first commit

This commit is contained in:
rhiz0et 2021-12-19 23:44:51 +01:00
commit e251055dd7
9 changed files with 333 additions and 0 deletions

15
.woodpecker.yml Normal file
View File

@ -0,0 +1,15 @@
---
pipeline:
molecule:
image: docker:stable-dind
pull: true
commands:
- apk add --no-cache python3 python3-dev py3-pip gcc git curl build-base
autoconf automake py3-cryptography linux-headers musl-dev libffi-dev
openssl-dev openssh
- docker info
- python3 --version
- python3 -m pip install ansible molecule[docker]
- ansible --version
- molecule --version
- molecule test

42
README.md Normal file
View File

@ -0,0 +1,42 @@
# Ansible Role: woodpecker
Installs woodpecker-ci server and agent as containers.
All known versioning tools can be configured.
Currently only Let's Encrypt certificates are supported and no self-created or self-signed certificates.
## Requirements
* [Docker Community Collection](https://galaxy.ansible.com/community/docker)
* [Docker](https://github.com/geerlingguy/ansible-role-docker)
* [pip](https://github.com/geerlingguy/ansible-role-pip)
## Role Variables
Available variables are listed in `defaults/main.yml` and `templates/server.env.j2`. A lot of variables omitted by default.
## Dependencies
None.
## Example Playbook
```YAML
- hosts: server
become: true
roles:
- rhiz0et.woodpecker
vars:
woodpecker_admins: myadmin
woodpecker_host: https://ci.myhost.de
```
## License
GPL-3.0-or-later
## Author Information
This role was created in 2021 by [rhiz0et](https://codeberg.org/rhiz0et).

73
defaults/main.yml Normal file
View File

@ -0,0 +1,73 @@
---
# Define the root directory for woodpecker files
woodpecker_rootdir: /opt/woodpecker
# Define the container version of woodpecker
woodpecker_version: latest-alpine
# Set to true to enable registration to all users in an organization
woodpecker_open_registration: true
# Define the organizations which should run pipelines
# woodpecker_allowed_organizations: org1,org2
# Define the admins for woodpecker
woodpecker_admins: user1,user2
# Define which repos should be synced. Especially for github
# woodpecker_repo_owners: repo1,repo2
# Define the woodpecker domain
woodpecker_host: https://ci.example.com
# Define the agent secret for the server and the agent: `pwgen 64 1`
woodpecker_agent_secret: "zueThahchohwee7ohvooqueSh8Pah8choodeibouyaing0mo5ang4xee0ong9bai"
# Define maximal processes for the agent
woodpecker_agent_max_procs: "2"
# Define another database as sqlite3. You can choose between MySQL/MariaDB and PostgreSQL.
# Set this to `mysql` or `postgres`
# woodpecker_database_driver: postgres
# Define the datasource for the matching driver.
# More information: https://woodpecker-ci.org/docs/administration/database
# woodpecker_database_datasource: postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable
# Define your own docker config
# woodpecker_docker_config_path: /home/user/.docker/config.json
# Define github
woodpecker_github: false
woodpecker_github_url: https://github.com
woodpecker_github_client: 95c0282573633eb25e82
woodpecker_github_secret: 30f5064039e6b359e075
# Define gitea
woodpecker_gitea: true
woodpecker_gitea_url: https://codeberg.org
woodpecker_gitea_client: 95c0282573633eb25e82
woodpecker_gitea_secret: 30f5064039e6b359e075
# Define gitlab
woodpecker_gitlab: false
woodpecker_gitlab_url: http://gitlab.mycompany.com
woodpecker_gitlab_client: 95c0282573633eb25e82
woodpecker_gitlab_secret: 30f5064039e6b359e075
# Define bitbucket
woodpecker_bitbucket: false
woodpecker_bitbucket_client: 95c0282573633eb25e82
woodpecker_bitbucket_secret: 30f5064039e6b359e075
# Define bitbucket server
woodpecker_bitbucket_server: false
woodpecker_bitbucket_server_url: http://stash.mycompany.com
woodpecker_bitbucket_server_consumer_key: 95c0282573633eb25e82
woodpecker_bitbucket_server_consumer_rsa: /etc/bitbucket/key.pem
woodpecker_bitbucket_server_git_username: foo
woodpecker_bitbucket_server_git_password: bar
# Enable or disable watchtower for automatic updates of the containers
woodpecker_watchtower: true
# Define the schedule when watchtower should pull for new images and update the containers.
# "0 0 3 * * *" means every day at 3:00.
woodpecker_watchtower_schedule: "0 0 3 * * *"

