From 06bb34891edcb2e02320b8c9a0ecaaa8a18156e3 Mon Sep 17 00:00:00 2001 From: Marty Oehme Date: Mon, 20 Dec 2021 11:47:11 +0100 Subject: [PATCH] Add simple ci deployment --- roles/gitea/defaults/main.yml | 9 +++++ roles/gitea/handlers/main.yml | 38 ++++++++++++++++++++ roles/gitea/tasks/Ubuntu.yml | 12 +++++++ roles/gitea/tasks/main.yml | 22 ++++++++++++ roles/gitea/templates/docker-stack.yml.j2 | 42 +++++++++++++++++++++++ roles/gitea/templates/upstream_ci.json.j2 | 39 +++++++++++++++++++++ 6 files changed, 162 insertions(+) create mode 100644 roles/gitea/tasks/Ubuntu.yml create mode 100644 roles/gitea/templates/upstream_ci.json.j2 diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 136085a..1bace83 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -9,6 +9,7 @@ gitea_use_https: true # the subdomain link gitea will be reachable under subdomain_alias: git +subdomain_ci_alias: ci gitea_db_database: gitea gitea_db_username: gitea @@ -22,3 +23,11 @@ gitea_app_admin_email: myadmin@mydomain.mytld # gitea_smtp_username: my@username.com # gitea_smtp_password: # gitea_smtp_force_tls: false # forces tls if it is on a non-traditional tls port. Overwrites starttls so should generally be off + +gitea_use_ci: false +# gitea_ci_github_client: +# gitea_ci_github_secret: +# gitea_ci_gitlab_client: +# gitea_ci_gitlab_secret: +# gitea_ci_gitea_client: +# gitea_ci_gitea_secret: diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml index 68ebab7..c45c3a5 100644 --- a/roles/gitea/handlers/main.yml +++ b/roles/gitea/handlers/main.yml @@ -23,6 +23,14 @@ become: yes listen: "update gitea upstream" +- name: Update ci upstream template + ansible.builtin.template: + src: upstream_ci.json.j2 + dest: "{{ gitea_upstream_file_dir }}/upstream_ci.json" + mode: '0600' + become: yes + listen: "update gitea upstream" + # figure out if upstream id exists - name: check {{ stack_name }} upstream community.docker.docker_container_exec: @@ -53,6 +61,36 @@ become: yes listen: "update gitea upstream" +# figure out if upstream id exists +- name: check {{ stack_name }}_ci upstream + community.docker.docker_container_exec: + container: "{{ caddy_container_id }}" + command: > + curl localhost:2019/id/{{ stack_name }}_ci_upstream/ + changed_when: False + register: result + become: yes + listen: "update gitea upstream" + +# upstream for ci already exists, patch it +- name: remove old {{ stack_name }}_ci upstream + community.docker.docker_container_exec: + container: "{{ caddy_container_id }}" + command: > + curl -X DELETE localhost:2019/id/{{ stack_name }}_ci_upstream/ + become: yes + when: (result.stdout | from_json)['error'] is not defined + listen: "update gitea upstream" +# +# upstream for ci has to be created +- name: add {{ stack_name }}_ci upstream + community.docker.docker_container_exec: + container: "{{ caddy_container_id }}" + command: > + curl -X POST -H "Content-Type: application/json" -d @{{ gitea_upstream_file_dir }}/upstream_ci.json localhost:2019/config/apps/http/servers/{{ (gitea_use_https == True) | ternary(caddy_https_server_name, caddy_http_server_name) }}/routes/0/ + become: yes + listen: "update gitea upstream" + - name: Ensure upstream directory is gone again ansible.builtin.file: path: "{{ gitea_upstream_file_dir }}" diff --git a/roles/gitea/tasks/Ubuntu.yml b/roles/gitea/tasks/Ubuntu.yml new file mode 100644 index 0000000..a67147d --- /dev/null +++ b/roles/gitea/tasks/Ubuntu.yml @@ -0,0 +1,12 @@ +--- +## install requisites +- name: Ensure openssl installed + ansible.builtin.package: + name: "openssl" + state: present + become: yes + tags: + - apt + - download + - packages + diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 3529038..a766f61 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,4 +1,26 @@ --- +## Prepare woodpecker ci +- name: "Select tasks for {{ ansible_distribution }} {{ ansible_distribution_major_version }}" + include_tasks: "{{ distribution }}" + with_first_found: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + loop_control: + loop_var: distribution + when: gitea_use_ci == True + +- name: Generate agent key + ansible.builtin.shell: openssl rand -hex 32 + register: gitea_woodpecker_agent_secret + when: gitea_use_ci == True + +- name: Set agent key + ansible.builtin.set_fact: + gitea_woodpecker_agent_secret: "{{ gitea_woodpecker_agent_secret.stdout }}" + when: gitea_woodpecker_agent_secret.stdout is not undefined and not None + +## Prepare gitea - name: Ensure git user exists with ssh key ansible.builtin.user: name: "{{ gitea_git_username }}" diff --git a/roles/gitea/templates/docker-stack.yml.j2 b/roles/gitea/templates/docker-stack.yml.j2 index aa1cb81..80a33eb 100644 --- a/roles/gitea/templates/docker-stack.yml.j2 +++ b/roles/gitea/templates/docker-stack.yml.j2 @@ -56,9 +56,51 @@ services: - POSTGRES_PASSWORD={{ gitea_db_password }} - POSTGRES_DB={{ gitea_db_database }} +{% if gitea_use_ci %} + wp-server: + image: woodpeckerci/woodpecker-server:latest + networks: + - "{{ docker_swarm_public_network_name }}" + - backend + volumes: + - woodpecker:/var/lib/woodpecker/ + environment: + - WOODPECKER_OPEN=true + - "WOODPECKER_HOST={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_ci_alias is not undefined and not none) | ternary(subdomain_ci_alias, stack_name + '_ci') }}.{{server_domain}}" + - WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }} +{% if gitea_ci_github_client is not undefined and not None and gitea_ci_github_secret is not undefined and not None %} + - WOODPECKER_GITHUB=true + - WOODPECKER_GITHUB_CLIENT={{ gitea_ci_github_client }} + - WOODPECKER_GITHUB_SECRET={{ gitea_ci_github_secret }} +{% endif %} +{% if gitea_ci_gitlab_client is not undefined and not None and gitea_ci_gitlab_secret is not undefined and not None %} + - WOODPECKER_GITLAB=true + - WOODPECKER_gitlab_CLIENT={{ gitea_ci_gitlab_client }} + - WOODPECKER_gitlab_SECRET={{ gitea_ci_gitlab_secret }} +{% endif %} +{% if gitea_ci_gitea_client is not undefined and not None and gitea_ci_gitea_secret is not undefined and not None %} + - WOODPECKER_GITEA=true + - "WOODPECKER_GITEA_URL={{ (gitea_use_https == True) | ternary('https', 'http') }}://{{ (subdomain_alias is not undefined and not none) | ternary(subdomain_alias, stack_name) }}.{{server_domain}}" + - WOODPECKER_GITEA_CLIENT={{ gitea_ci_gitea_client }} + - WOODPECKER_GITEA_SECRET={{ gitea_ci_gitea_secret }} +{% endif %} + + wp-agent: + image: woodpeckerci/woodpecker-agent:latest + networks: + - backend + command: agent + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + - WOODPECKER_SERVER=wp-server:9000 + - WOODPECKER_AGENT_SECRET={{ gitea_woodpecker_agent_secret }} +{% endif %} + volumes: data: db: + woodpecker: networks: "{{ docker_swarm_public_network_name }}": diff --git a/roles/gitea/templates/upstream_ci.json.j2 b/roles/gitea/templates/upstream_ci.json.j2 new file mode 100644 index 0000000..9c5ee64 --- /dev/null +++ b/roles/gitea/templates/upstream_ci.json.j2 @@ -0,0 +1,39 @@ +{ + "@id": "{{ stack_name }}_ci_upstream", +{% if server_domain is not undefined and not none %} + "match": [ + { + "host": [ +{% if subdomain_ci_alias is not undefined and not none %} + "{{ subdomain_ci_alias }}.{{ server_domain }}" +{% else %} + "{{ stack_name }}_ci.{{ server_domain }}" +{% endif %} + ] + } + ], +{% else %} + "match": [ + { + "path": [ +{% if subdomain_ci_alias is not undefined and not none %} + "/{{ subdomain_ci_alias }}*" +{% else %} + "/{{ stack_name }}_ci*" +{% endif %} + ] + } + ], +{% endif %} + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "{{ stack_name }}_wp-server:8000" + } + ] + } + ] +} +