flow/services
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Activity

feat: add Work Flow to Flow Platform

Browse source 
- Deploy Work Flow (woodpecker) to the Flow Platform.
- Enable oauth2 in Code Flow.
This commit is contained in:
Dan Anglin 2023-05-11 23:17:46 +01:00
parent f390ddfe07
commit bcd67bc3f6
Signed by: dananglin
GPG key ID: 0C1D44CFBEE68638
7 changed files with 132 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config

@ -1 +1 @@
Subproject commit c7e82ff40b7478a16d11e89b815f83e6c698cfc6 Subproject commit e4d0eb1388ef090fe38107476c5b5298bed3dbd8

22
magefiles/config.go
View file

@ -16,6 +16,7 @@ type config struct {
Traefik traefikConfig `json:"traefik"` Traefik traefikConfig `json:"traefik"`
Forgejo forgejoConfig `json:"forgejo"` Forgejo forgejoConfig `json:"forgejo"`
GoToSocial gotosocialConfig `json:"gotosocial"` GoToSocial gotosocialConfig `json:"gotosocial"`
Woodpecker woodpeckerConfig `json:"woodpecker"`
} }
type traefikConfig struct { type traefikConfig struct {
@ -55,6 +56,9 @@ type forgejoConfig struct {
SecretKey string `json:"secretKey"` SecretKey string `json:"secretKey"`
InternalToken string `json:"internalToken"` InternalToken string `json:"internalToken"`
LfsJwtSecret string `json:"lfsJwtSecret"` LfsJwtSecret string `json:"lfsJwtSecret"`
Oauth2Enable bool `json:"oauth2Enable"`
Oauth2JwtSigningAlgo string `json:"oauth2JwtSigningAlgo"`
Oauth2JwtSecret string `json:"oauth2JwtSecret"`
} }
type gotosocialConfig struct { type gotosocialConfig struct {
@ -69,6 +73,24 @@ type gotosocialConfig struct {
DataContainerDirectory string `json:"dataContainerDirectory"` DataContainerDirectory string `json:"dataContainerDirectory"`
} }
type woodpeckerConfig struct {
Version string `json:"version"`
LogLevel string `json:"logLevel"`
LinuxUID int32 `json:"linuxUID"`
Subdomain string `json:"subdomain"`
GrpcSubdomain string `json:"grpcSubdomain"`
ContainerIpv4Address string `json:"containerIpv4Address"`
HttpPort int32 `json:"httpPort"`
GrpcPort int32 `json:"grpcPort"`
DataHostDirectory string `json:"dataHostDirectory"`
DataContainerDirectory string `json:"dataContainerDirectory"`
Admin string `json:"admin"`
Open bool `json:"open"`
AgentSecret string `json:"agentSecret"`
ForgejoClientID string `json:"forgejoClientID"`
ForgejoClientSecret string `json:"forgejoClientSecret"`
}
func newConfig(path string) (config, error) { func newConfig(path string) (config, error) {
var c config var c config

41
templates/compose/docker-compose.yaml.gotmpl
View file

@ -80,7 +80,7 @@ services:
- type: "bind" - type: "bind"
source: "{{ .Forgejo.DataHostDirectory }}" source: "{{ .Forgejo.DataHostDirectory }}"
target: "{{ .Forgejo.DataContainerDirectory }}" target: "{{ .Forgejo.DataContainerDirectory }}"
# -- Free Flow 2 -- # -- Free Flow --
gotosocial: gotosocial:
container_name: "free-flow" container_name: "free-flow"
image: "localhost/flow/gotosocial:{{ .GoToSocial.Version }}" image: "localhost/flow/gotosocial:{{ .GoToSocial.Version }}"
@ -102,3 +102,42 @@ services:
- type: "bind" - type: "bind"
source: "{{ .GoToSocial.DataHostDirectory }}" source: "{{ .GoToSocial.DataHostDirectory }}"
target: "{{ .GoToSocial.DataContainerDirectory }}" target: "{{ .GoToSocial.DataContainerDirectory }}"
# -- Work Flow --
woodpecker:
container_name: "work-flow"
image: "localhost/flow/woodpecker:{{ .Woodpecker.Version }}"
build:
context: "../woodpecker"
environment:
WOODPECKER_LOG_LEVEL: "{{ .Woodpecker.LogLevel }}"
WOODPECKER_HOST: "https://{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}"
WOODPECKER_SERVER_ADDR: "{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}"
WOODPECKER_GRPC_ADDR: "{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}"
WOODPECKER_LETS_ENCRYPT: "false"
WOODPECKER_ADMIN: "{{ .Woodpecker.Admin }}"
WOODPECKER_OPEN: "{{ .Woodpecker.Open }}"
WOODPECKER_AGENT_SECRET: "{{ .Woodpecker.AgentSecret }}"
WOODPECKER_DATABASE_DRIVER: "sqlite3"
WOODPECKER_DATABASE_DATASOURCE: "{{ .Woodpecker.DataContainerDirectory }}/woodpecker.db"
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: "https://{{ .Forgejo.Subdomain }}.{{ .RootDomain }}"
WOODPECKER_GITEA_CLIENT: "{{ .Woodpecker.ForgejoClientID }}"
WOODPECKER_GITEA_SECRET: "{{ .Woodpecker.ForgejoClientSecret }}"
WOODPECKER_GITEA_SKIP_VERIFY: "false"
expose:
- "{{ .Woodpecker.HttpPort }}"
- "{{ .Woodpecker.GrpcPort }}"
networks:
flow:
ipv4_address: "{{ .Woodpecker.ContainerIpv4Address }}"
restart: "always"
volumes:
{{- template "defaultVolumes" }}
# Shared volume
- type: "volume"
source: "traefik-shared"
target: "{{ .Traefik.SharedMountPoint }}"
# Woodpecker data volume
- type: "bind"
source: "{{ .Woodpecker.DataHostDirectory }}"
target: "{{ .Woodpecker.DataContainerDirectory }}"

