first commit

.woodpecker.yml

@@ -0,0 +1,15 @@
+---
+pipeline:
+  molecule:
+    image: docker:stable-dind
+    pull: true
+    commands:
+      - apk add --no-cache python3 python3-dev py3-pip gcc git curl build-base
+        autoconf automake py3-cryptography linux-headers musl-dev libffi-dev 
+        openssl-dev openssh
+      - docker info
+      - python3 --version
+      - python3 -m pip install ansible molecule[docker]
+      - ansible --version
+      - molecule --version
+      - molecule test

README.md

@@ -0,0 +1,42 @@
+# Ansible Role: woodpecker
+
+Installs woodpecker-ci server and agent as containers.
+
+All known versioning tools can be configured.
+
+Currently only Let's Encrypt certificates are supported and no self-created or self-signed certificates.
+
+## Requirements
+
+* [Docker Community Collection](https://galaxy.ansible.com/community/docker)
+
+* [Docker](https://github.com/geerlingguy/ansible-role-docker)
+* [pip](https://github.com/geerlingguy/ansible-role-pip)
+
+## Role Variables
+
+Available variables are listed in `defaults/main.yml` and `templates/server.env.j2`. A lot of variables omitted by default.
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+```YAML
+- hosts: server
+  become: true
+  roles:
+    - rhiz0et.woodpecker
+  vars:
+    woodpecker_admins: myadmin
+    woodpecker_host: https://ci.myhost.de
+```
+
+## License
+
+GPL-3.0-or-later
+
+## Author Information
+
+This role was created in 2021 by [rhiz0et](https://codeberg.org/rhiz0et).

defaults/main.yml

@@ -0,0 +1,73 @@
+---
+# Define the root directory for woodpecker files
+woodpecker_rootdir: /opt/woodpecker
+
+# Define the container version of woodpecker
+woodpecker_version: latest-alpine
+
+# Set to true to enable registration to all users in an organization
+woodpecker_open_registration: true
+
+# Define the organizations which should run pipelines
+# woodpecker_allowed_organizations: org1,org2
+
+# Define the admins for woodpecker
+woodpecker_admins: user1,user2
+
+# Define which repos should be synced. Especially for github
+# woodpecker_repo_owners: repo1,repo2
+
+# Define the woodpecker domain
+woodpecker_host: https://ci.example.com
+
+# Define the agent secret for the server and the agent: `pwgen 64 1`
+woodpecker_agent_secret: "zueThahchohwee7ohvooqueSh8Pah8choodeibouyaing0mo5ang4xee0ong9bai"
+# Define maximal processes for the agent
+woodpecker_agent_max_procs: "2"
+
+# Define another database as sqlite3. You can choose between MySQL/MariaDB and PostgreSQL.
+# Set this to `mysql` or `postgres`
+# woodpecker_database_driver: postgres
+# Define the datasource for the matching driver.
+# More information: https://woodpecker-ci.org/docs/administration/database
+# woodpecker_database_datasource: postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable
+
+# Define your own docker config
+# woodpecker_docker_config_path: /home/user/.docker/config.json
+
+# Define github
+woodpecker_github: false
+woodpecker_github_url: https://github.com
+woodpecker_github_client: 95c0282573633eb25e82
+woodpecker_github_secret: 30f5064039e6b359e075
+
+# Define gitea
+woodpecker_gitea: true
+woodpecker_gitea_url: https://codeberg.org
+woodpecker_gitea_client: 95c0282573633eb25e82
+woodpecker_gitea_secret: 30f5064039e6b359e075
+
+# Define gitlab
+woodpecker_gitlab: false
+woodpecker_gitlab_url: http://gitlab.mycompany.com
+woodpecker_gitlab_client: 95c0282573633eb25e82
+woodpecker_gitlab_secret: 30f5064039e6b359e075
+
+# Define bitbucket
+woodpecker_bitbucket: false
+woodpecker_bitbucket_client: 95c0282573633eb25e82
+woodpecker_bitbucket_secret: 30f5064039e6b359e075
+
+# Define bitbucket server
+woodpecker_bitbucket_server: false
+woodpecker_bitbucket_server_url: http://stash.mycompany.com
+woodpecker_bitbucket_server_consumer_key: 95c0282573633eb25e82
+woodpecker_bitbucket_server_consumer_rsa: /etc/bitbucket/key.pem
+woodpecker_bitbucket_server_git_username: foo
+woodpecker_bitbucket_server_git_password: bar
+
+# Enable or disable watchtower for automatic updates of the containers
+woodpecker_watchtower: true
+# Define the schedule when watchtower should pull for new images and update the containers.
+# "0 0 3 * * *" means every day at 3:00.
+woodpecker_watchtower_schedule: "0 0 3 * * *"

