chore: readme.adoc

chore: readme.adoc chore: test chore: test2 chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc WIP chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc chore: readme.adoc WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation WIP: documentation fix: documentation WIP: documentation WIP: documentation
2023-11-14 22:06:51 +01:00 · 2023-11-14 22:06:51 +01:00 · 3081492081
parent 4cc983c622
commit 3081492081
19 changed files with 3869 additions and 16 deletions
--- a/.gitignore
+++ b/.gitignore
@ -106,3 +106,4 @@ docker/target/*.jar
 # version-lock as it is only for specific build
 version-lock.sh
 .DS_Store
 .pnpm-store
--- a/.woodpecker/.backend.yml
+++ b/.woodpecker/.backend.yml
@ -19,7 +19,7 @@ steps:
    group: lint
    image: *java_image
    commands:
-      - gradle spotlessCheck --no-daemon
+      - gradle --no-daemon spotlessCheck
  "lint:dockerfile":
    group: lint
    image: ghcr.io/hadolint/hadolint:latest-debian
--- a/.woodpecker/.documentation.yml
+++ b/.woodpecker/.documentation.yml
@ -6,19 +6,43 @@ variables:
 clone:
  git:
    image: woodpeckerci/plugin-git
    partial: false
    settings:
      skip_verify: true
 steps:
  "build:ui-bundle":
    image: *frontend_image
    commands:
-      - ls
+      - npm install
-      - npm ci
+      - npx gulp build
      - npx gulp bundle:pack
-    directory: documentation/layout/oc
+    directory: documentation/layouts/oc
  "build:documentation":
    image: *frontend_image
    commands:
      - unset HTTP_RPOXY # woodpecker sets empty proxy variables, but if present, antora expects valid values, empty is not valid
      - unset http_proxy
      - unset HTTPS_PROXY
      - unset https_proxy
      - pnpm install --frozen-lockfile
-      - pnpm antora generate
+      - pnpm antora generate --stacktrace antora-playbook.yml
    directory: documentation
  "assemble:documentation":
    image: gcr.io/kaniko-project/executor:v1.18.0-debug
    commands: # Test if using --insecure can be used to directly push to the registry
      - echo "$CI_WORKSPACE"
      - echo "$PWD"
      - ls -lh
      - /kaniko/executor
        --context .
        --dockerfile Dockerfile
        --destination=image
        --tar-path=image.tar
        --no-push
      - ls -lh
    directory: documentation
  "publish:documentation":
    image: alpine/crane # because the official crane image is not compatible with woodpecker (no /bin/sh)
    commands:
      - crane push --insecure image.tar "container.192.168.1.151.nip.io:8543/${CI_REPO_OWNER}/${CI_REPO_NAME}"
    directory: documentation
--- a/.woodpecker/.lint_general.yml
+++ b/.woodpecker/.lint_general.yml
@ -17,6 +17,9 @@ steps:
      - npm install --save-dev conventional-changelog-conventionalcommits @commitlint/config-conventional commitlint@latest
      - cat commitlint.txt
      - cat commitlint.txt | npx commitlint
    when:
      - branch: [main, dev]
        event: push
  "lint:precommit":
    group: lint
    image: python:3.11.6-bullseye
--- a/documentation/Dockerfile
+++ b/documentation/Dockerfile
@ -0,0 +1,19 @@
 FROM nginx:1.25.3-alpine
 RUN mkdir /docroot \
 && chgrp -R 0 /etc/nginx \
 && chmod -R g+rwX /etc/nginx \
 # support running as arbitrary user which belongs to the root group \
 && chmod g+rwx /var/cache/nginx /var/run /var/log/nginx \
 # comment user directive as master process is run as different user anyhow \
 && sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
 COPY nginx.vh.default.conf.nginx /etc/nginx/conf.d/default.conf
 COPY build/site /docroot
 RUN echo ls /usr/share/nginx/html \
    && ls -lisa /usr/share/nginx/html
 RUN chown -R nginx: /docroot
 EXPOSE 8080
--- a/documentation/README.adoc
+++ b/documentation/README.adoc
@ -0,0 +1 @@
 test2
--- a/documentation/antora-playbook.yml
+++ b/documentation/antora-playbook.yml
@ -1,6 +1,6 @@
 ---
 site:
-  url: http://127.0.0.1:5001
+  url: https://demo.pages.192.168.1.151.nip.io:8543
  title: Engineering Handbook
  start_page: handbook::index.adoc
@ -17,21 +17,24 @@ antora:
      index_latest_only: true
      snippet_length: 100
 urls:
  latest_version_segment_strategy: redirect:to
  latest_version_segment: stable
  latest_prerelease_version_segment: unstable
  redirect_facility: nginx
 asciidoc:
  extensions:
    - asciidoctor-kroki
  attributes:
-    kroki-server-url: "http://127.0.0.1:8000"
+    kroki-server-url: "http://kroki:8000"
