From 020bda34056d877bcd8188f85062cbf9f8cdd491 Mon Sep 17 00:00:00 2001 From: Colin Date: Fri, 10 Oct 2025 15:27:29 -0400 Subject: [PATCH] Initial commit: Woodpecker CI configuration from macmini7 --- README.md | 94 +++++++++++ tmp.yml | 106 ++++++++++++ woodpecker.yml | 220 +++++++++++++++++++++++++ woodpecker.yml.2024.09.10 | 208 ++++++++++++++++++++++++ woodpecker.yml.backup.20250519144353 | 232 +++++++++++++++++++++++++++ woodpecker.yml.save | 209 ++++++++++++++++++++++++ 6 files changed, 1069 insertions(+) create mode 100644 README.md create mode 100644 tmp.yml create mode 100644 woodpecker.yml create mode 100644 woodpecker.yml.2024.09.10 create mode 100644 woodpecker.yml.backup.20250519144353 create mode 100644 woodpecker.yml.save diff --git a/README.md b/README.md new file mode 100644 index 0000000..c005559 --- /dev/null +++ b/README.md @@ -0,0 +1,94 @@ +# Getting started with running a Drone +https://blog.ruanbekker.com/blog/2021/03/09/cicd-with-droneci-and-gitea-using-docker-compose/ +https://docs.drone.io/server/provider/gitea/ + + +# CI CD Pipelines +## From https://www.youtube.com/watch?v=PXM63rU7NJ4 +kind: pipeline +type: docker +name: sshd-base + +trigger: + branch: + - main + event: + - push + +image_pull_secrets: +- global_dockerconfig + +## Cloning https://docs.drone.io/pipeline/digitalocean/syntax/cloning/ +token: + from_secret: token + +clone: + depth: 50 + +## Hello World Step +# steps: +# - name: say-hello +# image: busybox +# commands: +# - echo hello-world + +## Steps https://docs.drone.io/pipeline/digitalocean/syntax/steps/ +steps: +## Submodules --recursive flag https://docs.drone.io/pipeline/digitalocean/syntax/cloning/#the---recursive-flag +- name: submodules + commands: + - git submodule update --recursive --remote + +## Basic Docker In Docker Example https://docs.drone.io/pipeline/docker/examples/services/docker_dind/ +## TRUSTED REPOS ONLY DUE TO ROOT POWERS ## +- name: test + image: docker:dind + volumes: + - name: dockersock + path: /var/run + commands: + - sleep 5 # give docker enough time to start + - docker ps -a + - docker compose build + - docker compose push + +services: +- name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + +volumes: +- name: dockersock + temp: {} + +## Random build step for examples +- name: build + image: git.nixc.us/colin/sshd-base:latest + commands: + - echo hello-world + ## Conditions https://docs.drone.io/pipeline/digitalocean/syntax/conditions/ + when: + branch: + - main + - staging + - production + +- name: publish + image: plugins/docker + settings: + username: colin + password: + from_secret: colin_docker_password + repo: git.nixc.us/colin/sshd-base:latest + tags: + - 1.0.0 + - 1.0 + ## Parallelism https://docs.drone.io/pipeline/digitalocean/syntax/parallelism/ + depends_on: + - build + +## Build docker image and re-use in the next step +https://discourse.drone.io/t/build-docker-image-and-re-use-in-the-next-step/6190 \ No newline at end of file diff --git a/tmp.yml b/tmp.yml new file mode 100644 index 0000000..2417e5e --- /dev/null +++ b/tmp.yml @@ -0,0 +1,106 @@ + +version: "3.9" + +services: + woodpecker-server: + image: woodpeckerci/woodpecker-server:next-alpine + environment: + environment: + - WOODPECKER_HOST=https://woodpecker.nixc.us + - WOODPECKER_SERVER_ADDR=:8000 + - WOODPECKER_PROTO=https + - WOODPECKER_DATABASE_DRIVER=mysql + - WOODPECKER_DATABASE_DATASOURCE=/data/database.sqlite + - WOODPECKER_GIT_ALWAYS_AUTH=false + - WOODPECKER_AGENT_SECRET=redacted + - WOODPECKER_ADMIN=colin + - WOODPECKER_REPO_OWNERS=colin,meta + - WOODPECKER_OPEN=true + # - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json + # https://github.com/go-sql-driver/mysql#dsn-data-source-name + - WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(db:3306)/woodpecker?parseTime=true + ## Gitea config + - WOODPECKER_GITEA=true + - WOODPECKER_GITEA_URL=https://git.nixc.us/ + - WOODPECKER_GITEA_CLIENT=redacted + - WOODPECKER_GITEA_SECRET=redacted + networks: + - traefik + - default + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ + # - /root/.docker/config.json:/home/user/.docker/config.json:rw + deploy: + replicas: 1 + deploy: + placement: + constraints: + # - node.role == manager + - node.hostname == ingress.nixc.us + labels: + - "traefik.enable=true" + - "traefik.http.routers.woodpecker.tls=true" + - "traefik.http.services.woodpecker.loadbalancer.server.port=8000" + - "traefik.http.routers.woodpecker.rule=Host(`woodpecker.nixc.us`)" + - "traefik.http.routers.woodpecker.entrypoints=websecure" + - "traefik.http.routers.woodpecker.tls.certresolver=letsencryptresolver" + - "traefik.http.routers.woodpecker.service=woodpecker" + - "traefik.docker.network=traefik" + # - 'traefik.http.routers.woodpecker.middlewares=authelia@docker' + + woodpecker-agent: + image: woodpeckerci/woodpecker-agent:next-alpine + networks: + - default + volumes: + - /var/run/docker.sock:/var/run/docker.sock + environment: + # - WOODPECKER_AGENT_HOST=https://woodpecker.nixc.us + # - WOODPECKER_AGENT_PROTO=http + - WOODPECKER_SERVER=woodpecker-server:9000 + - WOODPECKER_AGENT_SECRET=redacted + - WOODPECKER_MAX_WORKFLOWS=4 + - WOODPECKER_DEBUG=TRUE + - WOODPECKER_LOG_LEVEL=error + - WOODPECKER_DEBUG_PRETTY=true + deploy: + replicas: 1 + placement: + constraints: + # - node.labels.role == db + # - node.hostname == macmini14 + - node.labels.mac-rack == true + # - node.role == manager + labels: + - "traefik.enable=false" + + db: + image: mariadb:10.6 + environment: + - MYSQL_DATABASE=woodpecker + - MYSQL_USER=woodpecker + - MYSQL_PASSWORD=woodpecker + - MYSQL_RANDOM_ROOT_PASSWORD=1 + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql + networks: + - default + deploy: + replicas: 1 + placement: + constraints: +## - node.labels.role == db +# - node.hostname == macmini8 + - node.labels.mac-rack == true + labels: + - "traefik.enable=false" + +networks: + default: + external: false + traefik: + external: true + +# volumes: +# woodpeckerdata: +# external: true diff --git a/woodpecker.yml b/woodpecker.yml new file mode 100644 index 0000000..fac4437 --- /dev/null +++ b/woodpecker.yml @@ -0,0 +1,220 @@ +networks: + woodpecker: {} + traefik: + external: true + +services: + db: + image: mariadb:10.6 + environment: + MYSQL_DATABASE: "woodpecker" + MYSQL_USER: "woodpecker" + MYSQL_PASSWORD: "woodpecker" + MYSQL_RANDOM_ROOT_PASSWORD: 1 + volumes: + - /mnt/data/nixc.us/woodpecker/production/db:/var/lib/mysql + networks: + - woodpecker + deploy: + endpoint_mode: dnsrr + replicas: 1 + placement: + constraints: + - node.hostname == macmini1 + labels: + - "traefik.enable=false" + update_config: + order: stop-first + failure_action: rollback + delay: 0s + parallelism: 1 + restart_policy: + condition: on-failure + + server: + image: woodpeckerci/woodpecker-server:v3.8.0 + environment: + WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx" + WOODPECKER_OPEN: "true" + WOODPECKER_HOST: "https://woodpecker.nixc.us" + WOODPECKER_BACKEND: "docker" + WOODPECKER_BACKEND_DOCKER_NETWORK: "default" + WOODPECKER_ADMIN: "colin" + WOODPECKER_REPO_OWNERS: "colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire,mrc" + # WOODPECKER_LOG_LEVEL: trace + WOODPECKER_LOG_LEVEL: error + WOODPECKER_GITEA: "true" + WOODPECKER_GITEA_URL: "https://git.nixc.us/" + WOODPECKER_GITEA_CLIENT: "56c038d7-64b5-47e4-acae-cb8a69b31731" + WOODPECKER_GITEA_SECRET: "gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DATABASE_DRIVER: "mysql" + WOODPECKER_DATABASE_DATASOURCE: "woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true" + WOODPECKER_LOG_FILE: stdout + networks: + - traefik + - woodpecker + volumes: + - /mnt/data/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + - /etc/localtime:/etc/localtime:ro + deploy: + endpoint_mode: dnsrr + replicas: 1 + placement: + constraints: + - node.hostname == macmini1 + labels: + # Web UI Configuration + traefik.enable: "true" + traefik.http.routers.production_woodpecker_ui.rule: "Host(`woodpecker.nixc.us`)" + traefik.http.routers.production_woodpecker_ui.entrypoints: "websecure" + traefik.http.routers.production_woodpecker_ui.tls.certresolver: "letsencryptresolver" + traefik.http.routers.production_woodpecker_ui.service: "production_woodpecker_ui" + traefik.http.services.production_woodpecker_ui.loadbalancer.server.port: "8000" + + # gRPC service + traefik.http.services.woodpecker-grpc.loadbalancer.server.port: 9000 + traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme: h2c + + traefik.http.routers.woodpecker-grpc-secure.rule: Host(`grpc.woodpecker.nixc.us`) + traefik.http.routers.woodpecker-grpc-secure.tls: "true" + traefik.http.routers.woodpecker-grpc-secure.tls.certresolver: letsencryptresolver + traefik.http.routers.woodpecker-grpc-secure.entrypoints: websecure + traefik.http.routers.woodpecker-grpc-secure.service: woodpecker-grpc + + # Additional Metadata Labels + homepage.group: Infrastructure + homepage.name: woodpecker + homepage.href: "https://woodpecker.nixc.us" + homepage.description: "Woodpecker CI" + update_config: + # order: stop-first + delay: 60s + parallelism: 1 + # restart_policy: + # condition: on-failure + + agents-managers: + image: woodpeckerci/woodpecker-agent:v3.8.0 + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: "trace" + WOODPECKER_LOG_LEVEL: "error" + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: 1 + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=manager" + WOODPECKER_HEALTHCHECK: "true" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.role == manager + - node.hostname != ingress.nixc.us + mode: global + update_config: + # order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + labels: + traefik.enable: "false" + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + + agent-salt: + image: woodpeckerci/woodpecker-agent:v3.8.0 + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: "trace" + WOODPECKER_LOG_LEVEL: "error" + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: 1 + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=salt" + WOODPECKER_HEALTHCHECK: "true" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.hostname == ingress.nixc.us + mode: global + update_config: + # order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + labels: + traefik.enable: "false" + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + + agents-workers: + image: woodpeckerci/woodpecker-agent:v3.8.0 + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: trace + WOODPECKER_LOG_LEVEL: error + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: "1" + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=agent" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.role == worker + - node.hostname != ingress.nixc.us + mode: global + labels: + traefik.enable: "false" + update_config: + order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + +volumes: + agent-secret: {} diff --git a/woodpecker.yml.2024.09.10 b/woodpecker.yml.2024.09.10 