CI: woodpecker #57

Closed
kunsi wants to merge 11 commits from kunsi-woodpecker into main
4 changed files with 137 additions and 0 deletions
Showing only changes of commit 24f9f87734 - Show all commits

View file

@ -0,0 +1,42 @@
[Unit]
Description=woodpecker ci agent
After=syslog.target
After=network.target
[Service]
RestartSec=2s
Type=simple
User=woodpecker
Group=woodpecker
WorkingDirectory=/var/lib/woodpecker
ExecStart=/usr/local/bin/woodpecker-agent
Restart=always
ReadWritePaths=/var/lib/woodpecker
CapabilityBoundingSet=
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
RestrictSUIDSGID=true
PrivateMounts=true
SystemCallArchitectures=native
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
% for k, v in sorted(env.items()):
Environment=${k}=${v}
% endfor
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,43 @@
version = node.metadata.get('woodpecker-agent/version')
directories['/var/lib/woodpecker'] = {
'owner': 'woodpecker',
}
actions['install_woodpecker-agent'] = {
'command': ' && '.join([
f'wget -q -O/tmp/woodpecker-agent.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-agent_{version}_amd64.deb',
'dpkg -i /tmp/woodpecker-agent.deb',
]),
'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''',
'triggers': {i
'svc_systemd:woodpecker-agent:restart',
},
}
files['/usr/local/lib/systemd/system/woodpecker-agent.service'] = {
'content_type': 'mako',
'context': {
'env': node.metadata.get('woodpecker-agent/environment'),
},
'triggers': {
'action:systemd-reload',
'svc_systemd:woodpecker-agent:restart',
},
}
svc_systemd['woodpecker-agent'] = {
'after': {
# to make sure we have docker and other eventual dependencies
'pkg_apt:',
},
'needs': {
'action:install_woodpecker-agent',
'file:/usr/local/lib/systemd/system/woodpecker-agent.service',
'user:woodpecker',
},
}
users['woodpecker'] = {
'home': '/var/lib/woodpecker',
}

View file

@ -0,0 +1,28 @@
@metadata_reactor.provides(
'woodpecker-agent/environment',
'woodpecker-agent/version',
)
def nginx(metadata):
env = {}
server = repo.get_node(metadata.get('woodpecker-agent/server'))
domain = server.metadata.get('woodpecker-server/domain')
port = server.metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')
env['WOODPECKER_SERVER'] = f'{domain}{port}'
env['WOODPECKER_AGENT_SECRET'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_AGENT_SECRET')
env['WOODPECKER_MAX_PROCS'] = int(int(metadata.get('vm/cpu'))/2)
env['WOODPECKER_HOSTNAME'] = metadata.get('hostname')
debug = server.metadata.get('woodpecker-server/environment/GODEBUG', None)
if debug:
env['GODEBUG'] = debug
return {
'woodpecker-agent': {
'environment': env,
'version': server.metadata.get('woodpecker-server/version'),
},
}

View file

@ -0,0 +1,24 @@
hostname = "31.47.232.108"
bundles = [
"docker-ce",
"woodpecker-agent",
]
groups = ["debian-bullseye"]
[metadata.backups]
exclude_from_backups = true
[metadata.interfaces.enp1s0]
ips = [
"31.47.232.108/29",
"2a00:f820:528::5/64",
]
gateway4 = "31.47.232.105"
gateway6 = "2a00:f820:528::1"
[metadata.woodpecker-agent]
server = "rx300"
[metadata.vm]
cpu = 8
ram = 16