Nixius
/
authelia
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/.woodpecker.yml

284 lines
11 KiB
YAML
Raw Blame History

labels:
location: manager
clone:
git:
image: woodpeckerci/plugin-git
settings:
partial: false
depth: 1
recursive: true
steps:
# Build and Push for Staging
build-push-staging:
name: build-push-staging
image: woodpeckerci/plugin-docker-buildx
environment:
REGISTRY_USER:
from_secret: REGISTRY_USER
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
DOCKER_REGISTRY_USER:
from_secret: DOCKER_REGISTRY_USER
DOCKER_REGISTRY_PASSWORD:
from_secret: DOCKER_REGISTRY_PASSWORD
# Authelia Core Secrets
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
STORAGE_ENCRYPTION_KEY:
from_secret: STORAGE_ENCRYPTION_KEY
SESSION_SECRET:
from_secret: SESSION_SECRET
NOTIFIER_SMTP_PASSWORD:
from_secret: NOTIFIER_SMTP_PASSWORD
# OIDC Secrets
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
# # Client Secrets
# CLIENT_SECRET_HEADSCALE:
# from_secret: CLIENT_SECRET_HEADSCALE
# CLIENT_SECRET_HEADADMIN:
# from_secret: CLIENT_SECRET_HEADADMIN
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- echo "Logging into registries"
- echo "$${DOCKER_REGISTRY_PASSWORD}" | docker login -u "$${DOCKER_REGISTRY_USER}" --password-stdin
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- echo "Building and pushing application for staging"
- docker compose -f docker-compose.staging.yml build --no-cache
- docker compose -f docker-compose.staging.yml push
when:
branch: main
event: push
# Deploy Staging
deploy-staging:
name: deploy-staging
image: woodpeckerci/plugin-docker-buildx
environment:
REGISTRY_USER:
from_secret: REGISTRY_USER
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
# Authelia Core Secrets
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
STORAGE_ENCRYPTION_KEY:
from_secret: STORAGE_ENCRYPTION_KEY
SESSION_SECRET:
from_secret: SESSION_SECRET
NOTIFIER_SMTP_PASSWORD:
from_secret: NOTIFIER_SMTP_PASSWORD
# OIDC Secrets
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
# Client Secrets
CLIENT_SECRET_HEADSCALE:
from_secret: CLIENT_SECRET_HEADSCALE
CLIENT_SECRET_HEADADMIN:
from_secret: CLIENT_SECRET_HEADADMIN
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- echo "Deploying to staging environment"
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- docker stack deploy --with-registry-auth -c ./stack.staging.yml $${CI_REPO_NAME}-staging
when:
branch: main
event: push
# Cleanup Staging
cleanup-staging:
name: cleanup-staging
image: woodpeckerci/plugin-docker-buildx
environment:
REGISTRY_USER:
from_secret: REGISTRY_USER
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- echo "Cleaning up staging environment"
- for i in {1..5}; do docker stack rm ${CI_REPO_NAME}-staging && break || sleep 10; done
- docker compose -f docker-compose.staging.yml down
- docker compose -f docker-compose.staging.yml rm -f
when:
branch: main
event: push
# Build and Push for Production
build-push-production:
name: build-push-production
image: woodpeckerci/plugin-docker-buildx
environment:
REGISTRY_USER:
from_secret: REGISTRY_USER
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
DOCKER_REGISTRY_USER:
from_secret: DOCKER_REGISTRY_USER
DOCKER_REGISTRY_PASSWORD:
from_secret: DOCKER_REGISTRY_PASSWORD
# Authelia Core Secrets
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
STORAGE_ENCRYPTION_KEY:
from_secret: STORAGE_ENCRYPTION_KEY
SESSION_SECRET:
from_secret: SESSION_SECRET
NOTIFIER_SMTP_PASSWORD:
from_secret: NOTIFIER_SMTP_PASSWORD
# OIDC Secrets
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
# Client Secrets
CLIENT_SECRET_HEADSCALE:
from_secret: CLIENT_SECRET_HEADSCALE
CLIENT_SECRET_HEADADMIN:
from_secret: CLIENT_SECRET_HEADADMIN
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- echo "Logging into registries"
- echo "$${DOCKER_REGISTRY_PASSWORD}" | docker login -u "$${DOCKER_REGISTRY_USER}" --password-stdin
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- echo "Building and pushing application for production"
- docker compose -f docker-compose.production.yml build --no-cache