4
templates/forgejo/app.ini.gotmpl
View file

@ -106,7 +106,9 @@ SHOW_FOOTER_VERSION = false
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
[oauth2] [oauth2]
ENABLE = false ENABLE = {{ .Forgejo.Oauth2Enable }}
JWT_SIGNING_ALGORITHM = {{ .Forgejo.Oauth2JwtSigningAlgo }}
JWT_SECRET = {{ .Forgejo.Oauth2JwtSecret }}
[federation] [federation]
ENABLED = true ENABLED = true

28
templates/woodpecker/Dockerfile.gotmpl Normal file
View file

@ -0,0 +1,28 @@
# syntax=docker/dockerfile:1
FROM alpine:3.17
WORKDIR /tmp
RUN --mount=type=bind,source=.,target=/packages \
apk update --no-cache && apk add --no-cache \
bash \
ca-certificates \
&& addgroup -g {{ .FlowGID }} flow \
&& adduser -S -H -D -s /bin/bash -u {{ .Woodpecker.LinuxUID }} -G flow workflow \
&& mkdir -p {{ .Woodpecker.DataContainerDirectory }} \
&& chown {{ .Woodpecker.LinuxUID }}:{{ .Woodpecker.LinuxUID }} {{ .Woodpecker.DataContainerDirectory }} \
&& chmod 0700 {{ .Woodpecker.DataContainerDirectory }} \
&& tar xzvf /packages/woodpecker-server-{{ .Woodpecker.Version }}_linux_amd64.tar.gz \
&& mv /tmp/woodpecker-server /usr/local/bin/woodpecker-server \
&& rm -rf /tmp/*
COPY --chown={{ .Woodpecker.LinuxUID }}:{{ .Woodpecker.LinuxUID }} entrypoint.sh /usr/local/bin/entrypoint
COPY --chown={{ .Woodpecker.LinuxUID }}:{{ .FlowGID }} traefik_woodpecker.yaml /flow/woodpecker/tmp/traefik_woodpecker.yaml
RUN chmod a+x /usr/local/bin/entrypoint
ENV GODEBUG=netdns=go
USER {{ .Woodpecker.LinuxUID }}:{{ .FlowGID }}
ENTRYPOINT ["entrypoint"]

12
templates/woodpecker/entrypoint.sh.gotmpl Normal file
View file

@ -0,0 +1,12 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
# Move the dynamic traefik config to the shared volume
if [ -f /flow/woodpecker/tmp/traefik_woodpecker.yaml ]; then
mv /flow/woodpecker/tmp/traefik_woodpecker.yaml {{ .Traefik.SharedMountPoint }}/dynamic/traefik_woodpecker.yaml
fi
exec woodpecker-server

26
templates/woodpecker/traefik_woodpecker.yaml.gotmpl Normal file
View file

@ -0,0 +1,26 @@
---
http:
routers:
woodpecker:
entryPoints:
- "https"
rule: "Host(`{{ .Woodpecker.Subdomain }}.{{ .RootDomain }}`)"
service: "woodpecker"
tls:
certResolver: resolver
woodpecker-grpc:
entryPoints:
- "https"
rule: "Host(`{{ .Woodpecker.GrpcSubdomain }}.{{ .RootDomain }}`)"
service: "woodpecker-grpc"
tls:
certResolver: resolver
services:
woodpecker:
loadBalancer:
servers:
- url: "http://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.HttpPort }}/"
woodpecker-grpc:
loadBalancer:
servers:
- url: "h2c://{{ .Woodpecker.ContainerIpv4Address }}:{{ .Woodpecker.GrpcPort }}"