feat: initial woodpecker ci server role setup

.ansible-lint

@@ -0,0 +1,23 @@
+---
+
+exclude_paths:
+  - ".gitlab/*"
+  - ".gitlab-ci.yml"
+  - "defaults/main.yaml"
+  - "meta/main.yaml"
+  - "vars/*"
+
+kinds:
+  - playbook: "**/*.{yml,yaml}"
+
+skip_list:
+  - "command-shell"
+  - "experimental"
+  - "git-latest"
+  - "no-changed-when"
+  - "no-handler"
+  - "name[casing]"
+  - "name[template]"
+  - "risky-file-permissions"
+  - "schema[playbook]"
+  - "var-naming[no-role-prefix]"

.gitignore

@@ -0,0 +1 @@
+.ansible

.gitlab-ci.yml

@@ -0,0 +1,13 @@
+---
+
+# gitlab stages
+stages:
+  - "gitleaks"
+  - "linting"
+
+# include components
+include:
+  - component: "$CI_SERVER_FQDN/components/ansible/linting@v3.0.3"
+  - component: "$CI_SERVER_FQDN/components/gitleaks/gitleaks@v1.0.0"
+  - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0"
+  - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2"

.markdownlint-cli2.jsonc

@@ -0,0 +1,12 @@
+{
+  // files to lint
+  "globs": [
+    "readme.md"
+  ],
+  // linting rules
+  "config": {
+    "MD013": {
+      "line_length": 120
+    }
+  }
+}

.yamllint

@@ -0,0 +1,30 @@
+---
+extends: 'default'
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    forbid: true
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: false
+  empty-lines:
+    max: 2
+  indentation:
+    spaces: 2
+    check-multi-line-strings: true
+  line-length:
+    max: 120
+    allow-non-breakable-words: true
+    allow-non-breakable-inline-mappings: true
+  new-line-at-end-of-file: 'enable'
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
+  truthy:
+    allowed-values:
+      - 'true'
+      - 'false'
+  quoted-strings:
+    quote-type: 'any'
+    required: true

meta/main.yaml

@@ -0,0 +1,8 @@
+---
+
+galaxy_info:
+  author: "siempie"
+  description: "install and configure woodpecker ci server"
+  license: "MIT"
+  role_name: "woodpecker"
+dependencies: []

playbook.yaml

@@ -0,0 +1,31 @@
+---
+
+# execute this role
+- name: "install and configure woodpecker"
+  hosts: "all"
+  become: true
+  tasks:
+
+    # due to semaphore bug we need to do this ourselves
+    - name: "force-update requirements"
+      ansible.builtin.command:
+        cmd: "ansible-galaxy install -f -r roles/requirements.yml"
+      become: false
+      delegate_to: "localhost"
+      changed_when: false
+      failed_when: false
+
+    # execute the role
+    - name: "execute role: docker"
+      ansible.builtin.include_role:
+        name: "docker"
+
+    # execute the role
+    - name: "execute role: traefik"
+      ansible.builtin.include_role:
+        name: "traefik"
+
+    # execute the role
+    - name: "execute role: woodpecker"
+      ansible.builtin.include_role:
+        name: "woodpecker"

readme.md

@@ -0,0 +1,3 @@
+# Ansible Role: Woodpecker CI
+
+Install and configure [Woodpecker CI](https://woodpecker-ci.org) - a simple yet powerful CI/CD engine with great extensibility.

renovate.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [ "local>cicd/renovate:ansible" ]
+}

roles/requirements.yml

@@ -0,0 +1,12 @@
+---
+
+roles:
+  - name: "docker"
+    src: "https://gitlab.simoncor.net/ansible/ans-docker.git"
+    scm: "git"
+  - name: "traefik"
+    src: "https://gitlab.simoncor.net/ansible/ans-traefik.git"
+    scm: "git"
+  - name: "woodpecker"
+    src: "https://gitlab.simoncor.net/ansible/ans-woodpecker.git"
+    scm: "git"

tasks/cleanup.yaml

@@ -0,0 +1,14 @@
+---
+
+# cleanup
+- name: "docker - prune all"
+  community.docker.docker_prune:
+    containers: true
+    images: true
+    networks: true
+    volumes: true
+    builder_cache: true
+
+- name: "docker - force prune"
+  ansible.builtin.command: "docker system prune --all --force --volumes"
+  changed_when: false

tasks/main.yaml

@@ -0,0 +1,9 @@
+---
+
+# install woodpecker
+- name: "install woodpecker"
+  ansible.builtin.import_tasks: "woodpecker.yaml"
+
+# cleanup docker
+- name: "cleanup docker"
+  ansible.builtin.import_tasks: "cleanup.yaml"

tasks/woodpecker.yaml

@@ -0,0 +1,68 @@
+---
+
+# create directories
+- name: "create woodpecker directories"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: "directory"
+    owner: "1000"
+    group: "1000"
+    mode: "0755"
+  loop:
+    - "/mnt/woodpecker/data"
+
+# run woodpecker server
+- name: "run woodpecker server"
+  community.docker.docker_container:
+
+    # docker defaults
+    auto_remove: "no"
+    container_default_behavior: "no_defaults"
+    detach: "yes"
+    init: "no"
+    interactive: "no"
+    log_driver: "json-file"
+    log_options:
+      max-size: "10m"
+      max-file: "3"
+    memory: "0"
+    paused: "no"
+    privileged: "no"
+    pull: "always"
+    read_only: "no"
+    state: "started"
+    tty: "no"
+
+    # woodpecker server
+    name: "woodpecker-server"
+    image: "cr.simoncor.net/dockerhub/woodpeckerci/woodpecker-server:v3.5.1"
+    image_name_mismatch: "recreate"
+    restart_policy: "unless-stopped"
+    network_mode: "host"
+    volumes:
+      - "/mnt/woodpecker/data:/data"
+
+    ports:
+      - "8000:8000/tcp"
+
+    env:
+
+      # global
+      TZ: "{{ timezone }}"
+
+      # server
+      WOODPECKER_HOST: "https://ci.simoncor.net"
+      WOODPECKER_SERVER_ADDR: ":8000"
+
+      # database
+      WOODPECKER_DATABASE_DRIVER: "sqlite3"
+      WOODPECKER_DATABASE_DATASOURCE: "/data/woodpecker.db?_journal=WAL"
+
+      # forgejo integration
+      WOODPECKER_FORGEJO: "true"
+      WOODPECKER_FORGEJO_URL: "https://git.simoncor.net"
+      WOODPECKER_FORGEJO_CLIENT: "{{ woodpecker_forgejo_client }}"
+      WOODPECKER_FORGEJO_SECRET: "{{ woodpecker_forgejo_secret }}"
+
+      # agent secret
+      WOODPECKER_AGENT_SECRET: "{{ woodpecker_agent_secret }}"