    kroki-fetch-diagram: true
    guidelines-database-development: xref:system-standards:backend/guideline-database.adoc[]
    guidelines-java-development: xref:system-standards:backend/guideline-general-development.adoc#java-guidelines[Java Styleguide]
    guidelines-rest-rule: xref:system-standards:rest-guidelines/index.adoc
    guidelines-rest: xref:system-standards:rest-guidelines/index.adoc[REST Guideline]
 runtime:
  fetch: true
 ui:
  bundle:
-    url: ./layouts/ed/build/ui-bundle.zip
+    url: ./layouts/oc/build/ui-bundle.zip
    snapshot: true
--- a/documentation/antora.yml
+++ b/documentation/antora.yml
@ -6,6 +6,9 @@ version: "1.0"
 nav:
  - modules/ROOT/nav.adoc
 urls:
  redirect_facility: nginx
 asciidoc:
  attributes:
    MUST: |
--- a/documentation/build.gradle.kts
+++ b/documentation/build.gradle.kts
@ -21,4 +21,5 @@ tasks.register<NpmTask>("preview", NpmTask::class.java) {
 }
 tasks.findByName("antora")?.dependsOn(":layouts:oc:build")
 tasks.findByName("build")?.dependsOn("antora")
--- a/documentation/layouts/oc/build.gradle.kts
+++ b/documentation/layouts/oc/build.gradle.kts
@ -1,8 +1,6 @@
 import com.github.gradle.node.npm.task.NpmTask
-plugins {
+plugins { id("com.github.node-gradle.node") }
  id("com.github.node-gradle.node")
 }
 node {
  download.set(true)
--- a/documentation/layouts/oc/test
+++ b/documentation/layouts/oc/test
--- a/documentation/nginx.vh.default.conf.nginx
+++ b/documentation/nginx.vh.default.conf.nginx
@ -0,0 +1,51 @@
 # config to don't allow the browser to render the page inside a frame or iframe
 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
 # add_header X-Frame-Options SAMEORIGIN;
 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
 # to disable content-type sniffing on some browsers.
 add_header X-Content-Type-Options nosniff;
 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
 # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
 # this particular website if it was disabled by the user.
 add_header X-XSS-Protection "1; mode=block" always;
 # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
 # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
 # also https://hstspreload.org/
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 server {
    listen       8080;
    server_name  localhost;
    # don't send the nginx version number in error pages and Server header
    server_tokens off;
    port_in_redirect off;
    absolute_redirect off;
    server_name_in_redirect off;
    location = /.etc/nginx/rewrite.conf {
      deny   all;
      return 404;
    }
    include /docroot/.etc/nginx/rewrite.conf;
    location / {
      root /docroot;
      index  index.html /index.html;
    }
    error_page  404              /404.html;
    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
 }
--- a/documentation/package-lock.json
+++ b/documentation/package-lock.json
--- a/documentation/package.json
+++ b/documentation/package.json
@ -1,7 +1,8 @@
 {
  "scripts": {
    "check:links": "linkinator ./build/site --config linkinator.config.json",
-    "preview": "http-server build/site -c-1 -p 5001"
+    "preview": "http-server build/site -c-1 -p 5001",
    "build": "antora generate --clean --fetch --noproxy '*' antora-playbook.yml"
  },
  "devDependencies": {
    "@antora/cli": "3.1.4",
--- a/infrastructure/README.adoc
+++ b/infrastructure/README.adoc
@ -0,0 +1,73 @@
 = Forgejo
 You need to find out the official IP address of your computer.
 This can be done using the following command: `./update-ip-addr.sh`
 It updates also the .env file and in this file (so you can easily copy and paste the links)
 Lets say it is `192.168.1.151` then the URLs for accessing the services are:
 |===
 |Service | URL | User / Pwd
 | git | https://git.192.168.1.151.nip.io:8543[] |
 | woodpecker | https://ci.192.168.1.151.nip.io:8543[] |
 | Traefik Dashboard | http://traefik.192.168.1.151.nip.io:8181[] |
 |===
 First start forgejo using:
 `docker compose up -d traefik forgejo`
 And then register an (admin) user in forgejo.
 E.g., fjadmin / admin123 / fjadmin@localhost.de
 Setup > Applications > oauth2 apps
 woodpecker / https://ci.192.168.1.151.nip.io:8543/authorize
 note client-id and client-secret and enter this in .env for.
 Now you can start everything using `docker compose up -d`.
 == Chaning IP
 If the IP address of your computer changes, you have to update some configuration.
