replace woodpecker-ci with gitea-act-runner #166

Merged
mg merged 47 commits from act into master 2024-08-22 22:45:14 +02:00
11 changed files with 86 additions and 35 deletions

View file

@ -27,3 +27,4 @@ exclude_paths:
- roles/ansible_role_gitea - roles/ansible_role_gitea
- roles/ansible-role-postgresql - roles/ansible-role-postgresql
- .woodpecker/ - .woodpecker/
- .gitea/

View file

@ -0,0 +1,21 @@
name: ansible-lint
on:
push:
branches: [ master ]
pull_request:
jobs:
ansible-lint:
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: write vault-pass
run: echo ${{ secrets.VAULTPASS }} > ./vault-pass
- name: run ansible-lint
uses: docker://registry.mgrote.net/ansible-devspace:latest
with:
args: ansible-lint --force-color --format pep8 --show-relpath
# VAULTPASS ist als Secrets auf Repo-Ebene angelegt

View file

@ -0,0 +1,21 @@
name: Gitea Actions Demo
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on:
schedule:
- cron: '* * * * *' # test
jobs:
Explore-Gitea-Actions:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
- run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!"
- run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
- name: Check out repository code
uses: actions/checkout@v4
- run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner."
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: List files in the repository
run: |
ls ${{ gitea.workspace }}
- run: echo "🍏 This job's status is ${{ job.status }}."

View file

@ -0,0 +1,16 @@
name: gitleaks
on:
push:
branches: [ master ]
pull_request:
jobs:
gitleaks:
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run Gitleaks
uses: docker://zricethezav/gitleaks:v8.18.4
with:
args: detect --no-git --verbose --source ${{ github.workspace }}

View file

@ -1,20 +0,0 @@
---
depends_on:
- gitleaks
steps:
ansible-lint:
image: registry.mgrote.net/ansible-devspace:latest
commands:
# Secrets
- echo $${SSHKEY} | base64 -d > ./id_ed25519 # woodpecker verschluckt linebreaks, daher mit base64 -w0 "kodiert"
- echo $${VAULTPASS} | base64 -d > ./vault-pass # Name des Secrets in Großschreibung
- chmod 0400 ./id_ed25519
# Doing
- ansible-lint --force-color --format pep8 --show-relpath
# https://woodpecker-ci.org/docs/usage/secrets#use-secrets-in-commands
secrets: [vaultpass]
when:
- event: [push, pull_request, cron, pull_request_closed, tag, release, manual]
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
...

View file

@ -1,10 +0,0 @@
---
steps:
gitleaks:
image: zricethezav/gitleaks:v8.18.4
commands:
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
when:
- event: [push, pull_request, cron, pull_request_closed, tag, release, manual]
evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
...

View file

@ -1,11 +1,13 @@
# ansible_heimserver # ansible_heimserver
[![status-badge](https://ci.mgrote.net/api/badges/2/status.svg)](https://ci.mgrote.net/repos/2)
## ansible-devspace ## ansible-devspace
- Repository: https://git.mgrote.net/container-images/ansible-devspace - Repository: https://git.mgrote.net/container-images/ansible-devspace
- dort mit Woodpecker-CI gebaut und in eigene Registry gepushed - dort mit CI gebaut und in eigene Registry gepushed
- ``devspace.sh`` pulled Image, prüft ob SSH-Key und ``vault-pass`` vorhanden sind - ``devspace.sh`` pulled Image, prüft ob SSH-Key und ``vault-pass`` vorhanden sind
- mountet git-Secrets - mountet git-Secrets
- startet Container - startet Container
https://git.mgrote.net/mg/homeserver/actions/workflows/{workflow_file}/badge.svg?branch={branch}&event={event}
https://git.mgrote.net/mg/homeserver/actions/workflows/ansible-lint.yaml/badge.svg

View file

@ -0,0 +1,18 @@
---
# https://gitea.com/gitea/act_runner/src/branch/main/examples/docker-compose
version: "3.7"
services:
runner:
container_name: act-runner
image: gitea/act_runner
restart: always
volumes:
- act_runner_data:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
GITEA_INSTANCE_URL: https://git.mgrote.net
GITEA_RUNNER_REGISTRATION_TOKEN: "{{ lookup('viczem.keepass.keepass', 'gitea_act_runner_token', 'password') }}" # only used on first start, https://git.mgrote.net/admin/actions/runners
GITEA_RUNNER_NAME: "docker10-act-runner"
volumes:
act_runner_data:

View file

@ -55,7 +55,7 @@ ufw_rules:
### ansible_role_gitea ### ansible_role_gitea
gitea_fork: "forgejo" gitea_fork: "forgejo"
# gitea update # gitea update
gitea_version: "1.21.7-0" # alt zum renovate testen gitea_version: "1.21.11-2" # TODO renovate, wird das erkannt?
gitea_version_check: true gitea_version_check: true
gitea_backup_on_upgrade: false gitea_backup_on_upgrade: false
# gitea in the linux world # gitea in the linux world
@ -127,7 +127,7 @@ gitea_federation_enabled: false
# Packages # Packages
gitea_packages_enabled: false gitea_packages_enabled: false
# actions # actions
gitea_actions_enabled: false gitea_actions_enabled: true
gitea_extra_config: | gitea_extra_config: |
; webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet" ; webhook: wird für drone benötigt, sonst wird der Webhook nicht "gesendet"
[webhook] [webhook]

View file

@ -67,6 +67,8 @@ compose_files:
network: traefik network: traefik
- name: gramps - name: gramps
state: present state: present
- name: act-runner
state: present
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:

Binary file not shown.