- docker compose -f docker-compose.production.yml push
when:
branch: main
event: [push, cron]
# Create Docker Secrets
create-docker-secrets:
name: create-docker-secrets
image: woodpeckerci/plugin-docker-buildx
environment:
REGISTRY_USER:
from_secret: REGISTRY_USER
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
# Authelia Core Secrets
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
STORAGE_ENCRYPTION_KEY:
from_secret: STORAGE_ENCRYPTION_KEY
SESSION_SECRET:
from_secret: SESSION_SECRET
NOTIFIER_SMTP_PASSWORD:
from_secret: NOTIFIER_SMTP_PASSWORD
# OIDC Secrets
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
# Client Secrets
CLIENT_SECRET_HEADSCALE:
from_secret: CLIENT_SECRET_HEADSCALE
CLIENT_SECRET_HEADADMIN:
from_secret: CLIENT_SECRET_HEADADMIN
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- docker secret rm AUTHENTICATION_BACKEND_LDAP_PASSWORD || true
- docker secret rm IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET || true
- docker secret rm STORAGE_ENCRYPTION_KEY || true
- docker secret rm SESSION_SECRET || true
- docker secret rm NOTIFIER_SMTP_PASSWORD || true
- docker secret rm IDENTITY_PROVIDERS_OIDC_HMAC_SECRET || true
- docker secret rm IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY || true
- docker secret rm IDENTITY_PROVIDERS_OIDC_JWKS_KEY || true
- docker secret rm CLIENT_SECRET_HEADSCALE || true
- docker secret rm CLIENT_SECRET_HEADADMIN || true
- echo "$${AUTHENTICATION_BACKEND_LDAP_PASSWORD}" | docker secret create AUTHENTICATION_BACKEND_LDAP_PASSWORD -
- echo "$${IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET}" | docker secret create IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET -
- echo "$${STORAGE_ENCRYPTION_KEY}" | docker secret create STORAGE_ENCRYPTION_KEY -
- echo "$${SESSION_SECRET}" | docker secret create SESSION_SECRET -
- echo "$${NOTIFIER_SMTP_PASSWORD}" | docker secret create NOTIFIER_SMTP_PASSWORD -
- echo "$${IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}" | docker secret create IDENTITY_PROVIDERS_OIDC_HMAC_SECRET -
- echo "$${IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY}" | docker secret create IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY -
- echo "$${IDENTITY_PROVIDERS_OIDC_JWKS_KEY}" | docker secret create IDENTITY_PROVIDERS_OIDC_JWKS_KEY -
- echo "$${CLIENT_SECRET_HEADSCALE}" | docker secret create CLIENT_SECRET_HEADSCALE -
- echo "$${CLIENT_SECRET_HEADADMIN}" | docker secret create CLIENT_SECRET_HEADADMIN -
when:
branch: main
event: [push, cron]
# Deploy Production
deploy-production:
name: deploy-production
image: woodpeckerci/plugin-docker-buildx
environment:
REGISTRY_USER:
from_secret: REGISTRY_USER
REGISTRY_PASSWORD:
from_secret: REGISTRY_PASSWORD
# Authelia Core Secrets
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
from_secret: AUTHENTICATION_BACKEND_LDAP_PASSWORD
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
from_secret: IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
STORAGE_ENCRYPTION_KEY:
from_secret: STORAGE_ENCRYPTION_KEY
SESSION_SECRET:
from_secret: SESSION_SECRET
NOTIFIER_SMTP_PASSWORD:
from_secret: NOTIFIER_SMTP_PASSWORD
# OIDC Secrets
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
from_secret: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
from_secret: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
# Client Secrets
CLIENT_SECRET_HEADSCALE:
from_secret: CLIENT_SECRET_HEADSCALE
CLIENT_SECRET_HEADADMIN:
from_secret: CLIENT_SECRET_HEADADMIN
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- echo "Deploying to production environment"
- echo "$${REGISTRY_PASSWORD}" | docker login -u "$${REGISTRY_USER}" --password-stdin git.nixc.us
- docker stack deploy --with-registry-auth -c ./stack.production.yml $${CI_REPO_NAME}
when:
branch: main
event: [push, cron]
# Post-Deployment Smoke Tests
post-deploy-smoke-tests:
name: run-post-deploy-smoke-tests
image: git.nixc.us/colin/playwright:latest
environment:
BASE_URL: https://git.nixc.us
when:
branch: main
event: push
Reference in New Issue View Git Blame Copy Permalink