ansible playbook to set up a laminar container Ci build
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
meskio c647f768a1
Use the gitea signature header for webhooks
1 month ago
keys Update expired keys 2 months ago
README.md Add a diagram of the architecture 2 years ago
base_image.run Pin bullseye as base image 2 months ago
build_image Make it work 2 years ago
build_image.run Check versions of upstream software 8 months ago
check_updates Check versions of upstream software 8 months ago
check_updates.run Keep the repos of the images 2 years ago
keys.asc Update keys.asc file 2 months ago
nginx-registry Build base image 2 years ago
playbook.yml Cron garbage-collect registry 2 months ago
update_images Keep the repos of the images 2 years ago
vars.yml Add collaborator keys and vaulted secret 1 year ago
webhook.conf Use the gitea signature header for webhooks 1 month ago

README.md

Set a laminar CI to build your containers.

architecture

                  ...................----------.
.-------.         .  .---------.    | build VM |
| gitea |---http---->| webhook |    '----------'
'-------'         .  '---------'               .
    .             .       |                    .
    .             .       v                    .
    .             .  .---------.               .
    '....git pull...>| laminar |.........      .
                  .  '---------'        v      .
                  .       |    ^   gpg verify  .
                  . docker|    '...git commits .
                  .  push |                    .
                  .       v                    .
                  . .----------.               .
                  . | registry |               .
                  . '----------'               .
                  .       .                    .
                  .  proxy.                    .
                  .       v                    .
                  .   .-------.                .
                  .   | nginx |                .
                  .   '-------'                .
                  ........^.....................
 .--------.               |
 | docker |---------------'
 '--------'  docker pull

webhook

It will configure a webhook to listen in: http://ip:9000/hooks/build_image

The gitea of your organization should be configured to ping this url with {{ secret }} on each push event.

keys

The openpgp keys used to sign git commits are in the keys folder, ansible uses keys.asc to configure them in the server. We can generate this file by concatenating all the keys in one file:

$ cat keys/* > keys.asc