Add simple ci deployment

Removed setting the landingpage upstream accidentally, switched its
alias to blog instead.

roles/blog/defaults/main.yml

@@ -8,4 +8,4 @@ blog_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
 blog_use_https: true
 
 # the subdomain link blog will be reachable under
-# subdomain_alias: blog
+subdomain_alias: blog

roles/blog/templates/upstream.json.j2

@@ -9,8 +9,6 @@
 {% else %}
                 "{{ stack_name }}.{{ server_domain }}"
 {% endif %}
-            ,
-            "{{ server_domain }}"
             ]
         }
     ],

roles/gitea/defaults/main.yml

@@ -9,6 +9,7 @@ gitea_use_https: true
 
 # the subdomain link gitea will be reachable under
 subdomain_alias: git
+subdomain_ci_alias: ci
 
 gitea_db_database: gitea
 gitea_db_username: gitea
@@ -22,3 +23,11 @@ gitea_app_admin_email: myadmin@mydomain.mytld
 # gitea_smtp_username: my@username.com
 # gitea_smtp_password: <password>
 # gitea_smtp_force_tls: false # forces tls if it is on a non-traditional tls port. Overwrites starttls so should generally be off
+
+gitea_use_ci: false
+# gitea_ci_github_client:
+# gitea_ci_github_secret:
+# gitea_ci_gitlab_client:
+# gitea_ci_gitlab_secret:
+# gitea_ci_gitea_client: 
+# gitea_ci_gitea_secret: 

roles/gitea/handlers/main.yml

@@ -23,6 +23,14 @@
   become: yes
   listen: "update gitea upstream"
 
+- name: Update ci upstream template
+  ansible.builtin.template:
+    src: upstream_ci.json.j2
+    dest: "{{ gitea_upstream_file_dir }}/upstream_ci.json"
+    mode: '0600'
+  become: yes
+  listen: "update gitea upstream"
+
 # figure out if upstream id exists
 - name: check {{ stack_name }} upstream
   community.docker.docker_container_exec:
@@ -53,6 +61,36 @@
   become: yes
   listen: "update gitea upstream"
 
+# figure out if upstream id exists
+- name: check {{ stack_name }}_ci upstream
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl localhost:2019/id/{{ stack_name }}_ci_upstream/
+  changed_when: False
+  register: result
+  become: yes
+  listen: "update gitea upstream"
+
+# upstream for ci already exists, patch it
+- name: remove old {{ stack_name }}_ci upstream
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl -X DELETE localhost:2019/id/{{ stack_name }}_ci_upstream/
+  become: yes
+  when: (result.stdout | from_json)['error'] is not defined
+  listen: "update gitea upstream"
+#
+# upstream for ci has to be created
+- name: add {{ stack_name }}_ci upstream
+  community.docker.docker_container_exec:
+    container: "{{ caddy_container_id }}"
+    command: >
+      curl -X POST -H "Content-Type: application/json" -d @{{ gitea_upstream_file_dir }}/upstream_ci.json localhost:2019/config/apps/http/servers/{{ (gitea_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ 
+  become: yes
+  listen: "update gitea upstream"
+
 - name: Ensure upstream directory is gone again
   ansible.builtin.file:
     path: "{{ gitea_upstream_file_dir }}"

roles/gitea/tasks/Ubuntu.yml

@@ -0,0 +1,12 @@
+---
+## install requisites
+- name: Ensure openssl installed
+  ansible.builtin.package:
+    name: "openssl"
+    state: present
+  become: yes
+  tags:
+    - apt
+    - download
+    - packages
+