new file mode 100644 index 0000000..dc0c365 --- /dev/null +++ b/woodpecker.yml.2024.09.10 @@ -0,0 +1,208 @@ +networks: + default: + external: false + traefik: + external: true +services: + server: + # image: woodpeckerci/woodpecker-server:next-alpine +# image: woodpeckerci/woodpecker-server:next-4198c447fb +# image: woodpeckerci/woodpecker-server:v2.0.0 +# image: woodpeckerci/woodpecker-server:next +# image: woodpeckerci/woodpecker-server:v2.4.1 + image: woodpeckerci/woodpecker-server:v2.7.1 + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_HOST=https://woodpecker.nixc.us + - WOODPECKER_BACKEND=docker + - WOODPECKER_BACKEND_DOCKER_NETWORK=default + - WOODPECKER_ADMIN=colin + - WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius + - WOODPECKER_LOG_LEVEL=debug + # ## Gitea config + - WOODPECKER_GITEA=true + - WOODPECKER_GITEA_URL=https://git.nixc.us/ + - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731 + - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla + - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + # environment: + # - WOODPECKER_HOST=https://woodpecker.nixc.us + # - WOODPECKER_SERVER_ADDR=:8000 + # - WOODPECKER_PROTO=https + - WOODPECKER_DATABASE_DRIVER=mysql + # - WOODPECKER_BACKEND=docker + # - WOODPECKER_BACKEND_DOCKER_NETWORK=default + # # - WOODPECKER_DATABASE_DATASOURCE=/data/database.sqlite + # - WOODPECKER_GIT_ALWAYS_AUTH=false + # - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + # - WOODPECKER_ADMIN=colin + # - WOODPECKER_REPO_OWNERS=colin,meta + # - WOODPECKER_OPEN=true + # # - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json + # # https://github.com/go-sql-driver/mysql#dsn-data-source-name + - WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true + # ## Gitea config + # - WOODPECKER_GITEA=true + # - WOODPECKER_GITEA_URL=https://git.nixc.us/ + # - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731 + # - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla + networks: + - traefik + - default + # dns: + # - "176.103.130.130" + # - "1.1.1.1" + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + deploy: + replicas: 1 + placement: + constraints: + # - node.role == manager + - node.hostname == macmini1 + labels: + homepage.group: Infrastructure + homepage.name: woodpecker + homepage.href: https://woodpecker.nixc.us + homepage.description: Woodpecker CI + traefik.enable: "true" + traefik.http.routers.production_woodpecker.tls: "true" + traefik.http.services.production_woodpecker.loadbalancer.server.port: "8000" + traefik.http.routers.production_woodpecker.rule: "Host(`woodpecker.nixc.us`)" + traefik.http.routers.production_woodpecker.entrypoints: "websecure" + traefik.http.routers.production_woodpecker.tls.certresolver: "letsencryptresolver" + traefik.http.routers.production_woodpecker.service: "production_woodpecker" + traefik.docker.network: traefik + update_config: + order: stop-first + delay: 60s + parallelism: 1 + restart_policy: + condition: on-failure + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: "woodpecker_server" + + db: + image: mariadb:10.6 + environment: + - MYSQL_DATABASE=woodpecker + - MYSQL_USER=woodpecker + - MYSQL_PASSWORD=woodpecker + - MYSQL_RANDOM_ROOT_PASSWORD=1 + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql + networks: + - default + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == macmini1 + labels: + - "traefik.enable=false" + update_config: + order: stop-first + failure_action: rollback + delay: 0s + parallelism: 1 + restart_policy: + condition: on-failure + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: "woodpecker_db" + + + agents-managers: +# image: woodpeckerci/woodpecker-agent:next-4198c447fb +# image: woodpeckerci/woodpecker-agent:v2.0.0 +# image: woodpeckerci/woodpecker-agent:next + image: woodpeckerci/woodpecker-agent:v2.7.1 + networks: + - default + environment: + - WOODPECKER_SERVER=woodpecker_server:9000 + - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + - WOODPECKER_DEBUG=TRUE + - WOODPECKER_LOG_LEVEL=debug + - WOODPECKER_BACKEND=docker + - WOODPECKER_MAX_WORKFLOWS=1 + # - WOODPECKER_LOG_LEVEL=error + - WOODPECKER_DEBUG_PRETTY=true + # - WOODPECKER_BACKEND_DOCKER_NETWORK=default + - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf + - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}" + - WOODPECKER_FILTER_LABELS="location=manager" + deploy: + placement: + constraints: + - node.role == manager + mode: global + labels: + - "traefik.enable=false" + update_config: + order: stop-first +# failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: any + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: woodpecker_agents + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + + +# agents-workers: +## image: woodpeckerci/woodpecker-agent:next-4198c447fb +## image: woodpeckerci/woodpecker-agent:v2.0.0 +## image: woodpeckerci/woodpecker-agent:next +# image: woodpeckerci/woodpecker-agent:v2.7.1 +# networks: +# - default +# environment: +# - WOODPECKER_SERVER=woodpecker_server:9000 +# - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG +# - WOODPECKER_DEBUG=TRUE +# - WOODPECKER_LOG_LEVEL=debug +# - WOODPECKER_BACKEND=docker +# - WOODPECKER_MAX_WORKFLOWS=1 +# # - WOODPECKER_LOG_LEVEL=error +# - WOODPECKER_DEBUG_PRETTY=true +# # - WOODPECKER_BACKEND_DOCKER_NETWORK=default +# - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf +# - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}" +# - WOODPECKER_FILTER_LABELS="location=manager" +# deploy: +# placement: +# constraints: +# - node.role == worker +# mode: global +# labels: +# - "traefik.enable=false" +# update_config: +# order: stop-first +# failure_action: rollback +# delay: 120s +# parallelism: 4 +# restart_policy: +# condition: on-failure +# # logging: +# # driver: "gelf" +# # options: +# # gelf-address: "udp://log.nixc.us:15124" +# # tag: woodpecker_agents +# volumes: +# - agent-secret:/etc/woodpecker/ +# - /var/run/docker.sock:/var/run/docker.sock +volumes: + agent-secret: diff --git a/woodpecker.yml.backup.20250519144353 b/woodpecker.yml.backup.20250519144353 new file mode 100644 index 0000000..6fe2a2b --- /dev/null +++ b/woodpecker.yml.backup.20250519144353 @@ -0,0 +1,232 @@ +networks: + woodpecker: {} + traefik: + external: true + +services: + db: + image: mariadb:10.6 + environment: + MYSQL_DATABASE: "woodpecker" + MYSQL_USER: "woodpecker" + MYSQL_PASSWORD: "woodpecker" + MYSQL_RANDOM_ROOT_PASSWORD: 1 + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql + networks: + - woodpecker + deploy: + endpoint_mode: dnsrr + replicas: 1 + placement: + constraints: + - node.hostname == macmini1 + labels: + - "traefik.enable=false" + update_config: + order: stop-first + failure_action: rollback + delay: 0s + parallelism: 1 + restart_policy: + condition: on-failure + + server: + image: woodpeckerci/woodpecker-server:next + environment: + WOODPECKER_PLUGINS_PRIVILEGED: "woodpeckerci/plugin-docker-buildx" + WOODPECKER_OPEN: "true" + WOODPECKER_HOST: "https://woodpecker.nixc.us" + WOODPECKER_BACKEND: "docker" + WOODPECKER_BACKEND_DOCKER_NETWORK: "default" + WOODPECKER_ADMIN: "colin" + WOODPECKER_REPO_OWNERS: "colin,meta,fansdb,lilsgym,nixius,Nixius,devsecops,mechinae,Mechinae,aenow,aenow-dev,ViperWire" + # WOODPECKER_LOG_LEVEL: trace + WOODPECKER_LOG_LEVEL: error + WOODPECKER_GITEA: "true" + WOODPECKER_GITEA_URL: "https://git.nixc.us/" + WOODPECKER_GITEA_CLIENT: "56c038d7-64b5-47e4-acae-cb8a69b31731" + WOODPECKER_GITEA_SECRET: "gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DATABASE_DRIVER: "mysql" + WOODPECKER_DATABASE_DATASOURCE: "woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true" + WOODPECKER_LOG_FILE: stdout + networks: + - traefik + - woodpecker + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + - /etc/localtime:/etc/localtime:ro + deploy: + endpoint_mode: dnsrr + replicas: 1 + placement: + constraints: + - node.hostname == macmini1 + labels: + # homepage.group: Infrastructure + # homepage.name: woodpecker + # homepage.href: "https://woodpecker.nixc.us" + # homepage.description: "Woodpecker CI" + # traefik.enable: "true" + # traefik.http.routers.production_woodpecker.tls: "true" + # traefik.http.services.production_woodpecker.loadbalancer.server.port: "8000" + # traefik.http.routers.production_woodpecker.rule: "Host(`woodpecker.nixc.us`)" + # traefik.http.routers.production_woodpecker.entrypoints: "websecure" + # traefik.http.routers.production_woodpecker.tls.certresolver: "letsencryptresolver" + # traefik.http.routers.production_woodpecker.service: "production_woodpecker" + # traefik.docker.network: "traefik" + # Web UI Configuration + traefik.enable: "true" + traefik.http.routers.production_woodpecker_ui.rule: "Host(`woodpecker.nixc.us`)" + traefik.http.routers.production_woodpecker_ui.entrypoints: "websecure" + traefik.http.routers.production_woodpecker_ui.tls.certresolver: "letsencryptresolver" + traefik.http.routers.production_woodpecker_ui.service: "production_woodpecker_ui" + traefik.http.services.production_woodpecker_ui.loadbalancer.server.port: "8000" + + # gRPC service + traefik.http.services.woodpecker-grpc.loadbalancer.server.port: 9000 + traefik.http.services.woodpecker-grpc.loadbalancer.server.scheme: h2c + + traefik.http.routers.woodpecker-grpc-secure.rule: Host(`grpc.woodpecker.nixc.us`) + traefik.http.routers.woodpecker-grpc-secure.tls: "true" + traefik.http.routers.woodpecker-grpc-secure.tls.certresolver: letsencrypt + traefik.http.routers.woodpecker-grpc-secure.entrypoints: websecure + traefik.http.routers.woodpecker-grpc-secure.service: woodpecker-grpc + + # Additional Metadata Labels + homepage.group: Infrastructure + homepage.name: woodpecker + homepage.href: "https://woodpecker.nixc.us" + homepage.description: "Woodpecker CI" + update_config: + # order: stop-first + delay: 60s + parallelism: 1 + # restart_policy: + # condition: on-failure + + agents-managers: + image: woodpeckerci/woodpecker-agent:next + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: "trace" + WOODPECKER_LOG_LEVEL: "error" + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: 1 + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=manager" + WOODPECKER_HEALTHCHECK: "true" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.role == manager + - node.hostname != ingress.nixc.us + mode: global + update_config: + # order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + labels: + traefik.enable: "false" + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + + agent-salt: + image: woodpeckerci/woodpecker-agent:next + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: "trace" + WOODPECKER_LOG_LEVEL: "error" + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: 1 + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=salt" + WOODPECKER_HEALTHCHECK: "true" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.hostname == ingress.nixc.us + mode: global + update_config: + # order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + labels: + traefik.enable: "false" + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + + agents-workers: + image: woodpeckerci/woodpecker-agent:next + networks: + - woodpecker + environment: + WOODPECKER_LOG_FILE: stdout + WOODPECKER_SERVER: "woodpecker_server:9000" + WOODPECKER_AGENT_SECRET: "WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG" + WOODPECKER_DEBUG: "true" + # WOODPECKER_LOG_LEVEL: trace + WOODPECKER_LOG_LEVEL: error + WOODPECKER_BACKEND: "docker" + WOODPECKER_MAX_WORKFLOWS: "1" + WOODPECKER_DEBUG_PRETTY: "true" + WOODPECKER_AGENT_CONFIG_FILE: "/etc/woodpecker/agent-secret.conf" + WOODPECKER_HOSTNAME: "{{ .Node.Hostname }}" + WOODPECKER_FILTER_LABELS: "location=agent" + deploy: + endpoint_mode: dnsrr + placement: + constraints: + - node.role == worker + - node.hostname != ingress.nixc.us + mode: global + labels: + traefik.enable: "false" + update_config: + order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + dns: + - 1.1.1.1 + - 8.8.8.8 + +volumes: + agent-secret: {} diff --git a/woodpecker.yml.save b/woodpecker.yml.save new file mode 100644 index 0000000..15301d3 --- /dev/null +++ b/woodpecker.yml.save @@ -0,0 +1,209 @@ +version: "3.9" +networks: + default: + external: false + traefik: + external: true +services: + server: + # image: woodpeckerci/woodpecker-server:next-alpine +# image: woodpeckerci/woodpecker-server:next-4198c447fb +# image: woodpeckerci/woodpecker-server:v2.0.0 +# image: woodpeckerci/woodpecker-server:next +# image: woodpeckerci/woodpecker-server:v2.4.1 + image: woodpeckerci/woodpecker-server:v2.6.0 + environment: + - WOODPECKER_OPEN=true + - WOODPECKER_HOST=https://woodpecker.nixc.us + - WOODPECKER_BACKEND=docker + - WOODPECKER_BACKEND_DOCKER_NETWORK=default + - WOODPECKER_ADMIN=colin + - WOODPECKER_REPO_OWNERS=colin,meta,fansdb,lilsgym,nixius,Nixius + - WOODPECKER_LOG_LEVEL=debug + # ## Gitea config + - WOODPECKER_GITEA=true + - WOODPECKER_GITEA_URL=https://git.nixc.us/ + - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731 + - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla + - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + # environment: + # - WOODPECKER_HOST=https://woodpecker.nixc.us + # - WOODPECKER_SERVER_ADDR=:8000 + # - WOODPECKER_PROTO=https + - WOODPECKER_DATABASE_DRIVER=mysql + # - WOODPECKER_BACKEND=docker + # - WOODPECKER_BACKEND_DOCKER_NETWORK=default + # # - WOODPECKER_DATABASE_DATASOURCE=/data/database.sqlite + # - WOODPECKER_GIT_ALWAYS_AUTH=false + # - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + # - WOODPECKER_ADMIN=colin + # - WOODPECKER_REPO_OWNERS=colin,meta + # - WOODPECKER_OPEN=true + # # - WOODPECKER_DOCKER_CONFIG=/home/user/.docker/config.json + # # https://github.com/go-sql-driver/mysql#dsn-data-source-name + - WOODPECKER_DATABASE_DATASOURCE=woodpecker:woodpecker@tcp(woodpecker_db:3306)/woodpecker?parseTime=true + # ## Gitea config + # - WOODPECKER_GITEA=true + # - WOODPECKER_GITEA_URL=https://git.nixc.us/ + # - WOODPECKER_GITEA_CLIENT=56c038d7-64b5-47e4-acae-cb8a69b31731 + # - WOODPECKER_GITEA_SECRET=gto_3wopyl5cybbs6p2gjducq6atxgl2zuebhcxda4sky3yjlxx3kmla + networks: + - traefik + - default + # dns: + # - "176.103.130.130" + # - "1.1.1.1" + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/data:/var/lib/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + deploy: + replicas: 1 + placement: + constraints: + # - node.role == manager + - node.hostname == macmini1 + labels: + homepage.group: Infrastructure + homepage.name: woodpecker + homepage.href: https://woodpecker.nixc.us + homepage.description: Woodpecker