: "OpenWeather" # type: "OpenWeather"

View file

@ -0,0 +1,10 @@
<svg xmlns="http://www.w3.org/2000/svg" width="22" height="22" viewBox="0 0 22 22">
<style>
@media (prefers-color-scheme: dark) {
path {
fill: white;
}
}
</style>
<path d="M1.263 2.744C2.41 3.832 2.845 4.932 4.118 5.08l.036.007c-.588.606-1.09 1.402-1.443 2.423-.38 1.096-.488 2.285-.614 3.659-.19 2.046-.401 4.364-1.556 7.269-2.486 6.258-1.12 11.63.332 17.317.664 2.604 1.348 5.297 1.642 8.107a.857.857 0 00.633.744.86.86 0 00.922-.323c.227-.313.524-.797.86-1.424.84 3.323 1.355 6.13 1.783 8.697a.866.866 0 001.517.41c2.88-3.463 3.763-8.636 2.184-12.674.459-2.433 1.402-4.45 2.398-6.583.536-1.15 1.08-2.318 1.55-3.566.228-.084.569-.314.79-.441l1.707-.981-.256 1.052a.864.864 0 001.678.408l.68-2.858 1.285-2.95a.863.863 0 10-1.581-.687l-1.152 2.669-2.383 1.372a18.97 18.97 0 00.508-2.981c.432-4.86-.718-9.074-3.066-11.266-.163-.157-.208-.281-.247-.26.095-.12.249-.26.358-.374 2.283-1.693 6.047-.147 8.319.75.589.232.876-.337.316-.67-1.95-1.153-5.948-4.196-8.188-6.193-.313-.275-.527-.607-.89-.913C9.825.555 4.072 3.057 1.355 2.569c-.102-.018-.166.103-.092.175m10.98 5.899c-.06 1.242-.603 1.8-1 2.208-.217.224-.426.436-.524.738-.236.714.008 1.51.66 2.143 1.974 1.84 2.925 5.527 2.538 9.86-.291 3.288-1.448 5.763-2.671 8.385-1.031 2.207-2.096 4.489-2.577 7.259a.853.853 0 00.056.48c1.02 2.434 1.135 6.197-.672 9.46a96.586 96.586 0 00-1.97-8.711c1.964-4.488 4.203-11.75 2.919-17.668-.325-1.497-1.304-3.276-2.387-4.207-.208-.18-.402-.237-.495-.167-.084.06-.151.238-.062.444.55 1.266.879 2.599 1.226 4.276 1.125 5.443-.956 12.49-2.835 16.782l-.116.259-.457.982c-.356-2.014-.85-3.95-1.33-5.84-1.38-5.406-2.68-10.515-.401-16.254 1.247-3.137 1.483-5.692 1.672-7.746.116-1.263.216-2.355.526-3.252.905-2.605 3.062-3.178 4.744-2.852 1.632.316 3.24 1.593 3.156 3.42zm-2.868.62a1.177 1.177 0 10.736-2.236 1.178 1.178 0 10-.736 2.237z" />
</svg>

After

Width:  |  Height:  |  Size: 1.8 KiB

View file

@ -51,11 +51,6 @@ services:
url: "https://docker10.grote.lan:8443" url: "https://docker10.grote.lan:8443"
target: "_blank" target: "_blank"
subtitle: "WLAN" subtitle: "WLAN"
- name: "drone.io"
logo: "assets/icons/drone.png"
url: "http://docker10.grote.lan:81"
target: "_blank"
subtitle: "CI/CD"
- name: "httpd" - name: "httpd"
logo: "assets/icons/roundcube.png" logo: "assets/icons/roundcube.png"
url: "http://docker10.grote.lan:3344" url: "http://docker10.grote.lan:3344"
@ -66,6 +61,11 @@ services:
url: "https://registry.mgrote.net/ui/index.html" url: "https://registry.mgrote.net/ui/index.html"
target: "_blank" target: "_blank"
subtitle: "Container-Registry" subtitle: "Container-Registry"
- name: "Woodpecker"
logo: "assets/icons/woodpecker.svg"
url: "http://docker10.grote.lan:8000"
target: "_blank"
subtitle: "CI/CD"
- name: "Infra" - name: "Infra"
icon: "fas fa-cloud" icon: "fas fa-cloud"

View file

@ -0,0 +1,57 @@
# https://woodpecker-ci.org/docs/administration/setup
version: '3'
services:
woodpecker-server:
container_name: woodpecker-server
image: woodpeckerci/woodpecker-server:latest
ports:
- 8000:8000
volumes:
- server-data:/var/lib/woodpecker/
environment:
WOODPECKER_OPEN: false
WOODPECKER_HOST: http://docker10.grote.lan:8000
WOODPECKER_GITEA: true
WOODPECKER_GITEA_URL: https://git.mgrote.net
WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}
WOODPECKER_ADMIN: mg
WOODPECKER_LOG_LEVEL: info
WOODPECKER_DEBUG_PRETTY: true
labels:
com.centurylinklabs.watchtower.enable: true
woodpecker-agent:
container_name: woodpecker-agent
image: woodpeckerci/woodpecker-agent:latest
command: agent
restart: always
depends_on:
- woodpecker-server
ports:
- 3032:3000
volumes:
- agent-config:/etc/woodpecker
- /var/run/docker.sock:/var/run/docker.sock
environment:
WOODPECKER_SERVER: woodpecker-server:9000
WOODPECKER_AGENT_SECRET: {{ lookup('keepass', 'woodpecker-agent-secret', 'password') }}
WOODPECKER_MAX_WORKFLOWS: 4
WOODPECKER_DEBUG_PRETTY: true
WOODPECKER_LOG_LEVEL: info
WOODPECKER_HEALTHCHECK: true
WOODPECKER_BACKEND: docker
labels:
com.centurylinklabs.watchtower.enable: true
volumes:
server-data:
agent-config:
# git.mgrote.net -> Settings -> Applications -> woodpecker
# WOODPECKER_GITEA_CLIENT: {{ lookup('keepass', 'woodpecker-oauth2-client-id', 'password') }}
# WOODPECKER_GITEA_SECRET: {{ lookup('keepass', 'woodpecker-oauth2-client-secret', 'password') }}
# Redirect URL: http://docker10.grote.lan:8000/authorize

View file

@ -31,8 +31,6 @@ compose_files:
network: traefik network: traefik
- name: homer - name: homer
state: present state: present
- name: drone
state: present
- name: nextcloud - name: nextcloud
state: present state: present
network: traefik network: traefik
@ -56,6 +54,8 @@ compose_files:
- name: mail-relay - name: mail-relay
state: present state: present
network: mail-relay network: mail-relay
- name: woodpecker
state: present
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:

Binary file not shown.