meta/main.yml

@@ -0,0 +1,21 @@
+---
+dependencies: []
+
+galaxy_info:
+  role_name: woodpecker
+  author: rhiz0et
+  description: Woodpecker-CI Server and Agent for most version control systems.
+  license: "license (GPL-3.0-or-later)"
+  min_ansible_version: 2.10
+  platforms:
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+  galaxy_tags:
+    - automation
+    - networking
+    - system
+    - ci

molecule/default/converge.yml

@@ -0,0 +1,19 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+
+  pre_tasks:
+    - name: Update the apt cache
+      apt:
+        update_cache: true
+
+  roles:
+    - role: geerlingguy.pip
+      vars:
+        pip_install_packages:
+          - name: docker
+    - role: geerlingguy.docker
+      vars:
+        - docker_install_compose: false
+    - role: rhiz0et.woodpecker

molecule/default/molecule.yml

@@ -0,0 +1,17 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: "docker.io/geerlingguy/docker-debian11-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}

molecule/default/requirements.yml

@@ -0,0 +1,3 @@
+---
+- src: geerlingguy.pip
+- src: geerlingguy.docker

tasks/main.yml

@@ -0,0 +1,71 @@
+---
+- name: Create rootdir
+  ansible.builtin.file:
+    path: "{{ woodpecker_rootdir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Template server.env-file
+  ansible.builtin.template:
+    src: server.env.j2
+    dest: "{{ woodpecker_rootdir }}/server.env"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Create the woodpecker network
+  community.docker.docker_network:
+    name: woodpecker-net
+
+- name: Create and start the woodpecker-server container
+  community.docker.docker_container:
+    name: woodpecker-server
+    restart_policy: always
+    pull: true
+    cap_drop: all
+    networks:
+      - name: woodpecker-net
+    published_ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - "{{ woodpecker_rootdir }}/data:/var/lib/woodpecker"
+    env_file: "{{ woodpecker_rootdir }}/server.env"
+    image: "woodpeckerci/woodpecker-server:{{ woodpecker_version }}"
+
+- name: Create and start the woodpecker-agent container
+  community.docker.docker_container:
+    name: woodpecker-agent
+    restart_policy: always
+    pull: true
+    cap_drop: all
+    networks:
+      - name: woodpecker-net
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    env:
+      WOODPECKER_SERVER: woodpecker-server:9000
+      WOODPECKER_AGENT_SECRET: "{{ woodpecker_agent_secret }}"
+      WOODPECKER_MAX_PROCS: "{{ woodpecker_agent_max_procs }}"
+    image: "woodpeckerci/woodpecker-agent:{{ woodpecker_version }}"
+
+- name: Create and start the watchtower container if wanted
+  docker_container:
+    name: watchtower
+    restart_policy: always
+    pull: true
+    networks:
+      - name: woodpecker-net
+    userns_mode: host
+    privileged: true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    env:
+      WATCHTOWER_CLEANUP: "true"
+      WATCHTOWER_SCHEDULE: "{{ woodpecker_watchtower_schedule }}"
+      WATCHTOWER_NO_STARTUP_MESSAGE: "true"
+      TZ: Europe/Berlin
+    image: containrrr/watchtower:latest
+  when: woodpecker_watchtower | bool

