From 295f497bcf4111869990852bd8d9e3fd1551d8a2 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sun, 27 Apr 2025 18:07:24 +0200 Subject: [PATCH] Include woodpecker ci provisioning --- host_vars/fudiggity/network.yml | 2 +- host_vars/fudiggity/woodpecker_ci.yml | 42 +++++++++++++++++++ playbook.yml | 4 ++ tasks/woodpecker_ci.yml | 42 +++++++++++++++++++ templates/nginx/woodpecker.j2 | 2 +- templates/woodpecker_ci/docker-compose.j2 | 50 +++++++++++++++++++++++ 6 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 host_vars/fudiggity/woodpecker_ci.yml create mode 100644 tasks/woodpecker_ci.yml create mode 100644 templates/woodpecker_ci/docker-compose.j2 diff --git a/host_vars/fudiggity/network.yml b/host_vars/fudiggity/network.yml index 805bb7f..f9ca113 100644 --- a/host_vars/fudiggity/network.yml +++ b/host_vars/fudiggity/network.yml @@ -40,7 +40,7 @@ forgejo_ssh_port: 22 forgejo_domain: forgejo.fudiggity.nl woodpecker_ip: 127.0.0.1 -woodpecker_port: 7000 +woodpecker_app_port: 7000 woodpecker_domain: woodpecker.fudiggity.nl newsreader_ip: 127.0.0.1 diff --git a/host_vars/fudiggity/woodpecker_ci.yml b/host_vars/fudiggity/woodpecker_ci.yml new file mode 100644 index 0000000..5b02358 --- /dev/null +++ b/host_vars/fudiggity/woodpecker_ci.yml @@ -0,0 +1,42 @@ +woodpecker_domain: 'woodpecker.fudiggity.nl' + +woodpecker_image_tag: 'woodpeckerci/woodpecker-server:v2.8.0' +woodpecker_agent_tag: 'woodpeckerci/woodpecker-agent:v2.8.0' + +woodpecker_postgres_user: woodpecker +woodpecker_postgres_name: woodpecker + +woodpecker_app_dir: '/srv/docker/woodpecker' + +woodpecker_forgejo_url: https://forgejo.fudiggity.nl +woodpecker_forgejo_client: f467d6ee-6095-4c90-9d14-674d60b07183 + +woodpecker_forgejo_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31656532363665313866353961373862363031356437326234623030623235363039643663633662 + 6139656163646464613166653033663266313264646666620a336465306235336534633038333436 + 31306630323165646565333466383962626163303433393166326264633566623938366339326662 + 3261623736656631300a306161363061353463363361636433326431356532333761666637626163 + 35323065623661363638643062663066306134643035636561346663303138373634643466306161 + 36643037303932323032613432386230356139333963613038373531316536333461643166306261 + 613738363231323938653439373262663633 + +woodpecker_agent_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62306636643432613934633038643363373831346639383635356366333634376337303438386339 + 3264363234653362646364326263313465356261313738340a616133663630376166653364376363 + 34353165373663343236336330643365663830393836393264373032666536633733636161663661 + 3464333936613066630a636166343931306365646334373731383430646233316332313861663838 + 64663761303237613335613366343731326630386239633061633363666330663336623730303061 + 38376266636662363834663664643466643361363563396539316234623764363464303336663662 + 613362623365363563323934653562366138 + +woodpecker_postgres_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33363337656661326362396537336638383036386631643935323136636661363865633763303138 + 6566643036333166326230366531633062306362636236630a626235323439663231363164366166 + 34633166313431623236323039643164396130653664393062306334653761663264666636316436 + 3963646536663863350a633836376238333939313363613932353039353465306330623965633161 + 37376336353664386166303865373939616434613966393163623536616432623035653235623763 + 35623063333766636131653065313064383163383261383866626232343335326566316431623233 + 326434353932373335366636613863666635 diff --git a/playbook.yml b/playbook.yml index 5e02996..1e04ecf 100644 --- a/playbook.yml +++ b/playbook.yml @@ -57,6 +57,10 @@ - name: Glitchtip provisioning ansible.builtin.import_tasks: tasks/glitchtip.yml tags: glitchtip + + - name: Woodpecker CI provisioning + ansible.builtin.import_tasks: tasks/woodpecker_ci.yml + tags: woodpecker-ci handlers: - name: Import handlers ansible.builtin.import_tasks: 'handlers.yml' diff --git a/tasks/woodpecker_ci.yml b/tasks/woodpecker_ci.yml new file mode 100644 index 0000000..6172b9f --- /dev/null +++ b/tasks/woodpecker_ci.yml @@ -0,0 +1,42 @@ +- name: Create required directories + become: true + ansible.builtin.file: + path: '{{ item.path }}' + state: '{{ item.state }}' + mode: '{{ item.mode }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + loop: + - path: '{{ woodpecker_app_dir }}' + owner: sonny + group: sonny + state: directory + mode: '0755' + +- name: Copy docker-compose file + ansible.builtin.template: + src: 'templates/woodpecker_ci/docker-compose.j2' + dest: '{{ woodpecker_app_dir }}/docker-compose.yml' + mode: '0750' + +- name: Stop current containers + community.docker.docker_compose_v2: + project_src: '{{ woodpecker_app_dir }}' + state: stopped + +- name: Pull missing image + community.docker.docker_compose_v2: + project_src: '{{ woodpecker_app_dir }}' + pull: missing + state: stopped + +- name: Remove dangling containers + community.docker.docker_compose_v2: + project_src: '{{ woodpecker_app_dir }}' + remove_orphans: true + state: stopped + +- name: Start container + community.docker.docker_compose_v2: + project_src: '{{ woodpecker_app_dir }}' + state: present diff --git a/templates/nginx/woodpecker.j2 b/templates/nginx/woodpecker.j2 index 9dfccb7..89d4c81 100644 --- a/templates/nginx/woodpecker.j2 +++ b/templates/nginx/woodpecker.j2 @@ -24,6 +24,6 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; - proxy_pass http://{{ woodpecker_ip }}:{{ woodpecker_port }}; + proxy_pass http://{{ woodpecker_ip }}:{{ woodpecker_app_port }}; } } diff --git a/templates/woodpecker_ci/docker-compose.j2 b/templates/woodpecker_ci/docker-compose.j2 new file mode 100644 index 0000000..2fc15fb --- /dev/null +++ b/templates/woodpecker_ci/docker-compose.j2 @@ -0,0 +1,50 @@ +# {{ ansible_managed }} + +services: + woodpecker-server: + image: {{ woodpecker_image_tag }} + restart: always + ports: + - '{{ woodpecker_app_port }}:8000' + volumes: + - woodpecker-server-data:/var/lib/woodpecker/ + depends_on: + - db + environment: + WOODPECKER_OPEN: true + WOODPECKER_HOST: 'https://{{ woodpecker_domain }}' + WOODPECKER_AGENT_SECRET: {{ woodpecker_agent_secret }} + WOODPECKER_DATABASE_DRIVER: postgres + WOODPECKER_DATABASE_DATASOURCE: postgres://{{ woodpecker_postgres_user }}:{{ woodpecker_postgres_password }}@db:5432/postgres?sslmode=disable + WOODPECKER_FORGEJO: true + WOODPECKER_FORGEJO_URL: {{ woodpecker_forgejo_url }} + WOODPECKER_FORGEJO_CLIENT: {{ woodpecker_forgejo_client }} + WOODPECKER_FORGEJO_SECRET: {{ woodpecker_forgejo_secret }} + + db: + image: postgres:17 + restart: always + environment: + POSTGRES_USER: {{ woodpecker_postgres_user }} + POSTGRES_PASSWORD: {{ woodpecker_postgres_password }} + POSTGRES_DB: {{ woodpecker_postgres_name }} + volumes: + - postgres-data:/var/lib/postgresql/data + + woodpecker-agent: + image: {{ woodpecker_agent_tag }} + command: agent + restart: always + depends_on: + - woodpecker-server + volumes: + - woodpecker-agent-config:/etc/woodpecker + - /var/run/docker.sock:/var/run/docker.sock + environment: + WOODPECKER_SERVER: woodpecker-server:9000 + WOODPECKER_AGENT_SECRET: {{ woodpecker_agent_secret }} + +volumes: + woodpecker-server-data: + woodpecker-agent-config: + postgres-data: