Finish woodpecker wiki article
This commit is contained in:
parent
6a43d874cd
commit
7393100b32
@ -4,42 +4,103 @@ title: 'Woodpecker CI'
|
|||||||
|
|
||||||
[toc]
|
[toc]
|
||||||
## Podman
|
## Podman
|
||||||
### Pod
|
### Network and Pod
|
||||||
`# podman pod create --name woodpecker -p 8000:8000`
|
`# podman network create net_woodpecker`
|
||||||
### Server
|
`# podman pod create --name pod_woodpecker --network net_woodpecker -p 8000:8000 -p 9000:9000`
|
||||||
|
|
||||||
|
#### Port Mappings
|
||||||
|
```
|
||||||
|
8000: Woodpecker HTTP listener, Configurable with "WOODPECKER_SERVER_ADDR"
|
||||||
|
9000: Woodpecker gRPC listener, Configurable with "WOODPECKER_GRPC_ADDR"
|
||||||
|
```
|
||||||
|
|
||||||
|
### Database
|
||||||
|
```
|
||||||
|
# podman run --name woodpeckerdb \
|
||||||
|
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||||||
|
-e POSTGRES_USER=woodpecker \
|
||||||
|
-e POSTGRES_PASSWORD=woodpecker \
|
||||||
|
-e POSTGRES_DB=woodpecker \
|
||||||
|
-v /mnt/postgres-woodpecker:/var/lib/postgresql/data \
|
||||||
|
--pod pod_woodpecker \
|
||||||
|
-d docker.io/postgres
|
||||||
|
```
|
||||||
|
|
||||||
|
### Application server
|
||||||
|
> [Official Documentation](https://woodpecker-ci.org/docs/administration/server-config)
|
||||||
|
|
||||||
```
|
```
|
||||||
# podman run --name woodpecker-server -t \
|
# podman run --name woodpecker-server -t \
|
||||||
-e WOODPECKER_OPEN=true \
|
-e WOODPECKER_HOST=https://(hostname/ip address) \
|
||||||
-e WOODPECKER_HOST=${WOODPECKER_HOST} \
|
-e WOODPECKER_ADMIN=RealStickman \
|
||||||
-e WOODPECKER_GITEA=true
|
-e WOODPECKER_REPO_OWNERS=RealStickman \
|
||||||
-e WOODPECKER_GITEA_URL=${WOODPECKER_GITEA_URL}
|
-e WOODPECKER_OPEN=false \
|
||||||
-e WOODPECKER_GITEA_CLIENT=${WOODPECKER_GITEA_CLIENT}
|
-e WOODPECKER_AGENT_SECRET=(shared secret for server and agents) \
|
||||||
-e WOODPECKER_GITEA_SECRET=${WOODPECKER_GITEA_SECRET}
|
|
||||||
-e WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} \
|
|
||||||
-e WOODPECKER_DATABASE_DRIVER=postgres \
|
-e WOODPECKER_DATABASE_DRIVER=postgres \
|
||||||
-e WOODPECKER_DATABASE_DATASOURCE=postgres://root:password@1.2.3.4:5432/postgres?sslmode=disable \
|
-e WOODPECKER_DATABASE_DATASOURCE='postgres://(user):(password)@woodpeckerdb:5432/(database)?sslmode=disable' \
|
||||||
-v /mnt/woodpecker:/var/lib/woodpecker/ \
|
-v /mnt/woodpecker:/var/lib/woodpecker/ \
|
||||||
--pod=woodpecker \
|
--pod pod_woodpecker \
|
||||||
-d docker.io/woodpeckerci/woodpecker-server:latest
|
-d docker.io/woodpeckerci/woodpecker-server:latest
|
||||||
```
|
```
|
||||||
### Agent
|
|
||||||
|
If `WOODPECKER_OPEN` is set to `true`, any user present on the connected git server could log in to woodpecker.
|
||||||
|
I'm using `WOODPECKER_REPO_OWNERS` instead to allow my user on woodpecker without having to add it manually using the CLI.
|
||||||
|
If one wanted to add a user manually: `$ woodpecker-cli user add`
|
||||||
|
|
||||||
|
Generate `WOODPECKER_AGENT_SECRET` with this command:
|
||||||
|
`$ openssl rand -hex 32`
|
||||||
|
|
||||||
|
#### GitHub
|
||||||
|
*TODO*
|
||||||
|
|
||||||
|
#### Gitea
|
||||||
|
> [Documentation](https://woodpecker-ci.org/docs/administration/vcs/gitea)
|
||||||
|
|
||||||
|
Add these environment variables to enable Woodpecker for a gitea server.
|
||||||
|
```
|
||||||
|
-e WOODPECKER_GITEA=true \
|
||||||
|
-e WOODPECKER_GITEA_URL=https://(gitea url) \
|
||||||
|
-e WOODPECKER_GITEA_CLIENT='(oauth client id)' \
|
||||||
|
-e WOODPECKER_GITEA_SECRET='(oauth client secret)' \
|
||||||
|
-e WOODPECKER_GITEA_SKIP_VERIFY=false \
|
||||||
|
```
|
||||||
|
|
||||||
|
I run gitea and woodpecker behind an OPNsense firewall. The default NAT configuration alerts due to a suspected DNS rebind attack.
|
||||||
|
Therefor I set added an override rule for my gitea url in OPNsense (Services > Unbound DNS > Overrides)
|
||||||
|
|
||||||
|
> [Reddit post I used as guidance](https://www.reddit.com/r/OPNsenseFirewall/comments/lrmtsz/a_potential_dns_rebind_attack/)
|
||||||
|
|
||||||
|
#### GitLab
|
||||||
|
Add these environment variables to enable GitLab in Woodpecker.
|
||||||
|
```
|
||||||
|
-e WOODPECKER_GITLAB=true \
|
||||||
|
-e WOODPECKER_GITLAB_URL=https://(gitlab url) \
|
||||||
|
-e WOODPECKER_GITLAB_CLIENT=(oauth client id) \
|
||||||
|
-e WOODPECKER_GITLAB_SECRET=(oauth client secret) \
|
||||||
|
```
|
||||||
|
|
||||||
|
### Application agent
|
||||||
|
> [Official Documentation](https://woodpecker-ci.org/docs/administration/agent-config)
|
||||||
|
|
||||||
```
|
```
|
||||||
# podman run --name woodpecker-agent -t \
|
# podman run --name woodpecker-agent -t \
|
||||||
-e WOODPECKER_SERVER=woodpecker-server:9000 \
|
-e WOODPECKER_SERVER=(url/ip):(grpc port) \
|
||||||
-e WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET} \
|
-e WOODPECKER_AGENT_SECRET=(shared secret for server and agents) \
|
||||||
--pod=woodpecker \
|
-e WOODPECKER_HOSTNAME=(agent hostname, def: empty) \
|
||||||
|
-e WOODPECKER_MAX_PROCS=(number of parallel builds, def: 1) \
|
||||||
|
-e WOODPECKER_GRPC_SECURE=true \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
-d docker.io/woodpeckerci/woodpecker-agent:latest
|
-d docker.io/woodpeckerci/woodpecker-agent:latest
|
||||||
```
|
```
|
||||||
|
|
||||||
woodpecker-agent:
|
The Woodpecker agent needs access to the docker socket to spawn new container processes on the host.
|
||||||
image: woodpeckerci/woodpecker-agent:latest
|
For now I'll be using docker to run my agents.
|
||||||
command: agent
|
|
||||||
restart: always
|
Podman has support for using sockets since version 3.4.0.
|
||||||
depends_on:
|
*TODO: try out socket access once Podman 3.4.0 is on my servers*
|
||||||
- woodpecker-server
|
*Recommended by Woodpecker is at least Podman 4.0*
|
||||||
volumes:
|
[Podman socket activation](https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md)
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
environment:
|
[Woodpecker note on using Podman](https://github.com/woodpecker-ci/woodpecker/blob/master/docs/docs/30-administration/22-backends/10-docker.md#podman-support)
|
||||||
- WOODPECKER_SERVER=woodpecker-server:9000
|
[Woodpecker issue about Podman](https://github.com/woodpecker-ci/woodpecker/issues/85)
|
||||||
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
[Woodpecker PR for Podman backend](https://github.com/woodpecker-ci/woodpecker/pull/305)
|
||||||
|
Loading…
Reference in New Issue
Block a user