fjadmin
/
ci-demo-2
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

chore: readme.adoc
ci/woodpecker/tag/lint_general Pipeline was successful Details
ci/woodpecker/tag/documentation Pipeline failed Details
ci/woodpecker/tag/frontend Pipeline failed Details
ci/woodpecker/tag/backend Pipeline was successful Details 

chore: readme.adoc

chore: test

chore: test2

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore:  readme.adoc

chore: readme.adoc

WIP

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

chore: readme.adoc

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

WIP: documentation

fix: documentation

WIP: documentation

WIP: documentation
pull/1/head 0.2
Richard Attermeyer 2023-11-14 22:06:51 +01:00
parent 4cc983c622
commit 3081492081
19 changed files with 3869 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -106,3 +106,4 @@ docker/target/*.jar
# version-lock as it is only for specific build
version-lock.sh
.DS_Store
.pnpm-store

2
.woodpecker/.backend.yml
View File

@ -19,7 +19,7 @@ steps:
group: lint
image: *java_image
commands:
- gradle spotlessCheck --no-daemon
- gradle --no-daemon spotlessCheck
"lint:dockerfile":
group: lint
image: ghcr.io/hadolint/hadolint:latest-debian

32
.woodpecker/.documentation.yml
View File

@ -6,19 +6,43 @@ variables:
clone:
git:
image: woodpeckerci/plugin-git
partial: false
settings:
skip_verify: true
steps:
"build:ui-bundle":
image: *frontend_image
commands:
- ls
- npm ci
- npm install
- npx gulp build
- npx gulp bundle:pack
directory: documentation/layout/oc
directory: documentation/layouts/oc
"build:documentation":
image: *frontend_image
commands:
- unset HTTP_RPOXY # woodpecker sets empty proxy variables, but if present, antora expects valid values, empty is not valid
- unset http_proxy
- unset HTTPS_PROXY
- unset https_proxy
- pnpm install --frozen-lockfile
- pnpm antora generate
- pnpm antora generate --stacktrace antora-playbook.yml
directory: documentation
"assemble:documentation":
image: gcr.io/kaniko-project/executor:v1.18.0-debug
commands: # Test if using --insecure can be used to directly push to the registry
- echo "$CI_WORKSPACE"
- echo "$PWD"
- ls -lh
- /kaniko/executor
--context .
--dockerfile Dockerfile
--destination=image
--tar-path=image.tar
--no-push
- ls -lh
directory: documentation
"publish:documentation":
image: alpine/crane # because the official crane image is not compatible with woodpecker (no /bin/sh)
commands:
- crane push --insecure image.tar "container.192.168.1.151.nip.io:8543/${CI_REPO_OWNER}/${CI_REPO_NAME}"
directory: documentation

3
.woodpecker/.lint_general.yml
View File

@ -17,6 +17,9 @@ steps:
- npm install --save-dev conventional-changelog-conventionalcommits @commitlint/config-conventional commitlint@latest
- cat commitlint.txt
- cat commitlint.txt | npx commitlint
when:
- branch: [main, dev]
event: push
"lint:precommit":
group: lint
image: python:3.11.6-bullseye

19
documentation/Dockerfile Normal file
View File

@ -0,0 +1,19 @@
FROM nginx:1.25.3-alpine
RUN mkdir /docroot \
&& chgrp -R 0 /etc/nginx \
&& chmod -R g+rwX /etc/nginx \
# support running as arbitrary user which belongs to the root group \
&& chmod g+rwx /var/cache/nginx /var/run /var/log/nginx \
# comment user directive as master process is run as different user anyhow \
&& sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
COPY nginx.vh.default.conf.nginx /etc/nginx/conf.d/default.conf
COPY build/site /docroot
RUN echo ls /usr/share/nginx/html \
&& ls -lisa /usr/share/nginx/html
RUN chown -R nginx: /docroot
EXPOSE 8080

