feat: add Work Flow to Flow Platform
- Deploy Work Flow (woodpecker) to the Flow Platform. - Enable oauth2 in Code Flow.
This commit is contained in:
parent
f390ddfe07
commit
bcd67bc3f6
7 changed files with 132 additions and 3 deletions
2
config
2
config
|
@ -1 +1 @@
|
|||
Subproject commit c7e82ff40b7478a16d11e89b815f83e6c698cfc6
|
||||
Subproject commit e4d0eb1388ef090fe38107476c5b5298bed3dbd8
|
|
@ -16,6 +16,7 @@ type config struct {
|
|||
Traefik traefikConfig `json:"traefik"`
|
||||
Forgejo forgejoConfig `json:"forgejo"`
|
||||
GoToSocial gotosocialConfig `json:"gotosocial"`
|
||||
Woodpecker woodpeckerConfig `json:"woodpecker"`
|
||||
}
|
||||
|
||||
type traefikConfig struct {
|
||||
|
@ -55,6 +56,9 @@ type forgejoConfig struct {
|
|||
SecretKey string `json:"secretKey"`
|
||||
InternalToken string `json:"internalToken"`
|
||||
LfsJwtSecret string `json:"lfsJwtSecret"`
|
||||
Oauth2Enable bool `json:"oauth2Enable"`
|
||||
Oauth2JwtSigningAlgo string `json:"oauth2JwtSigningAlgo"`
|
||||
Oauth2JwtSecret string `json:"oauth2JwtSecret"`
|
||||
}
|
||||
|
||||
type gotosocialConfig struct {
|
||||
|
@ -69,6 +73,24 @@ type gotosocialConfig struct {
|
|||
DataContainerDirectory string `json:"dataContainerDirectory"`
|
||||
}
|
||||
|
||||
type woodpeckerConfig struct {
|
||||
Version string `json:"version"`
|
||||
LogLevel string `json:"logLevel"`
|
||||
LinuxUID int32 `json:"linuxUID"`
|
||||
Subdomain string `json:"subdomain"`
|
||||
GrpcSubdomain string `json:"grpcSubdomain"`
|
||||
ContainerIpv4Address string `json:"containerIpv4Address"`
|
||||
HttpPort int32 `json:"httpPort"`
|
||||
GrpcPort int32 `json:"grpcPort"`
|
||||
DataHostDirectory string `json:"dataHostDirectory"`
|
||||
DataContainerDirectory string `json:"dataContainerDirectory"`
|
||||
Admin string `json:"admin"`
|
||||
Open bool `json:"open"`
|
||||
AgentSecret string `json:"agentSecret"`
|
||||
ForgejoClientID string `json:"forgejoClientID"`
|
||||
ForgejoClientSecret string `json:"forgejoClientSecret"`
|
||||
}
|
||||
|
||||
func newConfig(path string) (config, error) {
|
||||
var c config
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ services:
|
|||
- type: "bind"
|
||||
source: "{{ .Forgejo.DataHostDirectory }}"
|
||||
target: "{{ .Forgejo.DataContainerDirectory }}"
|
||||
# -- Free Flow 2 --
|
||||
# -- Free Flow --
|
||||
gotosocial:
|
||||
container_name: "free-flow"
|
||||
image: "localhost/flow/gotosocial:{{ .GoToSocial.Version }}"
|
||||
|
@ -102,3 +102,42 @@ services:
|
|||
- type: "bind"
|
||||
source: "{{ .GoToSocial.DataHostDirectory }}"
|
||||
target: "{{ .GoToSocial.DataContainerDirectory }}"
|
||||
# -- Work Flow --
|
||||
woodpecker:
|
||||
container_name: "work-flow"
|
||||
image: "localhost/flow/woodpecker:{{ .Woodpecker.Version }}"
|
||||
build:
|
||||
context: "../woodpecker"
|
||||
environment:
|
||||
WOODPECKER_LOG_LEVEL: "{{ .Woodpecker.LogLevel }}"
|
||||
WOODPECKER_HOST: "https://{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}"
|
||||
WOODPECKER_SERVER_ADDR: "{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}"
|
||||
WOODPECKER_GRPC_ADDR: "{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}"
|
||||
WOODPECKER_LETS_ENCRYPT: "false"
|
||||
WOODPECKER_ADMIN: "{{ .Woodpecker.Admin }}"
|
||||
WOODPECKER_OPEN: "{{ .Woodpecker.Open }}"
|
||||
WOODPECKER_AGENT_SECRET: "{{ .Woodpecker.AgentSecret }}"
|
||||
WOODPECKER_DATABASE_DRIVER: "sqlite3"
|
||||
WOODPECKER_DATABASE_DATASOURCE: "{{ .Woodpecker.DataContainerDirectory }}/woodpecker.db"
|
||||
WOODPECKER_GITEA: "true"
|
||||
WOODPECKER_GITEA_URL: "https://{{ .Forgejo.Subdomain }}.{{ .RootDomain }}"
|
||||
WOODPECKER_GITEA_CLIENT: "{{ .Woodpecker.ForgejoClientID }}"
|
||||
