CI: woodpecker #57
4 changed files with 137 additions and 0 deletions
42
bundles/woodpecker-agent/files/woodpecker-agent.service
Normal file
42
bundles/woodpecker-agent/files/woodpecker-agent.service
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
[Unit]
|
||||||
|
Description=woodpecker ci agent
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
RestartSec=2s
|
||||||
|
Type=simple
|
||||||
|
User=woodpecker
|
||||||
|
Group=woodpecker
|
||||||
|
WorkingDirectory=/var/lib/woodpecker
|
||||||
|
ExecStart=/usr/local/bin/woodpecker-agent
|
||||||
|
Restart=always
|
||||||
|
ReadWritePaths=/var/lib/woodpecker
|
||||||
|
CapabilityBoundingSet=
|
||||||
|
NoNewPrivileges=true
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=true
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
PrivateUsers=true
|
||||||
|
ProtectHostname=true
|
||||||
|
ProtectClock=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelLogs=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
LockPersonality=true
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
RestrictRealtime=true
|
||||||
|
RestrictSUIDSGID=true
|
||||||
|
PrivateMounts=true
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap
|
||||||
|
|
||||||
|
% for k, v in sorted(env.items()):
|
||||||
|
Environment=${k}=${v}
|
||||||
|
% endfor
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
43
bundles/woodpecker-agent/items.py
Normal file
43
bundles/woodpecker-agent/items.py
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
version = node.metadata.get('woodpecker-agent/version')
|
||||||
|
|
||||||
|
directories['/var/lib/woodpecker'] = {
|
||||||
|
'owner': 'woodpecker',
|
||||||
|
}
|
||||||
|
|
||||||
|
actions['install_woodpecker-agent'] = {
|
||||||
|
'command': ' && '.join([
|
||||||
|
f'wget -q -O/tmp/woodpecker-agent.deb https://github.com/woodpecker-ci/woodpecker/releases/download/v{version}/woodpecker-agent_{version}_amd64.deb',
|
||||||
|
'dpkg -i /tmp/woodpecker-agent.deb',
|
||||||
|
]),
|
||||||
|
'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''',
|
||||||
|
'triggers': {i
|
||||||
|
'svc_systemd:woodpecker-agent:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
files['/usr/local/lib/systemd/system/woodpecker-agent.service'] = {
|
||||||
|
'content_type': 'mako',
|
||||||
|
'context': {
|
||||||
|
'env': node.metadata.get('woodpecker-agent/environment'),
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'action:systemd-reload',
|
||||||
|
'svc_systemd:woodpecker-agent:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
svc_systemd['woodpecker-agent'] = {
|
||||||
|
'after': {
|
||||||
|
# to make sure we have docker and other eventual dependencies
|
||||||
|
'pkg_apt:',
|
||||||
|
},
|
||||||
|
'needs': {
|
||||||
|
'action:install_woodpecker-agent',
|
||||||
|
'file:/usr/local/lib/systemd/system/woodpecker-agent.service',
|
||||||
|
'user:woodpecker',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
users['woodpecker'] = {
|
||||||
|
'home': '/var/lib/woodpecker',
|
||||||
|
}
|
28
bundles/woodpecker-agent/metadata.py
Normal file
28
bundles/woodpecker-agent/metadata.py
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'woodpecker-agent/environment',
|
||||||
|
'woodpecker-agent/version',
|
||||||
|
)
|
||||||
|
def nginx(metadata):
|
||||||
|
env = {}
|
||||||
|
server = repo.get_node(metadata.get('woodpecker-agent/server'))
|
||||||
|
|
||||||
|
domain = server.metadata.get('woodpecker-server/domain')
|
||||||
|
port = server.metadata.get('woodpecker-server/environment/WOODPECKER_GRPC_ADDR')
|
||||||
|
env['WOODPECKER_SERVER'] = f'{domain}{port}'
|
||||||
|
|
||||||
|
env['WOODPECKER_AGENT_SECRET'] = server.metadata.get('woodpecker-server/environment/WOODPECKER_AGENT_SECRET')
|
||||||
|
|
||||||
|
env['WOODPECKER_MAX_PROCS'] = int(int(metadata.get('vm/cpu'))/2)
|
||||||
|
|
||||||
|
env['WOODPECKER_HOSTNAME'] = metadata.get('hostname')
|
||||||
|
|
||||||
|
debug = server.metadata.get('woodpecker-server/environment/GODEBUG', None)
|
||||||
|
if debug:
|
||||||
|
env['GODEBUG'] = debug
|
||||||
|
|
||||||
|
return {
|
||||||
|
'woodpecker-agent': {
|
||||||
|
'environment': env,
|
||||||
|
'version': server.metadata.get('woodpecker-server/version'),
|
||||||
|
},
|
||||||
|
}
|
24
nodes/woodpecker-agent-1.toml
Normal file
24
nodes/woodpecker-agent-1.toml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
hostname = "31.47.232.108"
|
||||||
|
bundles = [
|
||||||
|
"docker-ce",
|
||||||
|
"woodpecker-agent",
|
||||||
|
]
|
||||||
|
groups = ["debian-bullseye"]
|
||||||
|
|
||||||
|
[metadata.backups]
|
||||||
|
exclude_from_backups = true
|
||||||
|
|
||||||
|
[metadata.interfaces.enp1s0]
|
||||||
|
ips = [
|
||||||
|
"31.47.232.108/29",
|
||||||
|
"2a00:f820:528::5/64",
|
||||||
|
]
|
||||||
|
gateway4 = "31.47.232.105"
|
||||||
|
gateway6 = "2a00:f820:528::1"
|
||||||
|
|
||||||
|
[metadata.woodpecker-agent]
|
||||||
|
server = "rx300"
|
||||||
|
|
||||||
|
[metadata.vm]
|
||||||
|
cpu = 8
|
||||||
|
ram = 16
|
Loading…
Reference in a new issue