ansible playbook to set up a laminar container Ci build. moved to: https://git.sindominio.net/sindominio/ansible_laminar
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
meskio bf9c3fc2fe
Build images for main branch and tags
2 months ago
keys Add jorge's key 7 months ago
README.md Add a diagram of the architecture 3 years ago
after Add prometheus metrics 4 months ago
base_image.run Pin bullseye as base image 9 months ago
build_image Make it work 3 years ago
build_image.run Improve commit verification 2 months ago
check_updates Check versions of upstream software 1 year ago
check_updates.run Keep the repos of the images 3 years ago
keys.asc Add jorge's key 7 months ago
nginx-registry Build base image 3 years ago
playbook.yml Improve commit verification 2 months ago
update_images Keep the repos of the images 3 years ago
vars.yml Add collaborator keys and vaulted secret 2 years ago
verify_commits Improve commit verification 2 months ago
webhook.conf Build images for main branch and tags 2 months ago

README.md

Set a laminar CI to build your containers.

architecture

                  ...................----------.
.-------.         .  .---------.    | build VM |
| gitea |---http---->| webhook |    '----------'
'-------'         .  '---------'               .
    .             .       |                    .
    .             .       v                    .
    .             .  .---------.               .
    '....git pull...>| laminar |.........      .
                  .  '---------'        v      .
                  .       |    ^   gpg verify  .
                  . docker|    '...git commits .
                  .  push |                    .
                  .       v                    .
                  . .----------.               .
                  . | registry |               .
                  . '----------'               .
                  .       .                    .
                  .  proxy.                    .
                  .       v                    .
                  .   .-------.                .
                  .   | nginx |                .
                  .   '-------'                .
                  ........^.....................
 .--------.               |
 | docker |---------------'
 '--------'  docker pull

webhook

It will configure a webhook to listen in: http://ip:9000/hooks/build_image

The gitea of your organization should be configured to ping this url with {{ secret }} on each push event.

keys

The openpgp keys used to sign git commits are in the keys folder, ansible uses keys.asc to configure them in the server. We can generate this file by concatenating all the keys in one file:

$ cat keys/* > keys.asc