tech/sendico
2
0
Fork 0
Code Issues 22 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
main
sendico/infra/woodpecker/docker-compose.yml
Stephan D 68707d5c62 first db deployment script
2025-11-07 00:59:08 +01:00

121 lines
3.9 KiB
YAML
Raw Permalink Blame History

networks:
cicd:
external: true
secrets:
woodpecker_vault_role_id:
external: true
woodpecker_vault_secret_id:
external: true
configs:
woodpecker_vault_agent_hcl:
file: ./vault/agent.hcl
tpl_agent_secret:
file: ./vault/templates/agent_secret.ctmpl
tpl_gitea_client_id:
file: ./vault/templates/gitea_client_id.ctmpl
tpl_gitea_client_secret:
file: ./vault/templates/gitea_client_secret.ctmpl
tpl_pg_dsn:
file: ./vault/templates/pg_dsn.ctmpl
volumes:
vault_secrets:
driver: local
driver_opts:
type: tmpfs
device: tmpfs
o: size=32m,uid=0,gid=0,mode=0750
services:
vault-agent-woodpecker:
image: hashicorp/vault:latest
networks: [cicd]
cap_add: ["IPC_LOCK"]
environment:
VAULT_ADDR: "http://vault:8200" # or your HTTPS URL
secrets:
- source: woodpecker_vault_role_id
target: /vault/secrets/role_id
- source: woodpecker_vault_secret_id
target: /vault/secrets/secret_id
volumes:
- vault_secrets:/vault/secrets:rw
configs:
- source: woodpecker_vault_agent_hcl
target: /etc/vault/agent.hcl
- source: tpl_agent_secret
target: /etc/vault/templates/agent_secret.ctmpl
- source: tpl_gitea_client_id
target: /etc/vault/templates/gitea_client_id.ctmpl
- source: tpl_gitea_client_secret
target: /etc/vault/templates/gitea_client_secret.ctmpl
- source: tpl_pg_dsn
target: /etc/vault/templates/pg_dsn.ctmpl
command: [ "sh", "-lc", "vault agent -config=/etc/vault/agent.hcl" ]
healthcheck:
test: ["CMD-SHELL", "test -s /vault/secrets/agent_secret -a -s /vault/secrets/gitea_client_id -a -s /vault/secrets/gitea_client_secret -a -s /vault/secrets/pg_dsn" ]
interval: 10s
timeout: 3s
retries: 30
woodpecker-server:
image: woodpeckerci/woodpecker-server:latest
networks: [cicd]
depends_on: [vault-agent-woodpecker]
volumes:
- vault_secrets:/vault/secrets:ro
environment:
WOODPECKER_HOST: "https://ci.sendico.io"
WOODPECKER_OPEN: "false"
# Gitea (now your URL)
WOODPECKER_GITEA: "true"
WOODPECKER_GITEA_URL: "https://git.sendico.io"
WOODPECKER_GITEA_CLIENT_FILE: "/vault/secrets/gitea_client_id"
WOODPECKER_GITEA_SECRET_FILE: "/vault/secrets/gitea_client_secret"
# Agent shared secret (lowercase file, env stays uppercase)
WOODPECKER_AGENT_SECRET_FILE: "/vault/secrets/agent_secret"
# Postgres (from Vault Agent rendered file)
WOODPECKER_DATABASE_DRIVER: "postgres"
WOODPECKER_DATABASE_DATASOURCE_FILE: "/vault/secrets/pg_dsn"
WOODPECKER_BACKEND_DOCKER_NETWORK: "cicd"
deploy:
labels:
traefik.enable: "true"
traefik.docker.network: "cicd"
traefik.http.routers.woodpecker-server.rule: "Host(`ci.sendico.io`)"
traefik.http.routers.woodpecker-server.entrypoints: "websecure"
traefik.http.routers.woodpecker-server.tls: "true"
traefik.http.routers.woodpecker-server.tls.certresolver: "letsencrypt"
traefik.http.services.woodpecker-server.loadbalancer.server.port: "3000"
healthcheck:
test: ["CMD", "/bin/woodpecker-server", "ping"]
interval: 10s
timeout: 3s
retries: 10
start_period: 20s
woodpecker-agent:
image: woodpeckerci/woodpecker-agent:latest
networks: [cicd]
depends_on: [woodpecker-server, vault-agent-woodpecker]
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- vault_secrets:/vault/secrets:ro
environment:
WOODPECKER_SERVER: "woodpecker-server:9000" # gRPC in overlay
WOODPECKER_AGENT_SECRET_FILE: "/vault/secrets/agent_secret"
WOODPECKER_BACKEND: "docker"
WOODPECKER_BACKEND_DOCKER_NETWORK: "cicd"
WOODPECKER_MAX_WORKFLOWS: "2"
healthcheck:
test: ["CMD", "/bin/woodpecker-agent", "ping"]
interval: 10s
timeout: 3s
retries: 10
start_period: 20s
Reference in New Issue View Git Blame Copy Permalink