From 0348cf506b096b01cd61bc264a3ad848ac083ec2 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 9 May 2026 12:16:24 -0400 Subject: [PATCH] Initial commit. --- .gitea/workflows/compose-services-readme.yml | 88 +++++ .gitea/workflows/pr-docker-deploy.yml | 325 +++++++++++++++++++ .gitea/workflows/renovate-pr-deploy.yml | 133 ++++++++ .gitea/workflows/renovate.yml | 65 ++++ .gitignore | 2 + README.md | 0 docker-compose.yml | 92 ++++++ renovate.json | 7 + 8 files changed, 712 insertions(+) create mode 100644 .gitea/workflows/compose-services-readme.yml create mode 100644 .gitea/workflows/pr-docker-deploy.yml create mode 100644 .gitea/workflows/renovate-pr-deploy.yml create mode 100644 .gitea/workflows/renovate.yml create mode 100644 .gitignore create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 renovate.json diff --git a/.gitea/workflows/compose-services-readme.yml b/.gitea/workflows/compose-services-readme.yml new file mode 100644 index 0000000..0d38fa3 --- /dev/null +++ b/.gitea/workflows/compose-services-readme.yml @@ -0,0 +1,88 @@ +name: List of Services README Generation + +on: + schedule: + - cron: 30 */2 * * * + workflow_dispatch: + +env: + HC_VAULT_VERSION: "1.21.4" + +jobs: + readme-services: + name: Generate Services List + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + ref: 'main' + submodules: true + + - name: Install yq + uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1 + + - name: Generate .env from Hashicorp Vault + uses: https://git.trez.wtf/Trez/hc-vault-env@main + with: + HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} + HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + HC_VAULT_AUTH: token + HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + HC_VAULT_SECRETS_PATH: rinoa-docker/env + + - name: Find docker-compose YAML files + id: find-compose-files + run: | + COMPOSE_FILES=$(find . -type f -name "docker-compose*.yml" \ + -a ! -name "*windows*" \ + -a ! -name "*gui*" \ + -a ! -name "*macos*" \ + -a ! -name "*hivemind*" \ + -a ! -name "*server*" \ + | sort) + + echo "compose_files<> "$GITHUB_OUTPUT" + echo "$COMPOSE_FILES" >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + + echo "Found Compose files:" + echo "$COMPOSE_FILES" + + - name: Generate combined service list + run: | + echo "Processing combined Compose files:" + echo "${{ steps.find-compose-files.outputs.compose_files }}" + + docker_compose_args="" + while IFS= read -r f; do + [ -z "$f" ] && continue + docker_compose_args="$docker_compose_args -f $f" + done <<< "${{ steps.find-compose-files.outputs.compose_files }}" + + echo "Running: docker compose --env-file .env $docker_compose_args config" + docker compose --env-file .env $docker_compose_args config > combined_compose.yml + + echo "Extracting services..." + yq eval -o=json '.services | to_entries | map({"service": .key, "image": (.value.image | sub("@sha256:.*$"; "") // "N/A")})' combined_compose.yml > temp_services.json + + jq -s add temp_services.json | jq 'unique_by(.service)' > services.json + + - name: Generate Markdown Table + uses: gazab/create-markdown-table@6686233d7008e8d8b9d4bbdbfd1fb1ae510019f0 # v1.0.7 + id: service-table + with: + file: ./services.json + + - name: Regenerate README + run: | + echo "# List of Services" > README.md + echo -e "\n\n" >> README.md + echo "${{ steps.service-table.outputs.table }}" >> README.md + + - name: Add/Commit README.md + id: commit-readme + uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 + with: + message: "chore: Update README" + add: "README.md" \ No newline at end of file diff --git a/.gitea/workflows/pr-docker-deploy.yml b/.gitea/workflows/pr-docker-deploy.yml new file mode 100644 index 0000000..20e3ca9 --- /dev/null +++ b/.gitea/workflows/pr-docker-deploy.yml @@ -0,0 +1,325 @@ +name: Gitea Branch PR & Docker Deployment + +on: + workflow_dispatch: + push: + branches-ignore: + - "main" + paths: + - "**/docker-compose.yml" + +env: + HC_VAULT_VERSION: "1.21.4" + TEA_VERSION: "0.14.0" + +jobs: + check-and-create-pr: + if: github.ref != 'refs/heads/main' + name: Check and Create PR + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + fetch-depth: 1 + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: PR Check @ Benedikta" + notification_message: "Checking for existing PR... 🔍" + + - name: PR Check/Creation + uses: https://git.trez.wtf/Trez/gitea-auto-pr@main + with: + url: ${{ secrets.TREZ_GITEA_URL }} + token: ${{ secrets.BOT_GITEA_TOKEN }} + pr-label: docker-compose,manual + assignee: ${{ github.actor }} + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: PR Check @ Benedikta" + notification_message: "PR Check done 🎟️" + + generate-service-list: + name: Generate list of added/modified/deleted services + runs-on: ubuntu-latest + needs: [check-and-create-pr] + outputs: + svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }} + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Fetch base branch + run: | + git fetch origin ${{ github.event.pull_request.base.ref }} + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Services TBD" + notification_message: "Generating list of services to deploy..." + + - name: Save both versions of docker-compose.yml + run: | + git show origin/main:docker-compose.yml > docker-compose-main.yml || touch docker-compose-main.yml + cp docker-compose.yml docker-compose-head.yml + + - name: Detect added, deleted, and modified services + id: detect_services + run: | + echo "Getting services from main and ${{ github.ref_name }}" + yq '.services | keys | .