WOODPECKER_GITEA_SECRET: "{{ .Woodpecker.ForgejoClientSecret }}"
|
||||
WOODPECKER_GITEA_SKIP_VERIFY: "false"
|
||||
expose:
|
||||
- "{{ .Woodpecker.HttpPort }}"
|
||||
- "{{ .Woodpecker.GrpcPort }}"
|
||||
networks:
|
||||
flow:
|
||||
ipv4_address: "{{ .Woodpecker.ContainerIpv4Address }}"
|
||||
restart: "always"
|
||||
volumes:
|
||||
{{- template "defaultVolumes" }}
|
||||
# Shared volume
|
||||
- type: "volume"
|
||||
source: "traefik-shared"
|
||||
target: "{{ .Traefik.SharedMountPoint }}"
|
||||
# Woodpecker data volume
|
||||
- type: "bind"
|
||||
source: "{{ .Woodpecker.DataHostDirectory }}"
|
||||
target: "{{ .Woodpecker.DataContainerDirectory }}"
|
||||
|
|
|
@ -106,7 +106,9 @@ SHOW_FOOTER_VERSION = false
|
|||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
|
||||
|
||||
[oauth2]
|
||||
ENABLE = false
|
||||
ENABLE = {{ .Forgejo.Oauth2Enable }}
|
||||
JWT_SIGNING_ALGORITHM = {{ .Forgejo.Oauth2JwtSigningAlgo }}
|
||||
JWT_SECRET = {{ .Forgejo.Oauth2JwtSecret }}
|
||||
|
||||
[federation]
|
||||
ENABLED = true
|
||||
|
|
28
templates/woodpecker/Dockerfile.gotmpl
Normal file
28
templates/woodpecker/Dockerfile.gotmpl
Normal file
|
@ -0,0 +1,28 @@
|
|||
# syntax=docker/dockerfile:1
|
||||
FROM alpine:3.17
|
||||
|
||||
WORKDIR /tmp
|
||||
|
||||
RUN --mount=type=bind,source=.,target=/packages \
|
||||
apk update --no-cache && apk add --no-cache \
|
||||
bash \
|
||||
ca-certificates \
|
||||
&& addgroup -g {{ .FlowGID }} flow \
|
||||
&& adduser -S -H -D -s /bin/bash -u {{ .Woodpecker.LinuxUID }} -G flow workflow \
|
||||
&& mkdir -p {{ .Woodpecker.DataContainerDirectory }} \
|
||||
&& chown {{ .Woodpecker.LinuxUID }}:{{ .Woodpecker.LinuxUID }} {{ .Woodpecker.DataContainerDirectory }} \
|
||||
&& chmod 0700 {{ .Woodpecker.DataContainerDirectory }} \
|
||||
&& tar xzvf /packages/woodpecker-server-{{ .Woodpecker.Version }}_linux_amd64.tar.gz \
|
||||
&& mv /tmp/woodpecker-server /usr/local/bin/woodpecker-server \
|
||||
&& rm -rf /tmp/*
|
||||
|
||||
COPY --chown={{ .Woodpecker.LinuxUID }}:{{ .Woodpecker.LinuxUID }} entrypoint.sh /usr/local/bin/entrypoint
|
||||
COPY --chown={{ .Woodpecker.LinuxUID }}:{{ .FlowGID }} traefik_woodpecker.yaml /flow/woodpecker/tmp/traefik_woodpecker.yaml
|
||||
|
||||
RUN chmod a+x /usr/local/bin/entrypoint
|
||||
|
||||
ENV GODEBUG=netdns=go
|
||||
|
||||
USER {{ .Woodpecker.LinuxUID }}:{{ .FlowGID }}
|
||||
|
||||
ENTRYPOINT ["entrypoint"]
|
12
templates/woodpecker/entrypoint.sh.gotmpl
Normal file
12
templates/woodpecker/entrypoint.sh.gotmpl
Normal file
|
@ -0,0 +1,12 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
# Move the dynamic traefik config to the shared volume
|
||||
if [ -f /flow/woodpecker/tmp/traefik_woodpecker.yaml ]; then
|
||||
mv /flow/woodpecker/tmp/traefik_woodpecker.yaml {{ .Traefik.SharedMountPoint }}/dynamic/traefik_woodpecker.yaml
|
||||
fi
|
||||
|
||||
exec woodpecker-server
|
26
templates/woodpecker/traefik_woodpecker.yaml.gotmpl
Normal file
26
templates/woodpecker/traefik_woodpecker.yaml.gotmpl
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
http:
|
||||
routers:
|
||||
woodpecker:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}`)"
|
||||
service: "woodpecker"
|
||||
tls:
|
||||
certResolver: resolver
|
||||
woodpecker-grpc:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`{{ .Woodpecker.GrpcSubdomain }}.{{ .RootDomain }}`)"
|
||||
service: "woodpecker-grpc"
|
||||
tls:
|
||||
certResolver: resolver
|
||||
services:
|
||||
woodpecker:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}/"
|
||||
woodpecker-grpc:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "h2c://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}"
|
Loading…
Reference in a new issue