diff options
Diffstat (limited to 'playbooks/roles/ci')
6 files changed, 28 insertions, 111 deletions
diff --git a/playbooks/roles/ci/templates/stacks/docker-compose.yml b/playbooks/roles/ci/templates/stacks/docker-compose.yml index 38e1b1c..3aee1da 100644 --- a/playbooks/roles/ci/templates/stacks/docker-compose.yml +++ b/playbooks/roles/ci/templates/stacks/docker-compose.yml @@ -1,23 +1,20 @@ --- services: - laminard: - image: oci.liz.coffee/img/laminar-ciworker:latest + worker: + image: oci.liz.coffee/@emprespresso/ci-worker:release volumes: - - {{ ci_base }}/volumes/laminar:/var/lib/laminar - /var/run/docker.sock:/var/run/docker.sock - healthcheck: - test: ["CMD-SHELL", "/usr/bin/laminarc show-jobs"] - timeout: 15s - interval: 30s - retries: 3 - start_period: 5s + - {{ ci_base }}/volumes/laminar:/var/lib/laminar/ + - /var/lib/laminar/cfg # don't overwrite cfg jobs & scripts environment: - - BW_CLIENTID={{ vaultwarden_client_id }} - - BW_CLIENTSECRET={{ vaultwarden_client_secret }} - - BW_PASSWORD={{ vaultwarden_master_password }} - TZ={{ timezone }} - DEPLOYMENT_TIME={{ deployment_time }} + - BW_SERVER=https://{{ passwd_domain }} + - BW_CLIENTID={{ passwd_client_id }} + - BW_CLIENTSECRET={{ passwd_client_secret }} + - BW_PASSWORD={{ passwd_master_password }} + - LAMINAR_BIND_RPC=*:9997 networks: - ci - proxy @@ -39,9 +36,28 @@ services: - traefik.http.routers.ci.entrypoints=websecure - traefik.http.services.ci.loadbalancer.server.port=8080 + cihooks: + image: oci.liz.coffee/@emprespresso/ci-hooks:release + environment: + - LAMINAR_HOST=worker:9997 + - LAMINAR_URL=worker:9997 + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ deployment_time }} + networks: + - ci + deploy: + mode: replicated + update_config: + parallelism: 1 + failure_action: rollback + order: start-first + delay: 5s + monitor: 10s + networks: ci: driver: overlay attachable: true + name: ci proxy: external: true diff --git a/playbooks/roles/ci/templates/volumes/data/.gitkeep b/playbooks/roles/ci/templates/volumes/data/.gitkeep deleted file mode 100644 index e69de29..0000000 --- a/playbooks/roles/ci/templates/volumes/data/.gitkeep +++ /dev/null diff --git a/playbooks/roles/ci/templates/volumes/laminar/jobs/build_image.run b/playbooks/roles/ci/templates/volumes/laminar/jobs/build_image.run deleted file mode 100755 index ed7bf21..0000000 --- a/playbooks/roles/ci/templates/volumes/laminar/jobs/build_image.run +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -# usage: laminarc queue build_publish_image registry="oci.liz.coffee" \ -# repo="src/cgit" tag="latest" remote="ssh://src.liz.coffee:2222/cgit" \ -# rev="<sha>" image_file="Dockerfile" - -set -e - -declare -a args=("$registry" "$repo" "$tag" "$remote" "$rev" "$image_file") -for arg in "${args[@]}" -do - if [[ ! "$arg" =~ ^[[:alnum:]:_\.\/\-]*$ ]]; then - echo "Invalid argument format. Don't be sneaky snek (-_-)." - exit 1 - fi -done - -log "Logging into registry $registry" -registry_username="$(get_secret $registry | jq -r ".login.username")" -get_secret $registry | jq -r ".login.password" \ - | docker login --username "$registry_username" --password-stdin "$registry" - -log "Cloning remote $remote" -r=$(echo "build-$(date --iso-8601=seconds)") -git clone "$remote" "$r" && cd "$r" -git checkout "$rev" - -image_tag="$registry/$repo:$tag" -log "Building image $image_tag" -env -i HOME="$HOME" bash -l -c "docker build . -t '$image_tag' -f '$image_file'" - -log "Pushing $image_tag" -docker push "$image_tag" - -cd - -rm -rf "$r" -docker logout "$registry" diff --git a/playbooks/roles/ci/templates/volumes/laminar/jobs/playbook.run b/playbooks/roles/ci/templates/volumes/laminar/jobs/playbook.run deleted file mode 100755 index 181a050..0000000 --- a/playbooks/roles/ci/templates/volumes/laminar/jobs/playbook.run +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# usage: laminarc queue playbook remote="ssh://src.liz.coffee:2222/infra" playbooks="deploy.yml playbooks/labdns.yml" - -set -e - -declare -a args=("$remote" "$playbooks") -for arg in "${args[@]}" -do - if [[ ! "$arg" =~ ^[[:alnum:]:_\ \.\/\-]*$ ]]; then - echo "Invalid argument format. Don't be sneaky snek (-_-)." - exit 1 - fi -done - -log "Cloning remote $remote" -r=$(echo "ansible-$(date --iso-8601=seconds)") -git clone "$remote" "$r" && cd "$r" - -get_secret "ansible_secrets" | jq -r '.notes' > secrets.yml -private_key=$(get_secret "ssh_key" | jq -r '.notes') - -env -i HOME="$HOME" ssh-agent bash -c "ssh-add <(echo \"$private_key\") && ansible-playbook -e @secrets.yml $playbooks" - -cd - -rm -rf "$r" diff --git a/playbooks/roles/ci/templates/volumes/laminar/scripts/get_secret b/playbooks/roles/ci/templates/volumes/laminar/scripts/get_secret deleted file mode 100755 index 2774651..0000000 --- a/playbooks/roles/ci/templates/volumes/laminar/scripts/get_secret +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -bw config server "https://{{ passwd_domain }}" -bw login --apikey --quiet -bw unlock --passwordenv BW_PASSWORD --quiet - -# https://github.com/bitwarden/clients/issues/3366 -function bw_get() { - local pwd - local count - local organisation=${2:-notnull} - - count=$(bw list items --pretty --organizationid ${organisation} | jq -r '[.[] | select(.name=="'$1'")] | length') - - if [[ "$count" -gt 1 ]]; then - echo "Multiple items found" - return 1 - fi - - if [[ "$count" -lt 1 ]]; then - echo "No items found" - return 1 - fi - - pwd=$(bw list items --pretty --organizationid ${organisation} | jq -r '.[] | select(.name=="'$1'")') - if [[ -z "$pwd" ]]; then - echo "Password not found" - return 1 - fi - - echo "$pwd" -} - -bw_get $@ -bw --quiet lock diff --git a/playbooks/roles/ci/templates/volumes/laminar/scripts/log b/playbooks/roles/ci/templates/volumes/laminar/scripts/log deleted file mode 100755 index 180fa33..0000000 --- a/playbooks/roles/ci/templates/volumes/laminar/scripts/log +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -echo `date +"%d-%m-%Y %H:%M:%S"` " - " "${@}" |