Browse Source

Set up a simple laminar CI server

master
meskio 3 years ago
commit
00fe9e1809
Signed by: meskio
GPG Key ID: 52B8F5AC97A2DA86
  1. 3
      build_image
  2. 13
      build_image.run
  3. 1549
      keys.asc
  4. 1549
      keys/meskio.asc
  5. 98
      playbook.yml
  6. 4
      vars.yml
  7. 43
      webhook.conf

3
build_image

@ -0,0 +1,3 @@
#!/bin/sh
/usr/bin/laminarc queue build_image image=$1

13
build_image.run

@ -0,0 +1,13 @@
#!/bin/bash -ex
git clone {{ repos_url }}/${image}.git
cd ${image}
for commit in `git log --format=%H`
do
git verify-commit $commit || exit 1
done
docker build . -t ${image}
docker tag ${image} {{ registry }}/${image}
docker push {{ registry }}/${image}

1549
keys.asc

File diff suppressed because it is too large Load Diff

1549
keys/meskio.asc

File diff suppressed because it is too large Load Diff

98
playbook.yml

@ -0,0 +1,98 @@
---
- hosts: all
vars_files:
- vars.yml
vars:
laminar_home: "/var/lib/laminar/"
become: yes
pre_tasks:
- name: Update apt cache if needed
apt: update_cache=yes cache_valid_time=3600
handlers:
- name: restart laminar
service: name=laminar state=restarted
- name: restart webhook
service: name=webhook state=restarted
- name: delete keyring
file: dest="{{ laminar_home }}/.gnupg" state=absent
- name: import openpgp keys
command: "gpg --homedir .gnupg --import keys.asc"
args:
chdir: "{{ laminar_home }}"
notify: laminar owns .gnupg
- name: laminar owns .gnupg
file:
path: "{{ laminar_home }}/.gnupg"
owner: laminar
group: laminar
recurse: yes
tasks:
- name: install laminar dependencies
# TODO: docker.io is in buster, but lib* are from stretch
apt: name={{ item }} state=latest
with_items:
- gnupg
- libsqlite3-0
- libboost-filesystem1.62.0
- zlib1g
- docker.io
- name: install laminar
apt:
# laminar is in it's way to get included in debian:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919181
deb: https://github.com/ohwgiles/laminar/releases/download/0.7/laminar-0.7-1-amd64.deb
- name: add laminar to docker group
user: name=laminar group=docker
notify: restart laminar
- name: copy openpgp keys
copy:
src: keys.asc
dest: "{{ laminar_home }}"
owner: laminar
group: laminar
mode: u=rwx,g=rx,o=rx
notify:
- delete keyring
- import openpgp keys
- name: configure build image job
template:
src: build_image.run
dest: "{{ laminar_home }}/cfg/jobs/build_image.run"
owner: laminar
group: laminar
mode: u=rwx,g=rwx,o=rx
- name: enable laminar
service: name=laminar state=started enabled=yes
- name: copy build_image script
copy:
src: build_image
dest: /usr/local/bin/build_image
owner: root
group: root
mode: u=rwx,g=rx,o=rx
- name: install webhook
apt: name=webhook state=latest
- name: configure webhook job
template:
src: webhook.conf
dest: /etc/webhook.conf
owner: laminar
group: laminar
mode: u=rwx,g=rwx,o=rx
notify: restart webhook
- name: enable webhook
service: name=webhook state=started enabled=yes

4
vars.yml

@ -0,0 +1,4 @@
---
secret: "secret"
repos_url: "https://git.sindominio.net/estibadores"
registry: "localhost:5000"

43
webhook.conf

@ -0,0 +1,43 @@
[
{
"id": "build_image",
"execute-command": "/usr/local/bin/build_image",
"pass-arguments-to-command":
[
{
"source": "payload",
"name": "repository.name"
}
],
"trigger-rule":
{
"and":
[
{
"match":
{
"type": "payload-hash-sha1",
"secret": "{{ secret }}",
"parameter":
{
"source": "header",
"name": "X-Hub-Signature"
}
}
},
{
"match":
{
"type": "value",
"value": "ref/heads/master",
"parameter":
{
"source": "payload",
"name": "ref"
}
}
}
]
}
}
]
Loading…
Cancel
Save