templates/server.env.j2

@@ -0,0 +1,72 @@
+# {{ ansible_managed }}
+
+WOODPECKER_OPEN={{ woodpecker_open_registration }}
+WOODPECKER_ORGS={{ woodpecker_allowed_organizations | default(None) }}
+WOODPECKER_LETS_ENCRYPT=true
+WOODPECKER_ADMIN={{ woodpecker_admins }}
+WOODPECKER_REPO_OWNERS={{ woodpecker_repo_owners | default(None) }}
+WOODPECKER_HOST={{ woodpecker_host }}
+WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }}
+
+{%- if woodpecker_database_driver is defined -%}
+WOODPECKER_DATABASE_DRIVER={{ woodpecker_database_driver }}
+WOODPECKER_DATABASE_DATASOURCE={{ woodpecker_database_datasource }}
+{% endif %}
+
+{%- if woodpecker_docker_config_path is defined -%}
+WOODPECKER_DOCKER_CONFIG={{ woodpecker_docker_config_path }}
+{% endif %}
+
+{% if woodpecker_github %}
+WOODPECKER_GITHUB=true
+WOODPECKER_GITHUB_URL={{ woodpecker_github_url }}
+WOODPECKER_GITHUB_CLIENT={{ woodpecker_github_client }}
+WOODPECKER_GITHUB_SECRET={{ woodpecker_github_secret }}
+WOODPECKER_GITHUB_SCOPE={{ woodpecker_github_scope | default(None) }}
+WOODPECKER_GITHUB_GIT_USERNAME={{ woodpecker_github_git_username | default(None) }}
+WOODPECKER_GITHUB_GIT_PASSWORD={{ woodpecker_github_git_password | default(None) }}
+WOODPECKER_GITHUB_PRIVATE_MODE={{ woodpecker_github_private_mode | default(None) }}
+WOODPECKER_GITHUB_MERGE_REF={{ woodpecker_github_merge_ref | default(None) }}
+WOODPECKER_GITHUB_CONTEXT={{ woodpecker_github_context | default(None) }}
+WOODPECKER_GITHUB_SKIP_VERIFY={{ woodpecker_github_skip_verify | default(None) }}
+{% endif %}
+
+{% if woodpecker_gitea %}
+WOODPECKER_GITEA=true
+WOODPECKER_GITEA_URL={{ woodpecker_gitea_url }}
+WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client }}
+WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_secret }}
+WOODPECKER_GITEA_CONTEXT={{ woodpecker_gitea_context | default(None) }}
+WOODPECKER_GITEA_GIT_USERNAME={{ woodpecker_gitea_git_username | default(None) }}
+WOODPECKER_GITEA_GIT_PASSWORD={{ woodpecker_gitea_git_password | default(None) }}
+WOODPECKER_GITEA_PRIVATE_MODE={{ woodpecker_gitea_private_mode | default(None) }}
+WOODPECKER_GITEA_SKIP_VERIFY={{ woodpecker_gitea_skip_verify | default(None) }}
+{% endif %}
+
+{% if woodpecker_gitlab %}
+WOODPECKER_GITLAB=true
+WOODPECKER_GITLAB_URL={{ woodpecker_gitlab_url }}
+WOODPECKER_GITLAB_CLIENT={{ woodpecker_gitlab_client }}
+WOODPECKER_GITLAB_SECRET={{ woodpecker_gitlab_secret }}
+WOODPECKER_GITLAB_CONTEXT={{ woodpecker_gitlab_context | default(None) }}
+WOODPECKER_GITLAB_GIT_USERNAME={{ woodpecker_gitlab_git_username | default(None) }}
+WOODPECKER_GITLAB_GIT_PASSWORD={{ woodpecker_gitlab_git_password | default(None) }}
+WOODPECKER_GITLAB_PRIVATE_MODE={{ woodpecker_gitlab_private_mode | default(None) }}
+WOODPECKER_GITLAB_SKIP_VERIFY={{ woodpecker_gitlab_skip_verify | default(None) }}
+{% endif %}
+
+{% if woodpecker_bitbucket %}
+WOODPECKER_BITBUCKET=true
+WOODPECKER_BITBUCKET_CLIENT={{ woodpecker_bitbucket_client }}
+WOODPECKER_BITBUCKET_SECRET={{ woodpecker_bitbucket_secret }}
+{% endif %}
+
+{% if woodpecker_bitbucket_server %}
+WOODPECKER_STASH=true
+WOODPECKER_STASH_URL={{ woodpecker_bitbucket_server_url }}
+WOODPECKER_STASH_CONSUMER_KEY={{ woodpecker_bitbucket_server_consumer_key }}
+WOODPECKER_STASH_CONSUMER_RSA={{ woodpecker_bitbucket_server_consumer_rsa }}
+WOODPECKER_STASH_CONSUMER_RSA_STRING={{ woodpecker_bitbucket_server_consumer_rsa_string | default(None) }}
+WOODPECKER_STASH_GIT_USERNAME={{ woodpecker_bitbucket_server_git_username }}
+WOODPECKER_STASH_GIT_PASSWORD={{ woodpecker_bitbucket_server_git_password }}
+{% endif %}