diff --git a/.forgejo/workflows/example-docker-compose-envs.yml b/.forgejo/workflows/example-docker-compose-envs.yml new file mode 100644 index 0000000..52896e6 --- /dev/null +++ b/.forgejo/workflows/example-docker-compose-envs.yml @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: MIT +on: + push: + branches: + - 'main' + pull_request: + +jobs: + example-docker-compose: + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' + runs-on: lxc-bookworm + steps: + - uses: actions/checkout@v4 + + - name: Install docker + run: | + apt-get update -qq + export DEBIAN_FRONTEND=noninteractive + apt-get install -qq -y ca-certificates curl gnupg + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$([ -n "$VERSION_CODENAME" ] && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + apt-get update -qq + apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + docker version + docker compose version + + - name: Test Environment Example + run: | + set -x + cd examples/docker-compose + secret=$(openssl rand -hex 20) + sed -i -e "s/{SHARED_SECRET}/$secret/" compose-forgejo-and-runner-with-envs.yml + cli="docker compose --progress quiet -f compose-forgejo-and-runner-with-envs.yml" + # Launch Forgejo & the runner + # + $cli up -d + for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done + test -f /srv/runner-data/.runner + # + # Run the demo workflow + # + cli="$cli -f compose-demo-workflow.yml" + $cli up -d demo-workflow + # + # Wait for the demo workflow to complete + # + success='DEMO WORKFLOW SUCCESS' + failure='DEMO WORKFLOW FAILURE' + for delay in $(seq 60) ; do + $cli logs demo-workflow > /tmp/out + grep --quiet "$success" /tmp/out && break + grep --quiet "$failure" /tmp/out && break + $cli ps --all + $cli logs --tail=20 runner-daemon demo-workflow + sleep 30 + done + grep --quiet "$success" /tmp/out + $cli logs runner-daemon > /tmp/runner.log + grep --quiet 'Start image=code.forgejo.org/oci/node:20-bookworm' /tmp/runner.log + + - name: full docker compose logs + if: always() + run: | + cd examples/docker-compose + docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml logs diff --git a/examples/docker-compose/compose-forgejo-and-runner-with-envs.yml b/examples/docker-compose/compose-forgejo-and-runner-with-envs.yml new file mode 100644 index 0000000..a84908b --- /dev/null +++ b/examples/docker-compose/compose-forgejo-and-runner-with-envs.yml @@ -0,0 +1,100 @@ +# Copyright 2024 The Forgejo Authors. +# SPDX-License-Identifier: MIT + +# +# Create a secret with: +# +# openssl rand -hex 20 +# +# Replace all occurences of {SHARED_SECRET} below with the output. +# +# NOTE: a token obtained from the Forgejo web interface cannot be used +# as a shared secret. +# +# Replace {ROOT_PASSWORD} with a secure password +# + +volumes: + docker_certs: + +services: + + docker-in-docker: + image: code.forgejo.org/oci/docker:dind + hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost + privileged: true + environment: + DOCKER_TLS_CERTDIR: /certs + DOCKER_HOST: docker-in-docker + volumes: + - docker_certs:/certs + + forgejo: + image: codeberg.org/forgejo/forgejo:1.21 + command: >- + bash -c ' + /bin/s6-svscan /etc/s6 & + sleep 10 ; + su -c "forgejo forgejo-cli actions register --secret {SHARED_SECRET}" git ; + su -c "forgejo admin user create --admin --username root --password {ROOT_PASSWORD} --email root@example.com" git ; + sleep infinity + ' + environment: + FORGEJO__security__INSTALL_LOCK: "true" + FORGEJO__log__LEVEL: "debug" + FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true" + FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "false" + FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions" + volumes: + - /srv/forgejo-data:/data + ports: + - 8080:3000 + + runner-register: + image: code.forgejo.org/forgejo/runner:3.4.1 + links: + - docker-in-docker + - forgejo + environment: + DOCKER_HOST: tcp://docker-in-docker:2376 + volumes: + - /srv/runner-data:/data + user: 0:0 + command: >- + bash -ec ' + while : ; do + forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret {SHARED_SECRET} && break ; + sleep 1 ; + done ; + sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ; + forgejo-runner generate-config > config.yml ; + chown -R 1000:1000 /data + ' + + runner-daemon-envs: + image: code.forgejo.org/forgejo/runner:3.4.1 + links: + - docker-in-docker + - forgejo + environment: + DOCKER_HOST: tcp://docker:2376 + DOCKER_CERT_PATH: /certs/client + DOCKER_TLS_VERIFY: "1" + RUNNER__runner__ENVS: | + DOCKER_HOST=tcp://docker:2376 + DOCKER_TLS_VERIFY=1 + DOCKER_CERT_PATH=/certs/client + RUNNER__runner__LABELS: | + docker:docker://code.forgejo.org/oci/node:20-bookworm + ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04 + RUNNER__container__NETWORK: host + RUNNER__container__OPTIONS: -v /certs/client:/certs/client + RUNNER__container__VALID_VOLUMES: | + /certs/client + volumes: + - /srv/runner-data:/data + - docker_certs:/certs + command: >- + bash -c ' + while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done + '