 1. `./update-ip-addr.sh`
 2. `docker exec -it -u root forgejo /bin/ash` and then `vi /data/gitea/conf/app.ini`` and change the IP address.
 3. `docker compose down`
 4. `docker volume rm forgejo_woodpecker``
 5. `docker compose up -d`
 == Check access to woodpecker
 Access https://ci.192.168.1.151.nip.io:8543 and try to login.
 == Create and push a repository
 In forgejo, you should create a new repository, called ci-demo-2.
 You need to disable ssl verification for this remote in your local git directory:
     git config http.sslVerify false
 Then add the repository
 git remote add origin https://git.192.168.1.151.nip.io:8543/fjadmin/ci-demo-2.git
 and push it
 git push -u --all origin
 You need also at least one tag.
 git push --tags origin
 == Adding Repo to woodpecker
 In woodpecker, you need to add the repository.
 It should be listed in the repositories list if you try to add it.
 You need to "activate" the repository in woodpecker using the button.
--- a/infrastructure/docker-compose.yml
+++ b/infrastructure/docker-compose.yml
@ -0,0 +1,227 @@
 ---
 version: "3.7"
 networks:
  woodpecker:
  forgejo:
  proxy:
    driver: bridge
 volumes:
  forgejo:
  postgres:
  woodpecker:
  traefik_config:
  traefik_certs:
  traefik_logs:
  registry:
  artifacts_data:
  verdaccio_data:
  verdaccio_config:
  verdaccio_plugins:
 services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    ports:
      # The HTTP port
      - "8380:80"
      # The HTTPS port
      - "8543:443"
      # SSH port
      - "2222:222/tcp"
      # The Web UI (enabled by '--api.dashboard=true' and '--api.insecure=true')
      - "8181:8080"
    networks:
      - proxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
      - "traefik_certs:/etc/certs"
      - "traefik_logs:/var/log/traefik"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.entrypoints=https"
      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
  smtp:
    image: "maildev/maildev:2.1.0"
    networks:
      - proxy
    ports:
      - "1080:1080"
      - "1025:1025"
  forgejo:
    image: codeberg.org/forgejo/forgejo:1.20
    container_name: forgejo
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - FORGEJO__database__DB_TYPE=postgres
      - FORGEJO__database__HOST=db:5432
      - FORGEJO__database__NAME=forgejo
      - FORGEJO__database__USER=forgejo
      - FORGEJO__database__PASSWD=forgejo
      - FORGEJO__webhook__SKIP_TLS_VERIFY=true
      - FORGEJO__webhook__ALLOWED_HOST_LIST=external,*
      - FORGEJO__webhook__DELIVER_TIMEOUT=20
      - FORGEJO__mailer__SMTP_ADDR=smtp
      - FORGEJO__mailer__SMTP_PORT=1025
    restart: always
    networks:
      - forgejo
      - proxy
    volumes:
      - forgejo:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - db
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.forgejo.rule=Host(`${FORGEJO_HOST}`)"
      - "traefik.http.routers.forgejo.entrypoints=https"
      - "traefik.http.routers.forgejo.tls=true"
      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
      - "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.forgejo-ssh.service=gitea-ssh-svc"
      - "traefik.tcp.services.forgejo-ssh-svc.loadbalancer.server.port=22"
  db:
    image: postgres:14
    restart: always
    environment:
      - POSTGRES_USER=forgejo
      - POSTGRES_PASSWORD=forgejo
      - POSTGRES_DB=forgejo
    networks:
      - forgejo
    volumes:
      - postgres:/var/lib/postgresql/data
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:v1.0.5
    container_name: woodpecker-server
    restart: unless-stopped
    cpus: 0.5
    mem_limit: 512m
    networks:
      - woodpecker
      - proxy
    environment:
      - "WOODPECKER_OPEN=true"
      - "WOODPECKER_HOST=${WOODPECKER_URL}"
      - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
      - "WOODPECKER_ADMIN=${WOODPECKER_ADMIN}"
      - "WOODPECKER_GITEA=true"
      - "WOODPECKER_GITEA_URL=${WOODPECKER_FORGEJO_URL}"
      - "WOODPECKER_GITEA_CLIENT=${WOODPECKER_FORGEJO_CLIENT}"
      - "WOODPECKER_GITEA_SECRET=${WOODPECKER_FORGEJO_SECRET}"
      - "WOODPECKER_GITEA_SKIP_VERIFY=true"
      - "WOODPECKER_LIMIT_MEM=2147483648"
      - "WOODPECKER_LIMIT_MEM_SWAP=2147483648"
    volumes:
      - "woodpecker:/var/lib/woodpecker"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.woodpecker.rule=Host(`${WOODPECKER_HOST}`)"
      - "traefik.http.routers.woodpecker.tls=true"
      - "traefik.http.routers.woodpecker.entrypoints=https"
      - "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
  woodpecker-agent:
    container_name: woodpecker-agent
    image: woodpeckerci/woodpecker-agent:v1.0.5
    restart: unless-stopped
    cpus: 0.5
    mem_limit: 512m
    depends_on:
      - woodpecker-server
    networks:
      - woodpecker
    environment:
      - "WOODPECKER_SERVER=woodpecker-server:9000"
      - "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
      - "WOODPECKER_MAX_WORKFLOWS=2"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
  registry:
    image: registry:2
    container_name: registry
    networks:
      - proxy
    environment:
      - REGISTRY_STORAGE_DELETE_ENABLED=true
    volumes:
      - registry:/var/lib/registry
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.registry.rule=Host(`${REGISTRY_HOST}`)"
      - "traefik.http.routers.registry.tls=true"
      - "traefik.http.routers.registry.entrypoints=https,http"
      - "traefik.http.services.registry.loadbalancer.server.port=5000"
  ui:
    image: joxit/docker-registry-ui:latest
    environment:
      - DELETE_IMAGES=true
      - REGISTRY_TITLE=My Private Docker Registry
      - NGINX_PROXY_PASS_URL=http://registry:5000
      - SINGLE_REGISTRY=true
    depends_on: ['registry']
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.regui.rule=Host(`${REGISTRY_UI_HOST}`)"
      - "traefik.http.routers.regui.tls=true"
      - "traefik.http.routers.regui.entrypoints=https"
      - "traefik.http.services.regui.loadbalancer.passhostheader=true"
  mvn-registry:
    image: ghcr.io/dzikoysk/reposilite:3.4.10
    container_name: mvn-registry
    deploy:
      resources:
        limits:
          memory: ${REPOSILITE_MEMORY}
    networks:
      - proxy
    volumes:
      - artifacts_data:/app/data
    stdin_open: true
    environment:
      - JAVA_OPTS=-Xmx${REPOSILITE_MEMORY} ${REPOSILITE_JAVA_COMPOSE_OPTS}
      - REPOSILITE_OPTS=--port ${REPOSILITE_PORT} ${REPOSILITE_COMPOSE_OPTS}
    tty: true
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.artifacts.rule=Host(`${ARTIFACTS_HOST}`)"
      - "traefik.http.routers.artifacts.entrypoints=http"
      - "traefik.http.services.artifacts.loadbalancer.server.port=8080"
  verdaccio:
    image: verdaccio/verdaccio:5
    container_name: verdaccio
    volumes:
      - verdaccio_data:/verdaccio/storage
      - verdaccio_config:/verdaccio/conf
      - verdaccio_plugins:/verdaccio/plugins
    ports:
      - "4873:4873"
    networks:
      - proxy
    labels:
      - "traefik.http.routers.artifacts.rule=Host(`${VERDACCIO_HOST}`)"
      - "traefik.http.routers.artifacts.entrypoints=http"
      - "traefik.http.services.artifacts.loadbalancer.server.port=4873"
  #
  #watchtower:
  # image: containrrr/watchtower:latest
  # volumes:
  #   - /var/run/docker.sock:/var/run/docker.sock
--- a/infrastructure/traefik/traefik.yml
+++ b/infrastructure/traefik/traefik.yml
@ -0,0 +1,34 @@
 ---
 global:
  sendAnonymousUsage: false
 api:
  dashboard: true
  insecure: true
 log:
  level: INFO
  filePath: /var/log/traefik/traefik.log
 accessLog:
  filePath: /var/log/traefik/access.log
  bufferingSize: 100
 providers:
  docker:
    watch: true
    exposedByDefault: false
    network: forgejo_proxy
 entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: https
          scheme: https
  https:
    address: ":443"
  ssh:
    address: ":222"
--- a/infrastructure/update-ip-addr.sh
+++ b/infrastructure/update-ip-addr.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 if [ $# -eq 0 ] ; then
  newip=$(ifconfig | grep 0xfff | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v 255 | head -1 | sed 's/\./-/g')
  searchStr="s/[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}"
 elif [ $# -eq 2 ] ; then
  newip=$2
  searchStr=$1
 else
  echo "you must either provide 0 arguments or"
  echo "exactly 2 arguments:"
  echo "./update-ip-adrr.sh <old-ip-or-dns> <new-ip-or-dns>"
 fi
 echo $newip
 sed -i -e "s/${searchStr}"/"$newip"/g .env
 sed -i -e 's/[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}'/"$newip"/g README.adoc
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@ -13,4 +13,5 @@ plugins {
 rootProject.name = "ci-demo"
 include("app", "list", "utilities")
 includeBuild("documentation")