commit e251055dd73c8fe0968e7256ea7ab449eacd80b6 Author: rhiz0et Date: Sun Dec 19 23:44:51 2021 +0100 first commit diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..f833b5d --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,15 @@ +--- +pipeline: + molecule: + image: docker:stable-dind + pull: true + commands: + - apk add --no-cache python3 python3-dev py3-pip gcc git curl build-base + autoconf automake py3-cryptography linux-headers musl-dev libffi-dev + openssl-dev openssh + - docker info + - python3 --version + - python3 -m pip install ansible molecule[docker] + - ansible --version + - molecule --version + - molecule test diff --git a/README.md b/README.md new file mode 100644 index 0000000..cfb9624 --- /dev/null +++ b/README.md @@ -0,0 +1,42 @@ +# Ansible Role: woodpecker + +Installs woodpecker-ci server and agent as containers. + +All known versioning tools can be configured. + +Currently only Let's Encrypt certificates are supported and no self-created or self-signed certificates. + +## Requirements + +* [Docker Community Collection](https://galaxy.ansible.com/community/docker) + +* [Docker](https://github.com/geerlingguy/ansible-role-docker) +* [pip](https://github.com/geerlingguy/ansible-role-pip) + +## Role Variables + +Available variables are listed in `defaults/main.yml` and `templates/server.env.j2`. A lot of variables omitted by default. + +## Dependencies + +None. + +## Example Playbook + +```YAML +- hosts: server + become: true + roles: + - rhiz0et.woodpecker + vars: + woodpecker_admins: myadmin + woodpecker_host: https://ci.myhost.de +``` + +## License + +GPL-3.0-or-later + +## Author Information + +This role was created in 2021 by [rhiz0et](https://codeberg.org/rhiz0et). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..57487a2 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,73 @@ +--- +# Define the root directory for woodpecker files +woodpecker_rootdir: /opt/woodpecker + +# Define the container version of woodpecker +woodpecker_version: latest-alpine + +# Set to true to enable registration to all users in an organization +woodpecker_open_registration: true + +# Define the organizations which should run pipelines +# woodpecker_allowed_organizations: org1,org2 + +# Define the admins for woodpecker +woodpecker_admins: user1,user2 + +# Define which repos should be synced. Especially for github +# woodpecker_repo_owners: repo1,repo2 + +# Define the woodpecker domain +woodpecker_host: https://ci.example.com + +# Define the agent secret for the server and the agent: `pwgen 64 1` +woodpecker_agent_secret: "zueThahchohwee7ohvooqueSh8Pah8choodeibouyaing0mo5ang4xee0ong9bai" +# Define maximal processes for the agent +woodpecker_agent_max_procs: "2" + +# Define another database as sqlite3. You can choose between MySQL/MariaDB and PostgreSQL. +# Set this to `mysql` or `postgres` +# woodpecker_database_driver: postgres +# Define the datasource for the matching driver. +# More information: https://woodpecker-ci.org/docs/administration/database +# woodpecker_database_datasource: postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable + +# Define your own docker config +# woodpecker_docker_config_path: /home/user/.docker/config.json + +# Define github +woodpecker_github: false +woodpecker_github_url: https://github.com +woodpecker_github_client: 95c0282573633eb25e82 +woodpecker_github_secret: 30f5064039e6b359e075 + +# Define gitea +woodpecker_gitea: true +woodpecker_gitea_url: https://codeberg.org +woodpecker_gitea_client: 95c0282573633eb25e82 +woodpecker_gitea_secret: 30f5064039e6b359e075 + +# Define gitlab +woodpecker_gitlab: false +woodpecker_gitlab_url: http://gitlab.mycompany.com +woodpecker_gitlab_client: 95c0282573633eb25e82 +woodpecker_gitlab_secret: 30f5064039e6b359e075 + +# Define bitbucket +woodpecker_bitbucket: false +woodpecker_bitbucket_client: 95c0282573633eb25e82 +woodpecker_bitbucket_secret: 30f5064039e6b359e075 + +# Define bitbucket server +woodpecker_bitbucket_server: false +woodpecker_bitbucket_server_url: http://stash.mycompany.com +woodpecker_bitbucket_server_consumer_key: 95c0282573633eb25e82 +woodpecker_bitbucket_server_consumer_rsa: /etc/bitbucket/key.pem +woodpecker_bitbucket_server_git_username: foo +woodpecker_bitbucket_server_git_password: bar + +# Enable or disable watchtower for automatic updates of the containers +woodpecker_watchtower: true +# Define the schedule when watchtower should pull for new images and update the containers. +# "0 0 3 * * *" means every day at 3:00. +woodpecker_watchtower_schedule: "0 0 3 * * *" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..971625d --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,21 @@ +--- +dependencies: [] + +galaxy_info: + role_name: woodpecker + author: rhiz0et + description: Woodpecker-CI Server and Agent for most version control systems. + license: "license (GPL-3.0-or-later)" + min_ansible_version: 2.10 + platforms: + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - automation + - networking + - system + - ci diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..fcf5121 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,19 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update the apt cache + apt: + update_cache: true + + roles: + - role: geerlingguy.pip + vars: + pip_install_packages: + - name: docker + - role: geerlingguy.docker + vars: + - docker_install_compose: false + - role: rhiz0et.woodpecker diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..3ebb87e --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,17 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: "docker.io/geerlingguy/docker-debian11-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..50f4a83 --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.pip +- src: geerlingguy.docker diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c81e226 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,71 @@ +--- +- name: Create rootdir + ansible.builtin.file: + path: "{{ woodpecker_rootdir }}" + state: directory + owner: root + group: root + mode: 0755 + +- name: Template server.env-file + ansible.builtin.template: + src: server.env.j2 + dest: "{{ woodpecker_rootdir }}/server.env" + owner: root + group: root + mode: 0644 + +- name: Create the woodpecker network + community.docker.docker_network: + name: woodpecker-net + +- name: Create and start the woodpecker-server container + community.docker.docker_container: + name: woodpecker-server + restart_policy: always + pull: true + cap_drop: all + networks: + - name: woodpecker-net + published_ports: + - 80:80 + - 443:443 + volumes: + - "{{ woodpecker_rootdir }}/data:/var/lib/woodpecker" + env_file: "{{ woodpecker_rootdir }}/server.env" + image: "woodpeckerci/woodpecker-server:{{ woodpecker_version }}" + +- name: Create and start the woodpecker-agent container + community.docker.docker_container: + name: woodpecker-agent + restart_policy: always + pull: true + cap_drop: all + networks: + - name: woodpecker-net + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + env: + WOODPECKER_SERVER: woodpecker-server:9000 + WOODPECKER_AGENT_SECRET: "{{ woodpecker_agent_secret }}" + WOODPECKER_MAX_PROCS: "{{ woodpecker_agent_max_procs }}" + image: "woodpeckerci/woodpecker-agent:{{ woodpecker_version }}" + +- name: Create and start the watchtower container if wanted + docker_container: + name: watchtower + restart_policy: always + pull: true + networks: + - name: woodpecker-net + userns_mode: host + privileged: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + env: + WATCHTOWER_CLEANUP: "true" + WATCHTOWER_SCHEDULE: "{{ woodpecker_watchtower_schedule }}" + WATCHTOWER_NO_STARTUP_MESSAGE: "true" + TZ: Europe/Berlin + image: containrrr/watchtower:latest + when: woodpecker_watchtower | bool diff --git a/templates/server.env.j2 b/templates/server.env.j2 new file mode 100644 index 0000000..a4d8658 --- /dev/null +++ b/templates/server.env.j2 @@ -0,0 +1,72 @@ +# {{ ansible_managed }} + +WOODPECKER_OPEN={{ woodpecker_open_registration }} +WOODPECKER_ORGS={{ woodpecker_allowed_organizations | default(None) }} +WOODPECKER_LETS_ENCRYPT=true +WOODPECKER_ADMIN={{ woodpecker_admins }} +WOODPECKER_REPO_OWNERS={{ woodpecker_repo_owners | default(None) }} +WOODPECKER_HOST={{ woodpecker_host }} +WOODPECKER_AGENT_SECRET={{ woodpecker_agent_secret }} + +{%- if woodpecker_database_driver is defined -%} +WOODPECKER_DATABASE_DRIVER={{ woodpecker_database_driver }} +WOODPECKER_DATABASE_DATASOURCE={{ woodpecker_database_datasource }} +{% endif %} + +{%- if woodpecker_docker_config_path is defined -%} +WOODPECKER_DOCKER_CONFIG={{ woodpecker_docker_config_path }} +{% endif %} + +{% if woodpecker_github %} +WOODPECKER_GITHUB=true +WOODPECKER_GITHUB_URL={{ woodpecker_github_url }} +WOODPECKER_GITHUB_CLIENT={{ woodpecker_github_client }} +WOODPECKER_GITHUB_SECRET={{ woodpecker_github_secret }} +WOODPECKER_GITHUB_SCOPE={{ woodpecker_github_scope | default(None) }} +WOODPECKER_GITHUB_GIT_USERNAME={{ woodpecker_github_git_username | default(None) }} +WOODPECKER_GITHUB_GIT_PASSWORD={{ woodpecker_github_git_password | default(None) }} +WOODPECKER_GITHUB_PRIVATE_MODE={{ woodpecker_github_private_mode | default(None) }} +WOODPECKER_GITHUB_MERGE_REF={{ woodpecker_github_merge_ref | default(None) }} +WOODPECKER_GITHUB_CONTEXT={{ woodpecker_github_context | default(None) }} +WOODPECKER_GITHUB_SKIP_VERIFY={{ woodpecker_github_skip_verify | default(None) }} +{% endif %} + +{% if woodpecker_gitea %} +WOODPECKER_GITEA=true +WOODPECKER_GITEA_URL={{ woodpecker_gitea_url }} +WOODPECKER_GITEA_CLIENT={{ woodpecker_gitea_client }} +WOODPECKER_GITEA_SECRET={{ woodpecker_gitea_secret }} +WOODPECKER_GITEA_CONTEXT={{ woodpecker_gitea_context | default(None) }} +WOODPECKER_GITEA_GIT_USERNAME={{ woodpecker_gitea_git_username | default(None) }} +WOODPECKER_GITEA_GIT_PASSWORD={{ woodpecker_gitea_git_password | default(None) }} +WOODPECKER_GITEA_PRIVATE_MODE={{ woodpecker_gitea_private_mode | default(None) }} +WOODPECKER_GITEA_SKIP_VERIFY={{ woodpecker_gitea_skip_verify | default(None) }} +{% endif %} + +{% if woodpecker_gitlab %} +WOODPECKER_GITLAB=true +WOODPECKER_GITLAB_URL={{ woodpecker_gitlab_url }} +WOODPECKER_GITLAB_CLIENT={{ woodpecker_gitlab_client }} +WOODPECKER_GITLAB_SECRET={{ woodpecker_gitlab_secret }} +WOODPECKER_GITLAB_CONTEXT={{ woodpecker_gitlab_context | default(None) }} +WOODPECKER_GITLAB_GIT_USERNAME={{ woodpecker_gitlab_git_username | default(None) }} +WOODPECKER_GITLAB_GIT_PASSWORD={{ woodpecker_gitlab_git_password | default(None) }} +WOODPECKER_GITLAB_PRIVATE_MODE={{ woodpecker_gitlab_private_mode | default(None) }} +WOODPECKER_GITLAB_SKIP_VERIFY={{ woodpecker_gitlab_skip_verify | default(None) }} +{% endif %} + +{% if woodpecker_bitbucket %} +WOODPECKER_BITBUCKET=true +WOODPECKER_BITBUCKET_CLIENT={{ woodpecker_bitbucket_client }} +WOODPECKER_BITBUCKET_SECRET={{ woodpecker_bitbucket_secret }} +{% endif %} + +{% if woodpecker_bitbucket_server %} +WOODPECKER_STASH=true +WOODPECKER_STASH_URL={{ woodpecker_bitbucket_server_url }} +WOODPECKER_STASH_CONSUMER_KEY={{ woodpecker_bitbucket_server_consumer_key }} +WOODPECKER_STASH_CONSUMER_RSA={{ woodpecker_bitbucket_server_consumer_rsa }} +WOODPECKER_STASH_CONSUMER_RSA_STRING={{ woodpecker_bitbucket_server_consumer_rsa_string | default(None) }} +WOODPECKER_STASH_GIT_USERNAME={{ woodpecker_bitbucket_server_git_username }} +WOODPECKER_STASH_GIT_PASSWORD={{ woodpecker_bitbucket_server_git_password }} +{% endif %}