21
meta/main.yml Normal file
View File

@ -0,0 +1,21 @@
---
dependencies: []
galaxy_info:
role_name: woodpecker
author: rhiz0et
description: Woodpecker-CI Server and Agent for most version control systems.
license: "license (GPL-3.0-or-later)"
min_ansible_version: 2.10
platforms:
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- automation
- networking
- system
- ci

View File

@ -0,0 +1,19 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update the apt cache
apt:
update_cache: true
roles:
- role: geerlingguy.pip
vars:
pip_install_packages:
- name: docker
- role: geerlingguy.docker
vars:
- docker_install_compose: false
- role: rhiz0et.woodpecker

View File

@ -0,0 +1,17 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "docker.io/geerlingguy/docker-debian11-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

View File

@ -0,0 +1,3 @@
---
- src: geerlingguy.pip
- src: geerlingguy.docker

71
tasks/main.yml Normal file
View File

@ -0,0 +1,71 @@
---
- name: Create rootdir
ansible.builtin.file:
path: "{{ woodpecker_rootdir }}"
state: directory
owner: root
group: root
mode: 0755
- name: Template server.env-file
ansible.builtin.template:
src: server.env.j2
dest: "{{ woodpecker_rootdir }}/server.env"
owner: root
group: root
mode: 0644
- name: Create the woodpecker network
community.docker.docker_network:
name: woodpecker-net
- name: Create and start the woodpecker-server container
community.docker.docker_container:
name: woodpecker-server
restart_policy: always
pull: true
cap_drop: all
networks:
- name: woodpecker-net
published_ports:
- 80:80
- 443:443
volumes:
- "{{ woodpecker_rootdir }}/data:/var/lib/woodpecker"
env_file: "{{ woodpecker_rootdir }}/server.env"
image: "woodpeckerci/woodpecker-server:{{ woodpecker_version }}"
- name: Create and start the woodpecker-agent container
community.docker.docker_container:
name: woodpecker-agent
restart_policy: always
pull: true
cap_drop: all
networks:
- name: woodpecker-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
WOODPECKER_SERVER: woodpecker-server:9000
WOODPECKER_AGENT_SECRET: "{{ woodpecker_agent_secret }}"
WOODPECKER_MAX_PROCS: "{{ woodpecker_agent_max_procs }}"
image: "woodpeckerci/woodpecker-agent:{{ woodpecker_version }}"
- name: Create and start the watchtower container if wanted
docker_container:
name: watchtower
restart_policy: always
pull: true
networks:
- name: woodpecker-net
userns_mode: host
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
env:
WATCHTOWER_CLEANUP: "true"
WATCHTOWER_SCHEDULE: "{{ woodpecker_watchtower_schedule }}"
WATCHTOWER_NO_STARTUP_MESSAGE: "true"
TZ: Europe/Berlin
image: containrrr/watchtower:latest
when: woodpecker_watchtower | bool