CI + traefik.enable: "true" + traefik.http.routers.production_woodpecker.tls: "true" + traefik.http.services.production_woodpecker.loadbalancer.server.port: "8000" + traefik.http.routers.production_woodpecker.rule: "Host(`woodpecker.nixc.us`)" + traefik.http.routers.production_woodpecker.entrypoints: "websecure" + traefik.http.routers.production_woodpecker.tls.certresolver: "letsencryptresolver" + traefik.http.routers.production_woodpecker.service: "production_woodpecker" + traefik.docker.network: traefik + update_config: + order: stop-first + delay: 60s + parallelism: 1 + restart_policy: + condition: on-failure + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: "woodpecker_server" + + db: + image: mariadb:10.6 + environment: + - MYSQL_DATABASE=woodpecker + - MYSQL_USER=woodpecker + - MYSQL_PASSWORD=woodpecker + - MYSQL_RANDOM_ROOT_PASSWORD=1 + volumes: + - /mnt/tank/persist/nixc.us/woodpecker/production/db:/var/lib/mysql + networks: + - default + deploy: + replicas: 1 + placement: + constraints: + - node.hostname == macmini1 + labels: + - "traefik.enable=false" + update_config: + order: stop-first + failure_action: rollback + delay: 0s + parallelism: 1 + restart_policy: + condition: on-failure + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: "woodpecker_db" + + + agents-managers: +# image: woodpeckerci/woodpecker-agent:next-4198c447fb +# image: woodpeckerci/woodpecker-agent:v2.0.0 +# image: woodpeckerci/woodpecker-agent:next + image: woodpeckerci/woodpecker-agent:v2.6.0 + networks: + - default + environment: + - WOODPECKER_SERVER=woodpecker_server:9000 + - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + - WOODPECKER_DEBUG=TRUE + - WOODPECKER_LOG_LEVEL=debug + - WOODPECKER_BACKEND=docker + - WOODPECKER_MAX_WORKFLOWS=1 + # - WOODPECKER_LOG_LEVEL=error + - WOODPECKER_DEBUG_PRETTY=true + # - WOODPECKER_BACKEND_DOCKER_NETWORK=default + - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf + - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}" + - WOODPECKER_FILTER_LABELS="master" + deploy: + placement: + constraints: + - node.role == manager + mode: global + labels: + - "traefik.enable=false" + update_config: + order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: woodpecker_agents + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock + + + agents-workers: +# image: woodpeckerci/woodpecker-agent:next-4198c447fb +# image: woodpeckerci/woodpecker-agent:v2.0.0 +# image: woodpeckerci/woodpecker-agent:next + image: woodpeckerci/woodpecker-agent:v2.6.0 + networks: + - default + environment: + - WOODPECKER_SERVER=woodpecker_server:9000 + - WOODPECKER_AGENT_SECRET=WdK6TEWqsfi6R6SGKYSaqsg7ZQyKxnZFyWBeegt2TCCDHmivcYaPCMmdXTN5G7U3bv3C6TFDDiyBdoKB5M5c5hikGrQzm67rcBbfKB3SZRYFeurAGwsPmtVQWnVkPCtG + - WOODPECKER_DEBUG=TRUE + - WOODPECKER_LOG_LEVEL=debug + - WOODPECKER_BACKEND=docker + - WOODPECKER_MAX_WORKFLOWS=1 + # - WOODPECKER_LOG_LEVEL=error + - WOODPECKER_DEBUG_PRETTY=true + # - WOODPECKER_BACKEND_DOCKER_NETWORK=default + - WOODPECKER_AGENT_CONFIG_FILE=/etc/woodpecker/agent-secret.conf + - "WOODPECKER_HOSTNAME={{ .Node.Hostname }}" + - WOODPECKER_FILTER_LABELS="master=false" + deploy: + placement: + constraints: + - node.role == manager + mode: global + labels: + - "traefik.enable=false" + update_config: + order: stop-first + failure_action: rollback + delay: 120s + parallelism: 4 + restart_policy: + condition: on-failure + # logging: + # driver: "gelf" + # options: + # gelf-address: "udp://log.nixc.us:15124" + # tag: woodpecker_agents + volumes: + - agent-secret:/etc/woodpecker/ + - /var/run/docker.sock:/var/run/docker.sock +volumes: + agent-secret: