wiki.trwnh.com/content/tech/tutorials/woodpecker-ci.md

# set up woodpecker ci with gitea on arch linux

assuming you already have a working gitea and are only one person, idk

## install server + agent

```sh
yay -S woodpecker-server woodpecker-agent woodpecker-cli
```

## /etc/woodpecker/server.env

```ini
WOODPECKER_HOST=https://ci.trwnh.com
WOODPECKER_SERVER_ADDR=:9663
WOODPECKER_GRPC_ADDR=:9664
WOODPECKER_ADMIN=a
WOODPECKER_AGENT_SECRET=randomlongstring # openssl rand -hex 32
WOODPECKER_GITEA=true
WOODPECKER_GITEA_URL=https://git.trwnh.com
WOODPECKER_GITEA_CLIENT=  # generate from gitea applications
WOODPECKER_GITEA_SECRET=  # generate from gitea applications
```

use `$WOODPECKER_HOST/authorize` as the redirect uri

## /etc/woodpecker/agent.env

```ini
WOODPECKER_SERVER=localhost:9664
WOODPECKER_AGENT_SECRET=randomlongstring  # same secret as the server.env
```

## /etc/gitea/app.ini

```ini
[webhook]
ALLOWED_HOST_LIST=external,loopback
```

## /etc/nginx/sites/ci.trwnh.com.conf

proxy_pass to `$WOODPECKER_SERVER_ADDR`


```nginx
server {
	server_name ci.trwnh.com
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	ssl_certificate /etc/letsencrypt/live/trwnh.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/trwnh.com/privkey.pem;
	include /etc/letsencrypt/options-ssl-nginx.conf;
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

	access_log logs/ci.trwnh.com-access.log main;
	error_log logs/ci.trwnh.com-error.log;

	location / {
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header Host $http_host;

		proxy_pass http://localhost:9663;
		
		proxy_redirect off;
		proxy_http_version 1.1;
		proxy_buffering off;
		chunked_transfer_encoding off;
	}
}

server {
	server_name ci.trwnh.com;
	listen 80;
	listen [::]:80;
	return 301 https://$host$request_uri;
}
```

## the whole point of this got dam thing

.woodpecker.yml

```yaml
pipeline:
  build:
    image: klakegg/hugo
    commands:
	   - hugo
		- |
		    mkdir $HOME/.ssh
			 echo "$SSH_KEY" > $HOME/.ssh/id_ed25519
			 echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts
			 chown 600 $HOME/.ssh/id_ed25519
			 rsync -avHAX public/ trwnh.com:/srv/http/wiki.trwnh.com/public/
  secrets: [SSH_KEY, SSH_KNOWN_HOSTS]
```

[at this point i give up, it's not worth building on every single push]

[i should have just used rsync directly]

~/.ssh/config
```ssh
Host trwnh.com
	HostName trwnh.com
	Port 22222
```

deploy
```sh
#!/bin/bash
rsync -avz --delete public/ trwnh.com:/srv/http/wiki.trwnh.com/public
```

just do `chmod +x deploy` and now i just deploy with

```sh
hugo
./deploy
```
ugh trying to set up woodpecker was a waste of time 2022-12-15 11:14:55 +00:00			`# set up woodpecker ci with gitea on arch linux`

			`assuming you already have a working gitea and are only one person, idk`

			`## install server + agent`

			```sh
			`yay -S woodpecker-server woodpecker-agent woodpecker-cli`
			```

			`## /etc/woodpecker/server.env`

			```ini
			`WOODPECKER_HOST=https://ci.trwnh.com`
			`WOODPECKER_SERVER_ADDR=:9663`
			`WOODPECKER_GRPC_ADDR=:9664`
			`WOODPECKER_ADMIN=a`
			`WOODPECKER_AGENT_SECRET=randomlongstring # openssl rand -hex 32`
			`WOODPECKER_GITEA=true`
			`WOODPECKER_GITEA_URL=https://git.trwnh.com`
			`WOODPECKER_GITEA_CLIENT= # generate from gitea applications`
			`WOODPECKER_GITEA_SECRET= # generate from gitea applications`
			```

			use `$WOODPECKER_HOST/authorize` as the redirect uri

			`## /etc/woodpecker/agent.env`

			```ini
			`WOODPECKER_SERVER=localhost:9664`
			`WOODPECKER_AGENT_SECRET=randomlongstring # same secret as the server.env`
			```

			`## /etc/gitea/app.ini`

			```ini
			`[webhook]`
			`ALLOWED_HOST_LIST=external,loopback`
			```

			`## /etc/nginx/sites/ci.trwnh.com.conf`

			proxy_pass to `$WOODPECKER_SERVER_ADDR`


			```nginx
			`server {`
			`server_name ci.trwnh.com`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`

			`ssl_certificate /etc/letsencrypt/live/trwnh.com/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/trwnh.com/privkey.pem;`
			`include /etc/letsencrypt/options-ssl-nginx.conf;`
			`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;`

			`access_log logs/ci.trwnh.com-access.log main;`
			`error_log logs/ci.trwnh.com-error.log;`

			`location / {`
			`proxy_set_header X-Forwarded-For $remote_addr;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header Host $http_host;`

			`proxy_pass http://localhost:9663;`

			`proxy_redirect off;`
			`proxy_http_version 1.1;`
			`proxy_buffering off;`
			`chunked_transfer_encoding off;`
			`}`
			`}`

			`server {`
			`server_name ci.trwnh.com;`
			`listen 80;`
			`listen [::]:80;`
			`return 301 https://$host$request_uri;`
			`}`
			```

			`## the whole point of this got dam thing`

			`.woodpecker.yml`

			```yaml
			`pipeline:`
			`build:`
			`image: klakegg/hugo`
			`commands:`
			`- hugo`
			`- \|`
			`mkdir $HOME/.ssh`
			`echo "$SSH_KEY" > $HOME/.ssh/id_ed25519`
			`echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts`
			`chown 600 $HOME/.ssh/id_ed25519`
			`rsync -avHAX public/ trwnh.com:/srv/http/wiki.trwnh.com/public/`
			`secrets: [SSH_KEY, SSH_KNOWN_HOSTS]`
			```

			`[at this point i give up, it's not worth building on every single push]`

			`[i should have just used rsync directly]`

			`~/.ssh/config`
			```ssh
			`Host trwnh.com`
			`HostName trwnh.com`
			`Port 22222`
			```

			`deploy`
			```sh
			`#!/bin/bash`
			`rsync -avz --delete public/ trwnh.com:/srv/http/wiki.trwnh.com/public`
			```

			just do `chmod +x deploy` and now i just deploy with

			```sh
			`hugo`
			`./deploy`
			```