Flesh out Woodpecker CI article
This commit is contained in:
parent
0f59c6c81a
commit
60e7180df3
@ -5,10 +5,15 @@ visible: true
|
||||
|
||||
[toc]
|
||||
|
||||
This page details installation instructions for Woodpecker CI with a connection to a self-hosted [Gitea](/linux/gitea) instance.
|
||||
Woodpecker will be deployed as a container.
|
||||
|
||||
## Podman
|
||||
|
||||
### Network and Pod
|
||||
|
||||
Multiple containers will be created. To separate them from other containers while also simplifying access between member containers, a container network and pod are created.
|
||||
|
||||
```sh
|
||||
podman network create net_woodpecker
|
||||
podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p 9000:9000
|
||||
@ -16,6 +21,8 @@ podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p
|
||||
|
||||
#### Port Mappings
|
||||
|
||||
Woodpecker CI uses these ports for outside communication by default.
|
||||
|
||||
```
|
||||
8000: Woodpecker HTTP listener, Configurable with "WOODPECKER_SERVER_ADDR"
|
||||
9000: Woodpecker gRPC listener, Configurable with "WOODPECKER_GRPC_ADDR"
|
||||
@ -23,6 +30,8 @@ podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p
|
||||
|
||||
### Database
|
||||
|
||||
The database container is standard PostgreSQL.
|
||||
|
||||
```sh
|
||||
podman run --name woodpeckerdb \
|
||||
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||
@ -38,6 +47,8 @@ podman run --name woodpeckerdb \
|
||||
|
||||
> [Official Documentation](https://woodpecker-ci.org/docs/administration/server-config)
|
||||
|
||||
These options apply regardless of the Git Forge you want to use.
|
||||
|
||||
```sh
|
||||
podman run --name woodpecker-server -t \
|
||||
-e WOODPECKER_HOST=https://(hostname/ip address) \
|
||||
@ -57,10 +68,6 @@ If one wanted to add a user manually: `$ woodpecker-cli user add`
|
||||
Generate `WOODPECKER_AGENT_SECRET` with this command:
|
||||
`$ openssl rand -hex 32`
|
||||
|
||||
#### GitHub
|
||||
|
||||
_TODO_
|
||||
|
||||
#### Gitea
|
||||
|
||||
> [Documentation](https://woodpecker-ci.org/docs/administration/vcs/gitea)
|
||||
@ -75,10 +82,10 @@ Add these environment variables to enable Woodpecker for a gitea server.
|
||||
-e WOODPECKER_GITEA_SKIP_VERIFY=false \
|
||||
```
|
||||
|
||||
I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration alerts due to a suspected DNS rebind attack.
|
||||
Therefor I set added an override rule for my gitea url in OPNsense (Services > Unbound DNS > Overrides)
|
||||
I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration is blocking the connection due to a suspected DNS rebind attack.
|
||||
A simple workaround is adding an override rule in OPNsense under `Services > Unbound DNS > Overrides`.
|
||||
|
||||
> [Reddit post I used as guidance](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/)
|
||||
> [Helpful Reddit post](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/)
|
||||
|
||||
#### GitLab
|
||||
|
||||
@ -95,6 +102,10 @@ Add these environment variables to enable GitLab in Woodpecker.
|
||||
|
||||
> [Official Documentation](https://woodpecker-ci.org/docs/administration/agent-config)
|
||||
|
||||
The Woodpecker agent must be deployed as a separate container.
|
||||
It needs access to the docker socket to spawn new container processes on the host.
|
||||
Podman isn't well supported currently, so I'll be using Docker for this one container instead (See below).
|
||||
|
||||
```sh
|
||||
docker run --name woodpecker-agent -t \
|
||||
-e WOODPECKER_SERVER=(url/ip):(grpc port) \
|
||||
@ -107,11 +118,9 @@ docker run --name woodpecker-agent -t \
|
||||
-d docker.io/woodpeckerci/woodpecker-agent:latest
|
||||
```
|
||||
|
||||
The Woodpecker agent needs access to the docker socket to spawn new container processes on the host.
|
||||
For now I'll be using docker to run my agents.
|
||||
#### Podman Socket Notes
|
||||
|
||||
Podman has support for using sockets since version 3.4.0.
|
||||
_TODO: try out socket access once Podman 3.4.0 is on my servers_
|
||||
_Recommended by Woodpecker is at least Podman 4.0_
|
||||
[Podman socket activation](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user