72
templates/server.env.j2 Normal file
View File

@ -0,0 +1,72 @@
# {{ ansible_managed }}
WOODPECKER_OPEN={{ woodpecker_open_registration }}
WOODPECKER_ORGS={{ woodpecker_allowed_organizations | default(None) }}
WOODPECKER_LETS_ENCRYPT=true
WOODPECKER_ADMIN={{ woodpecker_admins }}
WOODPECKER_REPO_OWNERS={{ woodpecker_repo_owners | default(None) }}
WOODPECKER_HOST={{ woodpecker_host }}
WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
{%- if woodpecker_database_driver is defined -%}
WOODPECKER_DATABASE_DRIVER={{ woodpecker_database_driver }}
WOODPECKER_DATABASE_DATASOURCE={{ woodpecker_database_datasource }}
{% endif %}
{%- if woodpecker_docker_config_path is defined -%}
WOODPECKER_DOCKER_CONFIG={{ woodpecker_docker_config_path }}
{% endif %}
{% if woodpecker_github %}
WOODPECKER_GITHUB=true
WOODPECKER_GITHUB_URL={{ woodpecker_github_url }}
WOODPECKER_GITHUB_CLIENT={{ woodpecker_github_client }}
WOODPECKER_GITHUB_SECRET={{ woodpecker_github_secret }}
WOODPECKER_GITHUB_SCOPE={{ woodpecker_github_scope | default(None) }}
WOODPECKER_GITHUB_GIT_USERNAME={{ woodpecker_github_git_username | default(None) }}
WOODPECKER_GITHUB_GIT_PASSWORD={{ woodpecker_github_git_password | default(None) }}
WOODPECKER_GITHUB_PRIVATE_MODE={{ woodpecker_github_private_mode | default(None) }}
WOODPECKER_GITHUB_MERGE_REF={{ woodpecker_github_merge_ref | default(None) }}
WOODPECKER_GITHUB_CONTEXT={{ woodpecker_github_context | default(None) }}
WOODPECKER_GITHUB_SKIP_VERIFY={{ woodpecker_github_skip_verify | default(None) }}
{% endif %}
{% if woodpecker_gitea %}
WOODPECKER_GITEA=true
WOODPECKER_GITEA_URL={{ woodpecker_gitea_url }}
WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client }}
WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_secret }}
WOODPECKER_GITEA_CONTEXT={{ woodpecker_gitea_context | default(None) }}
WOODPECKER_GITEA_GIT_USERNAME={{ woodpecker_gitea_git_username | default(None) }}
WOODPECKER_GITEA_GIT_PASSWORD={{ woodpecker_gitea_git_password | default(None) }}
WOODPECKER_GITEA_PRIVATE_MODE={{ woodpecker_gitea_private_mode | default(None) }}
WOODPECKER_GITEA_SKIP_VERIFY={{ woodpecker_gitea_skip_verify | default(None) }}
{% endif %}
{% if woodpecker_gitlab %}
WOODPECKER_GITLAB=true
WOODPECKER_GITLAB_URL={{ woodpecker_gitlab_url }}
WOODPECKER_GITLAB_CLIENT={{ woodpecker_gitlab_client }}
WOODPECKER_GITLAB_SECRET={{ woodpecker_gitlab_secret }}
WOODPECKER_GITLAB_CONTEXT={{ woodpecker_gitlab_context | default(None) }}
WOODPECKER_GITLAB_GIT_USERNAME={{ woodpecker_gitlab_git_username | default(None) }}
WOODPECKER_GITLAB_GIT_PASSWORD={{ woodpecker_gitlab_git_password | default(None) }}
WOODPECKER_GITLAB_PRIVATE_MODE={{ woodpecker_gitlab_private_mode | default(None) }}
WOODPECKER_GITLAB_SKIP_VERIFY={{ woodpecker_gitlab_skip_verify | default(None) }}
{% endif %}
{% if woodpecker_bitbucket %}
WOODPECKER_BITBUCKET=true
WOODPECKER_BITBUCKET_CLIENT={{ woodpecker_bitbucket_client }}
WOODPECKER_BITBUCKET_SECRET={{ woodpecker_bitbucket_secret }}
{% endif %}
{% if woodpecker_bitbucket_server %}
WOODPECKER_STASH=true
WOODPECKER_STASH_URL={{ woodpecker_bitbucket_server_url }}
WOODPECKER_STASH_CONSUMER_KEY={{ woodpecker_bitbucket_server_consumer_key }}
WOODPECKER_STASH_CONSUMER_RSA={{ woodpecker_bitbucket_server_consumer_rsa }}
WOODPECKER_STASH_CONSUMER_RSA_STRING={{ woodpecker_bitbucket_server_consumer_rsa_string | default(None) }}
WOODPECKER_STASH_GIT_USERNAME={{ woodpecker_bitbucket_server_git_username }}
WOODPECKER_STASH_GIT_PASSWORD={{ woodpecker_bitbucket_server_git_password }}
{% endif %}