diff --git a/cluster/prod/app/woodpecker-ci/integration/README.md b/cluster/prod/app/woodpecker-ci/integration/README.md new file mode 100644 index 0000000..2477995 --- /dev/null +++ b/cluster/prod/app/woodpecker-ci/integration/README.md @@ -0,0 +1,54 @@ +## Install Debian + +We recommend Debian Bullseye + +## Install Docker CE from docker.io + +Do not use the docker engine shipped by Debian + +Doc: + + - https://docs.docker.com/engine/install/debian/ + - https://docs.docker.com/compose/install/ + +On a fresh install, as root: + +```bash +# Remove all pre-existing packages +for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do apt-get remove $pkg; done + +# Add Docker's official GPG key: +apt-get update +apt-get install ca-certificates curl +install -m 0755 -d /etc/apt/keyrings +curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +chmod a+r /etc/apt/keyrings/docker.asc + +# Add the repository to Apt sources: +echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null + apt-get update + +# Install Docker +apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +``` + +## Install the runner + +```bash +wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/nix.conf +wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/woodpecker-ci/integration/docker-compose.yml +``` + +Create a new Agent for your runner in the Woodpecker admin, and copy the agent secret value. + +Edit `docker-compose.yml` and insert your agent secret as the value for WOODPECKER_AGENT_SECRET. +Update other values including hostname and max workflows for your runner. + +```bash +COMPOSE_PROJECT_NAME=woodpecker docker-compose up -d +``` + +That's all folks. diff --git a/cluster/prod/app/woodpecker-ci/integration/docker-compose.yml b/cluster/prod/app/woodpecker-ci/integration/docker-compose.yml new file mode 100644 index 0000000..467207e --- /dev/null +++ b/cluster/prod/app/woodpecker-ci/integration/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3.4' +services: + nix-daemon: + image: nixpkgs/nix:nixos-22.05 + restart: always + command: nix-daemon + privileged: true + volumes: + - "nix:/nix" + - "./nix.conf:/etc/nix/nix.conf:ro" + + woodpecker-runner: + image: woodpeckerci/woodpecker-agent:v2.3.0 + restart: always + environment: + # -- change these for each agent + - WOODPECKER_HOSTNAME=i_forgot_to_change_my_runner_name + - WOODPECKER_AGENT_SECRET=xxxx + - WOODPECKER_MAX_WORKFLOWS=4 + # -- if not using COMPOSE_PROJECT_NAME=woodpecker, change name of volume to mount + - WOODPECKER_BACKEND_DOCKER_VOLUMES=woodpecker_nix:/nix:ro + # -- should not need change + - WOODPECKER_SERVER=woodpecker-grpc.deuxfleurs.fr:14453 + - WOODPECKER_HEALTHCHECK=false + - WOODPECKER_GRPC_SECURE=true + - WOODPECKER_LOG_LEVEL=info + - WOODPECKER_DEBUG_PRETTY=true + - WOODPECKER_ENVIRONMENT=NIX_REMOTE:daemon + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + +volumes: + nix: diff --git a/cluster/prod/app/woodpecker-ci/integration/nix.conf b/cluster/prod/app/woodpecker-ci/integration/nix.conf new file mode 100644 index 0000000..debea69 --- /dev/null +++ b/cluster/prod/app/woodpecker-ci/integration/nix.conf @@ -0,0 +1,9 @@ +substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr +trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs= +max-jobs = auto +cores = 0 +log-lines = 200 +filter-syscalls = true +sandbox = true +keep-outputs = true +keep-derivations = true