commit d05174df8f108a7bc13249e8caaf40515c3cbe7a Author: Alexilator Date: Sat Aug 31 22:25:41 2024 +0200 changes diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..5c2b7f3 --- /dev/null +++ b/.env.sample @@ -0,0 +1,6 @@ +FORGEJO_VERSION=1.21 +RUNNER_VERSION=3.4.1 +CI_TOKEN=TOKEN20CHARACTERS +ADMIN_PASSWORD=sup3rS3cretp4ssw0rd +ADMIN_EMAIL=your@email.com +ADMIN_USERNAME=admin diff --git a/README.md b/README.md new file mode 100644 index 0000000..94d5420 --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +# Introduction +In this repo I am documenting how to setup your own selfhosted git platform complete with CI/CD using forgejo. +# Steps: +1. Setup folder +2. customize `compose.yml` +# Setup folder +In your appdata folder create new folder called `forgejo`. In my case it's `~/apps/forgejo`. +`cd` into the forgejo folder and create a `compose.yml` using your editor of choice. In my case it's `vim compose.yml`. +Paste the contents of the `compose.yml` file in this repository. +Copy the contents of the `.env.sample` inside this repo into the folder and rename it to `.env`. +Random string `openssl rand -hex 20` +# Edit `compose.yml` +The docker compose file is setup for forgejo to be used with a reverse-proxy, which if you want to use it from outside your home network, I strongly suggest. +It expects to be run with a network called `proxy`. If your network is called differently you have to change the file accordingly. +# Initial startup +Run `docker-compose up -d && docker-compose logs -f` in order to follow the initial startup process. +The first startup will create your administrative user according to the `ADMIN_USERNAME`, `ADMIN_PASSWORD` and `ADMIN_EMAIL` variables you set in the `.env` file. +Furthermore a ci-runner will be registered to your forgejo instance through the `runner-register` container and the `command` inside the forgejo container. +After about 20 seconds you can stop following the logs with `ctrl+c`. Afterwards stop the stack by running `docker-compose down`. +# Cleanup `compose.yml` +After the initial startup is completed you have to make some changes to the `compose.yml`. +The first startup handled the creation of your admin user and the registration of the ci-runner. +These sections are not needed anymore. +1. Remove the `command` section from the `forgejo` container. +2. Remove the `runner-register` container definition from the compose file. +# Configure Forgejo +After cleaning up the `compose.yml` file you can now configure forgejo. +The data for the `forgejo` container is stored in the `app` folder. +Using your editor of choice you can edit the `app/gitea/conf/app.ini` file. +Inside the `app.ini` there are some things you have to change and also some you can change if you like to, starting with the `APP_NAME`. +Inside the `[server]` section you have to change the `ROOT_URL` for forgejo to work properly generating URLs like clone URLs etc. +Change it to your domain and subdomain combination like `https://forgejo.mydomain.com`. +Optionally, if you plan to use your forgejo instance as a package registry for example for docker container images, you can change the ini file and add the following: +```ini +[packages] +ENABLED = true +``` +Lastly I would suggest to change the default source for runner containers in the ini file to `https://github.com` as there a way more available predefined actions. +Browse them in in the [actions]("https://github.com/marketplace?type=actions") section of the github marketplace +```ini +[actions] +DEFAULT_ACTIONS_URL = https://github.com +``` + +# Final word +Congratulations! Your forgejo instance is now up and running, all together with a CI/CD pipeline runner. + diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..6c430b1 --- /dev/null +++ b/compose.yml @@ -0,0 +1,95 @@ +volumes: + docker_certs: + +services: + + docker-in-docker: + image: code.forgejo.org/oci/docker:dind + hostname: docker # Must set hostname as TLS certificates are only valid for docker or localhost + privileged: true + environment: + DOCKER_TLS_CERTDIR: /certs + DOCKER_HOST: docker-in-docker + volumes: + - docker_certs:/certs + networks: + - backend + + forgejo: + image: codeberg.org/forgejo/forgejo:${FORGEJO_VERSION} + env_file: .env + command: >- + bash -c ' + /bin/s6-svscan /etc/s6 & + sleep 10 ; + su -c "forgejo forgejo-cli actions register --secret $CI_TOKEN" git ; + su -c "forgejo admin user create --admin --username $ADMIN_USERNAME --password $ADMIN_PASSWORD --email $ADMIN_EMAIL" git ; + sleep infinity + ' + environment: + FORGEJO__security__INSTALL_LOCK: "true" + FORGEJO__log__LEVEL: "debug" + FORGEJO__repository__ENABLE_PUSH_CREATE_USER: "true" + FORGEJO__repository__DEFAULT_PUSH_CREATE_PRIVATE: "true" + FORGEJO__repository__DEFAULT_REPO_UNITS: "repo.code,repo.actions" + volumes: + - ./app:/data + ports: + - 8080:3000 + networks: + - backend + - proxy + + runner-register: + image: code.forgejo.org/forgejo/runner:${RUNNER_VERSION} + env_file: .env + links: + - docker-in-docker + - forgejo + environment: + DOCKER_HOST: tcp://docker-in-docker:2376 + volumes: + - ./runner:/data + user: 0:0 + command: >- + bash -ec ' + while : ; do + forgejo-runner create-runner-file --connect --instance http://forgejo:3000 --name runner --secret $CI_TOKEN && break ; + sleep 1 ; + done ; + sed -i -e "s|\"labels\": null|\"labels\": [\"docker:docker://code.forgejo.org/oci/node:20-bookworm\", \"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04\"]|" .runner ; + forgejo-runner generate-config > config.yml ; + sed -i -e "s|network: .*|network: host|" config.yml ; + sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://docker:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; + sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; + sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; + chown -R 1000:1000 /data + ' + networks: + - backend + + runner-daemon: + image: code.forgejo.org/forgejo/runner:${RUNNER_VERSION} + env_file: .env + links: + - docker-in-docker + - forgejo + environment: + DOCKER_HOST: tcp://docker:2376 + DOCKER_CERT_PATH: /certs/client + DOCKER_TLS_VERIFY: "1" + volumes: + - ./runner:/data + - docker_certs:/certs + command: >- + bash -c ' + while : ; do test -w .runner && forgejo-runner --config config.yml daemon ; sleep 1 ; done + ' + networks: + - backend + +networks: + proxy: + external: true + backend: + driver: bridge