126 lines
No EOL
2.5 KiB
Markdown
126 lines
No EOL
2.5 KiB
Markdown
+++
|
|
updated = "2022-12-15"
|
|
+++
|
|
# set up woodpecker ci with gitea on arch linux
|
|
|
|
assuming you already have a working gitea and are only one person, idk
|
|
|
|
## install server + agent
|
|
|
|
```sh
|
|
yay -S woodpecker-server woodpecker-agent woodpecker-cli
|
|
```
|
|
|
|
## /etc/woodpecker/server.env
|
|
|
|
```ini
|
|
WOODPECKER_HOST=https://ci.trwnh.com
|
|
WOODPECKER_SERVER_ADDR=:9663
|
|
WOODPECKER_GRPC_ADDR=:9664
|
|
WOODPECKER_ADMIN=a
|
|
WOODPECKER_AGENT_SECRET=randomlongstring # openssl rand -hex 32
|
|
WOODPECKER_GITEA=true
|
|
WOODPECKER_GITEA_URL=https://git.trwnh.com
|
|
WOODPECKER_GITEA_CLIENT= # generate from gitea applications
|
|
WOODPECKER_GITEA_SECRET= # generate from gitea applications
|
|
```
|
|
|
|
use `$WOODPECKER_HOST/authorize` as the redirect uri
|
|
|
|
## /etc/woodpecker/agent.env
|
|
|
|
```ini
|
|
WOODPECKER_SERVER=localhost:9664
|
|
WOODPECKER_AGENT_SECRET=randomlongstring # same secret as the server.env
|
|
```
|
|
|
|
## /etc/gitea/app.ini
|
|
|
|
```ini
|
|
[webhook]
|
|
ALLOWED_HOST_LIST=external,loopback
|
|
```
|
|
|
|
## /etc/nginx/sites/ci.trwnh.com.conf
|
|
|
|
proxy_pass to `$WOODPECKER_SERVER_ADDR`
|
|
|
|
|
|
```nginx
|
|
server {
|
|
server_name ci.trwnh.com
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/trwnh.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/trwnh.com/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
access_log logs/ci.trwnh.com-access.log main;
|
|
error_log logs/ci.trwnh.com-error.log;
|
|
|
|
location / {
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_pass http://localhost:9663;
|
|
|
|
proxy_redirect off;
|
|
proxy_http_version 1.1;
|
|
proxy_buffering off;
|
|
chunked_transfer_encoding off;
|
|
}
|
|
}
|
|
|
|
server {
|
|
server_name ci.trwnh.com;
|
|
listen 80;
|
|
listen [::]:80;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
```
|
|
|
|
## the whole point of this got dam thing
|
|
|
|
.woodpecker.yml
|
|
|
|
```yaml
|
|
pipeline:
|
|
build:
|
|
image: klakegg/hugo
|
|
commands:
|
|
- hugo
|
|
- |
|
|
mkdir $HOME/.ssh
|
|
echo "$SSH_KEY" > $HOME/.ssh/id_ed25519
|
|
echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts
|
|
chown 600 $HOME/.ssh/id_ed25519
|
|
rsync -avHAX public/ trwnh.com:/srv/http/wiki.trwnh.com/public/
|
|
secrets: [SSH_KEY, SSH_KNOWN_HOSTS]
|
|
```
|
|
|
|
[at this point i give up, it's not worth building on every single push]
|
|
|
|
[i should have just used rsync directly]
|
|
|
|
~/.ssh/config
|
|
```ssh
|
|
Host trwnh.com
|
|
HostName trwnh.com
|
|
Port 22222
|
|
```
|
|
|
|
deploy
|
|
```sh
|
|
#!/bin/bash
|
|
rsync -avz --delete public/ trwnh.com:/srv/http/wiki.trwnh.com/public
|
|
```
|
|
|
|
just do `chmod +x deploy` and now i just deploy with
|
|
|
|
```sh
|
|
hugo
|
|
./deploy
|
|
``` |