1
documentation/README.adoc Normal file
View File

@ -0,0 +1 @@
test2

17
documentation/antora-playbook.yml
View File

@ -1,6 +1,6 @@
---
site:
url: http://127.0.0.1:5001
url: https://demo.pages.192.168.1.151.nip.io:8543
title: Engineering Handbook
start_page: handbook::index.adoc
@ -17,21 +17,24 @@ antora:
index_latest_only: true
snippet_length: 100
urls:
latest_version_segment_strategy: redirect:to
latest_version_segment: stable
latest_prerelease_version_segment: unstable
redirect_facility: nginx
asciidoc:
extensions:
- asciidoctor-kroki
attributes:
kroki-server-url: "http://127.0.0.1:8000"
kroki-server-url: "http://kroki:8000"
kroki-fetch-diagram: true
guidelines-database-development: xref:system-standards:backend/guideline-database.adoc[]
guidelines-java-development: xref:system-standards:backend/guideline-general-development.adoc#java-guidelines[Java Styleguide]
guidelines-rest-rule: xref:system-standards:rest-guidelines/index.adoc
guidelines-rest: xref:system-standards:rest-guidelines/index.adoc[REST Guideline]
runtime:
fetch: true
ui:
bundle:
url: ./layouts/ed/build/ui-bundle.zip
url: ./layouts/oc/build/ui-bundle.zip
snapshot: true

3
documentation/antora.yml
View File

@ -6,6 +6,9 @@ version: "1.0"
nav:
- modules/ROOT/nav.adoc
urls:
redirect_facility: nginx
asciidoc:
attributes:
MUST: |

1
documentation/build.gradle.kts
View File

@ -21,4 +21,5 @@ tasks.register<NpmTask>("preview", NpmTask::class.java) {
}
tasks.findByName("antora")?.dependsOn(":layouts:oc:build")
tasks.findByName("build")?.dependsOn("antora")

4
documentation/layouts/oc/build.gradle.kts
View File

@ -1,8 +1,6 @@
import com.github.gradle.node.npm.task.NpmTask
plugins {
id("com.github.node-gradle.node")
}
plugins { id("com.github.node-gradle.node") }
node {
download.set(true)

0
documentation/layouts/oc/test Normal file
View File

51
documentation/nginx.vh.default.conf.nginx Normal file
View File

@ -0,0 +1,51 @@
# config to don't allow the browser to render the page inside a frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
# add_header X-Frame-Options SAMEORIGIN;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
add_header X-Content-Type-Options nosniff;
# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
# this particular website if it was disabled by the user.
add_header X-XSS-Protection "1; mode=block" always;
# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
# also https://hstspreload.org/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
server {
listen 8080;
server_name localhost;
# don't send the nginx version number in error pages and Server header
server_tokens off;
port_in_redirect off;
absolute_redirect off;
server_name_in_redirect off;
location = /.etc/nginx/rewrite.conf {
deny all;
return 404;
}
include /docroot/.etc/nginx/rewrite.conf;
location / {
root /docroot;
index index.html /index.html;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

3398
documentation/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

3
documentation/package.json
View File

@ -1,7 +1,8 @@
{
"scripts": {
"check:links": "linkinator ./build/site --config linkinator.config.json",
"preview": "http-server build/site -c-1 -p 5001"
"preview": "http-server build/site -c-1 -p 5001",
"build": "antora generate --clean --fetch --noproxy '*' antora-playbook.yml"
},
"devDependencies": {
"@antora/cli": "3.1.4",

73
infrastructure/README.adoc Normal file
View File

@ -0,0 +1,73 @@
= Forgejo
You need to find out the official IP address of your computer.
This can be done using the following command: `./update-ip-addr.sh`
It updates also the .env file and in this file (so you can easily copy and paste the links)
Lets say it is `192.168.1.151` then the URLs for accessing the services are:
|===
|Service | URL | User / Pwd
| git | https://git.192.168.1.151.nip.io:8543[] |
| woodpecker | https://ci.192.168.1.151.nip.io:8543[] |
| Traefik Dashboard | http://traefik.192.168.1.151.nip.io:8181[] |
|===
First start forgejo using:
`docker compose up -d traefik forgejo`
And then register an (admin) user in forgejo.
E.g., fjadmin / admin123 / fjadmin@localhost.de
Setup > Applications > oauth2 apps
woodpecker / https://ci.192.168.1.151.nip.io:8543/authorize
note client-id and client-secret and enter this in .env for.
Now you can start everything using `docker compose up -d`.
== Chaning IP
If the IP address of your computer changes, you have to update some configuration.
1. `./update-ip-addr.sh`
2. `docker exec -it -u root forgejo /bin/ash` and then `vi /data/gitea/conf/app.ini`` and change the IP address.
3. `docker compose down`
4. `docker volume rm forgejo_woodpecker``
5. `docker compose up -d`
== Check access to woodpecker
Access https://ci.192.168.1.151.nip.io:8543 and try to login.
== Create and push a repository
In forgejo, you should create a new repository, called ci-demo-2.
You need to disable ssl verification for this remote in your local git directory:
git config http.sslVerify false
Then add the repository
git remote add origin https://git.192.168.1.151.nip.io:8543/fjadmin/ci-demo-2.git
and push it
git push -u --all origin
You need also at least one tag.
git push --tags origin
== Adding Repo to woodpecker
In woodpecker, you need to add the repository.
It should be listed in the repositories list if you try to add it.
You need to "activate" the repository in woodpecker using the button.

227
infrastructure/docker-compose.yml Normal file
View File

@ -0,0 +1,227 @@
---
version: "3.7"
networks:
woodpecker:
forgejo:
proxy:
driver: bridge
volumes:
forgejo:
postgres:
woodpecker:
traefik_config:
traefik_certs:
traefik_logs:
registry:
artifacts_data:
verdaccio_data:
verdaccio_config:
verdaccio_plugins:
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
ports:
# The HTTP port
- "8380:80"
# The HTTPS port
- "8543:443"
# SSH port
- "2222:222/tcp"
# The Web UI (enabled by '--api.dashboard=true' and '--api.insecure=true')
- "8181:8080"
networks:
- proxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
- "traefik_certs:/etc/certs"
- "traefik_logs:/var/log/traefik"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_HOST}`)"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.entrypoints=https"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
smtp:
image: "maildev/maildev:2.1.0"
networks:
- proxy
ports:
- "1080:1080"
- "1025:1025"
forgejo:
image: codeberg.org/forgejo/forgejo:1.20
container_name: forgejo
environment:
- USER_UID=1000
- USER_GID=1000
- FORGEJO__database__DB_TYPE=postgres
- FORGEJO__database__HOST=db:5432
- FORGEJO__database__NAME=forgejo
- FORGEJO__database__USER=forgejo
- FORGEJO__database__PASSWD=forgejo
- FORGEJO__webhook__SKIP_TLS_VERIFY=true
- FORGEJO__webhook__ALLOWED_HOST_LIST=external,*
- FORGEJO__webhook__DELIVER_TIMEOUT=20
- FORGEJO__mailer__SMTP_ADDR=smtp
- FORGEJO__mailer__SMTP_PORT=1025
restart: always
networks:
- forgejo
- proxy
volumes:
- forgejo:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- db
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`${FORGEJO_HOST}`)"
- "traefik.http.routers.forgejo.entrypoints=https"
- "traefik.http.routers.forgejo.tls=true"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
- "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
- "traefik.tcp.routers.forgejo-ssh.service=gitea-ssh-svc"
- "traefik.tcp.services.forgejo-ssh-svc.loadbalancer.server.port=22"
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=forgejo
- POSTGRES_PASSWORD=forgejo
- POSTGRES_DB=forgejo
networks:
- forgejo
volumes:
- postgres:/var/lib/postgresql/data
woodpecker-server:
image: woodpeckerci/woodpecker-server:v1.0.5
container_name: woodpecker-server
restart: unless-stopped
cpus: 0.5
mem_limit: 512m
networks:
- woodpecker
- proxy
environment:
- "WOODPECKER_OPEN=true"
- "WOODPECKER_HOST=${WOODPECKER_URL}"
- "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
- "WOODPECKER_ADMIN=${WOODPECKER_ADMIN}"
- "WOODPECKER_GITEA=true"
- "WOODPECKER_GITEA_URL=${WOODPECKER_FORGEJO_URL}"
- "WOODPECKER_GITEA_CLIENT=${WOODPECKER_FORGEJO_CLIENT}"
- "WOODPECKER_GITEA_SECRET=${WOODPECKER_FORGEJO_SECRET}"
- "WOODPECKER_GITEA_SKIP_VERIFY=true"
- "WOODPECKER_LIMIT_MEM=2147483648"
- "WOODPECKER_LIMIT_MEM_SWAP=2147483648"
volumes:
- "woodpecker:/var/lib/woodpecker"
labels:
- "traefik.enable=true"
- "traefik.http.routers.woodpecker.rule=Host(`${WOODPECKER_HOST}`)"
- "traefik.http.routers.woodpecker.tls=true"
- "traefik.http.routers.woodpecker.entrypoints=https"
- "traefik.http.services.woodpecker.loadbalancer.server.port=8000"
woodpecker-agent:
container_name: woodpecker-agent
image: woodpeckerci/woodpecker-agent:v1.0.5
restart: unless-stopped
cpus: 0.5
mem_limit: 512m
depends_on:
- woodpecker-server
networks:
- woodpecker
environment:
- "WOODPECKER_SERVER=woodpecker-server:9000"
- "WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}"
- "WOODPECKER_MAX_WORKFLOWS=2"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
registry:
image: registry:2
container_name: registry
networks:
- proxy
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
volumes:
- registry:/var/lib/registry
labels:
- "traefik.enable=true"
- "traefik.http.routers.registry.rule=Host(`${REGISTRY_HOST}`)"
- "traefik.http.routers.registry.tls=true"
- "traefik.http.routers.registry.entrypoints=https,http"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
ui:
image: joxit/docker-registry-ui:latest
environment:
- DELETE_IMAGES=true
- REGISTRY_TITLE=My Private Docker Registry
- NGINX_PROXY_PASS_URL=http://registry:5000
- SINGLE_REGISTRY=true
depends_on: ['registry']
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.regui.rule=Host(`${REGISTRY_UI_HOST}`)"
- "traefik.http.routers.regui.tls=true"
- "traefik.http.routers.regui.entrypoints=https"
- "traefik.http.services.regui.loadbalancer.passhostheader=true"
mvn-registry:
image: ghcr.io/dzikoysk/reposilite:3.4.10
container_name: mvn-registry
deploy:
resources:
limits:
memory: ${REPOSILITE_MEMORY}
networks:
- proxy
volumes:
- artifacts_data:/app/data
stdin_open: true
environment:
- JAVA_OPTS=-Xmx${REPOSILITE_MEMORY} ${REPOSILITE_JAVA_COMPOSE_OPTS}
- REPOSILITE_OPTS=--port ${REPOSILITE_PORT} ${REPOSILITE_COMPOSE_OPTS}
tty: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.artifacts.rule=Host(`${ARTIFACTS_HOST}`)"
- "traefik.http.routers.artifacts.entrypoints=http"
- "traefik.http.services.artifacts.loadbalancer.server.port=8080"
verdaccio:
image: verdaccio/verdaccio:5
container_name: verdaccio
volumes:
- verdaccio_data:/verdaccio/storage
- verdaccio_config:/verdaccio/conf
- verdaccio_plugins:/verdaccio/plugins
ports:
- "4873:4873"
networks:
- proxy
labels:
- "traefik.http.routers.artifacts.rule=Host(`${VERDACCIO_HOST}`)"
- "traefik.http.routers.artifacts.entrypoints=http"
- "traefik.http.services.artifacts.loadbalancer.server.port=4873"
#
#watchtower:
# image: containrrr/watchtower:latest
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock

34
infrastructure/traefik/traefik.yml Normal file
View File

@ -0,0 +1,34 @@
---
global:
sendAnonymousUsage: false
api:
dashboard: true
insecure: true
log:
level: INFO
filePath: /var/log/traefik/traefik.log
accessLog:
filePath: /var/log/traefik/access.log
bufferingSize: 100
providers:
docker:
watch: true
exposedByDefault: false
network: forgejo_proxy
entryPoints:
http:
address: ":80"
http:
redirections:
entrypoint:
to: https
scheme: https
https:
address: ":443"
ssh:
address: ":222"

15
infrastructure/update-ip-addr.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
if [ $# -eq 0 ] ; then
newip=$(ifconfig | grep 0xfff | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v 255 | head -1 | sed 's/\./-/g')
searchStr="s/[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}"
elif [ $# -eq 2 ] ; then
newip=$2
searchStr=$1
else
echo "you must either provide 0 arguments or"
echo "exactly 2 arguments:"
echo "./update-ip-adrr.sh <old-ip-or-dns> <new-ip-or-dns>"
fi
echo $newip
sed -i -e "s/${searchStr}"/"$newip"/g .env
sed -i -e 's/[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}-[0-9]\{1,3\}'/"$newip"/g README.adoc

1
settings.gradle.kts
View File

@ -13,4 +13,5 @@ plugins {
rootProject.name = "ci-demo"
include("app", "list", "utilities")
includeBuild("documentation")