roles/gitea/tasks/main.yml

@@ -1,4 +1,26 @@
 ---
+## Prepare woodpecker ci
+- name: "Select tasks for {{ ansible_distribution }} {{ ansible_distribution_major_version }}"
+  include_tasks: "{{ distribution }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+  loop_control:
+    loop_var: distribution
+  when: gitea_use_ci == True
+
+- name: Generate agent key
+  ansible.builtin.shell: openssl rand -hex 32
+  register: gitea_woodpecker_agent_secret
+  when: gitea_use_ci == True
+
+- name: Set agent key
+  ansible.builtin.set_fact: 
+    gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}"
+  when: gitea_woodpecker_agent_secret.stdout is not undefined and not None
+
+## Prepare gitea
 - name: Ensure git user exists with ssh key
   ansible.builtin.user:
     name: "{{ gitea_git_username }}"

roles/gitea/templates/docker-stack.yml.j2

@@ -56,9 +56,51 @@ services:
       - POSTGRES_PASSWORD={{ gitea_db_password }}
       - POSTGRES_DB={{ gitea_db_database }}
 
+{% if gitea_use_ci %}
+  wp-server:
+    image: woodpeckerci/woodpecker-server:latest
+    networks:
+      - "{{ docker_swarm_public_network_name }}"
+      - backend
+    volumes:
+      - woodpecker:/var/lib/woodpecker/
+    environment:
+      - WOODPECKER_OPEN=true
+      - "WOODPECKER_HOST={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_ci_alias is not undefined and not none) | ternary(subdomain_ci_alias, stack_name + '_ci') }}.{{server_domain}}"
+      - WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }}
+{% if gitea_ci_github_client is not undefined and not None and gitea_ci_github_secret is not undefined and not None %}
+      - WOODPECKER_GITHUB=true
+      - WOODPECKER_GITHUB_CLIENT={{ gitea_ci_github_client }}
+      - WOODPECKER_GITHUB_SECRET={{ gitea_ci_github_secret }}
+{% endif %}
+{% if gitea_ci_gitlab_client is not undefined and not None and gitea_ci_gitlab_secret is not undefined and not None %}
+      - WOODPECKER_GITLAB=true
+      - WOODPECKER_gitlab_CLIENT={{ gitea_ci_gitlab_client }}
+      - WOODPECKER_gitlab_SECRET={{ gitea_ci_gitlab_secret }}
+{% endif %}
+{% if gitea_ci_gitea_client is not undefined and not None and gitea_ci_gitea_secret is not undefined and not None %}
+      - WOODPECKER_GITEA=true
+      - "WOODPECKER_GITEA_URL={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}"
+      - WOODPECKER_GITEA_CLIENT={{ gitea_ci_gitea_client }}
+      - WOODPECKER_GITEA_SECRET={{ gitea_ci_gitea_secret }}
+{% endif %}
+
+  wp-agent:
+    image: woodpeckerci/woodpecker-agent:latest
+    networks:
+      - backend
+    command: agent
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - WOODPECKER_SERVER=wp-server:9000
+      - WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }}
+{% endif %}
+
 volumes:
   data:
   db:
+  woodpecker:
 
 networks:
   "{{ docker_swarm_public_network_name }}":

roles/gitea/templates/upstream_ci.json.j2

@@ -0,0 +1,39 @@
+{
+    "@id": "{{ stack_name }}_ci_upstream",
+{% if server_domain is not undefined and not none %}   
+    "match": [
+        {
+            "host": [
+{% if subdomain_ci_alias is not undefined and not none %}
+                "{{ subdomain_ci_alias }}.{{ server_domain }}"
+{% else %}
+                "{{ stack_name }}_ci.{{ server_domain }}"
+{% endif %}
+            ]
+        }
+    ],
+{% else %}
+    "match": [
+        {
+            "path": [
+{% if subdomain_ci_alias is not undefined and not none %}
+                "/{{ subdomain_ci_alias }}*"
+{% else %}
+                "/{{ stack_name }}_ci*"
+{% endif %}
+            ]
+        }
+    ],
+{% endif %}
+    "handle": [
+        {
+            "handler": "reverse_proxy",
+            "upstreams": [
+                {
+                    "dial": "{{ stack_name }}_wp-server:8000"
+                }
+            ]
+        }
+    ]
+}
+