[]' docker-compose-main.yml | sort > services_main.txt + yq '.services | keys | .[]' docker-compose-head.yml | sort > services_head.txt + + echo "Creating list of modified services..." + touch service_changes.txt + + comm -13 services_main.txt services_head.txt | while read service; do + echo "$service: added" >> service_changes.txt + done + + comm -12 services_main.txt services_head.txt | while read service; do + yq ".services[\"$service\"]" docker-compose-main.yml > tmp_main.yml + yq ".services[\"$service\"]" docker-compose-head.yml > tmp_head.yml + if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then + echo "$service: modified" >> service_changes.txt + fi + done + + echo "Detected service changes:" + cat service_changes.txt + + mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq | tr '\n' ' ' | sed 's/ *$//') + echo "docker_svc_list<> "$GITHUB_OUTPUT" + echo "$mod_svcs" >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + + - name: List of Services for (Re)Deployment + run: | + echo -e "${{ steps.detect_services.outputs.docker_svc_list }}" + + docker-compose-dry-run: + name: Docker Compose Dry Run + needs: [generate-service-list] + runs-on: ubuntu-latest + outputs: + compose_file_list: ${{ steps.compose_file_list.outputs.compose_list }} + env: + VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + VAULT_NAMESPACE: "" + REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} + DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }} + + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USER }} + password: ${{ secrets.GHCR_LOGIN_TOKEN }} + + - name: Login to Private Gitea Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + registry: git.trez.wtf + username: ${{ secrets.BOT_GITEA_USER }} + password: ${{ secrets.BOT_GITEA_PASSWORD }} + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Docker Compose Dry Run @ Benedikta" + notification_message: "Starting Docker Compose dry run..." + + - name: Get list of Compose files + id: compose_file_list + run: | + compose_list=$(find . -type f -name "docker-compose*.yml" \ + -a ! -name "*windows*" \ + -a ! -name "*gui*" \ + -a ! -name "*macos*" \ + -a ! -name "*hivemind*" \ + -a ! -name "*server*" \ + | sed -e ':a;N;$!ba;s/[\r\n]/ /g') + + echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT" + echo "Compose files: $compose_list" + + - name: Generate .env from Hashicorp Vault + uses: https://git.trez.wtf/Trez/hc-vault-env@main + with: + HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} + HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + HC_VAULT_AUTH: token + HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + HC_VAULT_SECRETS_PATH: benedikta-docker/env + + - name: Docker Compose Dry Run + uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0 + with: + mode: compose + file: ${{ steps.compose_file_list.outputs.compose_list }} + name: "benedikta" + host: 192.168.1.240 + user: charish + ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} + args: --remove-orphans --dry-run ${{ needs.generate-service-list.outputs.svc_deploy_list }} + env_file: ".env" + summary: true + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Docker Compose Dry Run @ Benedikta" + notification_message: "Docker Compose dry run completed successfully." + + pr-merge: + name: PR Merge + needs: [generate-service-list, docker-compose-dry-run] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Cache tea CLI + id: cache-tea + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64 + key: tea-${{ runner.os }}-${{ env.TEA_VERSION }} + + - name: Install tea + uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1 + with: + uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64 + name: tea + version: ${{ env.TEA_VERSION }} + + - name: PR Merge + id: pr_merge + run: | + tea login add --name gitea-rinoa --url ${{ secrets.TREZ_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} + tea login default gitea-rinoa + echo "Merging PR..." + pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g') + tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index} + echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: PR Merge Successful" + notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged." + + docker-compose-deploy: + name: Docker Compose Deployment + runs-on: ubuntu-latest + needs: [generate-service-list, docker-compose-dry-run, pr-merge] + env: + VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + ref: main + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + continue-on-error: true + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + continue-on-error: true + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USER }} + password: ${{ secrets.GHCR_LOGIN_TOKEN }} + + - name: Login to Private Gitea Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + continue-on-error: true + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + registry: git.trez.wtf + username: ${{ secrets.BOT_GITEA_USER }} + password: ${{ secrets.BOT_GITEA_PASSWORD }} + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Docker Compose Deployment @ Benedikta" + notification_message: "Starting Docker Compose run..." + + - name: Generate .env from Hashicorp Vault + uses: https://git.trez.wtf/Trez/hc-vault-env@main + with: + HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} + HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + HC_VAULT_AUTH: token + HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + HC_VAULT_SECRETS_PATH: benedikta-docker/env + + - name: Docker Compose Deployment + uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0 + with: + mode: compose + file: ${{ needs.docker-compose-dry-run.outputs.compose_file_list }} + name: "benedikta" + host: 192.168.1.240 + user: charish + ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} + args: --remove-orphans ${{ needs.generate-service-list.outputs.svc_deploy_list }} + env_file: ".env" + summary: true + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Docker Compose Deployment @ Benedikta" + notification_message: "Deployment completed successfully." diff --git a/.gitea/workflows/renovate-pr-deploy.yml b/.gitea/workflows/renovate-pr-deploy.yml new file mode 100644 index 0000000..b7adbbc --- /dev/null +++ b/.gitea/workflows/renovate-pr-deploy.yml @@ -0,0 +1,133 @@ +name: Renovate PR Deployment + +on: + workflow_dispatch: + pull_request: + types: [closed] + branches: + - main + paths: + - "**/docker-compose*.yml" + +env: + VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + HC_VAULT_VERSION: "1.21.4" + +jobs: + deploy: + name: Renovate PR Deployment + if: | + github.event.pull_request.merged == true && + github.event.pull_request.user.login == 'renovate-bot' + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + fetch-depth: 0 + + - name: Save docker-compose.yml after merge (new) + run: | + git show origin/main:docker-compose.yml > docker-compose-new.yml + + - name: Detect services with image tag/digest changes + id: detect_services + run: | + set -euo pipefail + + echo "Flattening docker-compose files..." + yq eval '... comments=""' docker-compose-old.yml > docker-compose-old-flat.yml + yq eval '... comments=""' docker-compose-new.yml > docker-compose-new-flat.yml + + echo "Getting service names..." + yq eval '.services | keys | .[]' docker-compose-old-flat.yml | sort > services_old.txt + yq eval '.services | keys | .[]' docker-compose-new-flat.yml | sort > services_new.txt + + echo "Checking for image changes..." + : > service_changes.txt + + comm -12 services_old.txt services_new.txt | while read service; do + old_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-old-flat.yml) + new_image=$(yq eval-all --yaml-fix-merge-anchor-to-spec=true ".services[\"$service\"].image // \"\"" docker-compose-new-flat.yml) + + if [ "$old_image" != "$new_image" ]; then + echo "$service" >> service_changes.txt + fi + done + + echo "Detected services with changed images:" + cat service_changes.txt || true + + # Prepare multiline output for GitHub Actions + echo "docker_svc_list<> "$GITHUB_OUTPUT" + sort -u service_changes.txt >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + + - name: List of Services for (Re)Deployment + run: | + echo -e "${{ steps.services.outputs.docker_svc_list }}" + + - name: Login to Docker Hub + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USER }} + password: ${{ secrets.GHCR_LOGIN_TOKEN }} + + - name: Login to Private Gitea Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + env: + DOCKER_HOST: tcp://192.168.1.240:2375 + with: + registry: git.trez.wtf + username: ${{ secrets.BOT_GITEA_USER }} + password: ${{ secrets.BOT_GITEA_PASSWORD }} + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Benedikta" + notification_message: "Starting Docker Compose run..." + + - name: Generate .env from Hashicorp Vault + uses: https://git.trez.wtf/Trez/hc-vault-env@main + with: + HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} + HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + HC_VAULT_AUTH: token + HC_VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} + HC_VAULT_SECRETS_PATH: benedikta-docker/env + + - name: Docker Compose Deployment + uses: cssnr/stack-deploy-action@28c3c6f42b225af7100652b459621c0c966fd901 # v1.5.0 + with: + mode: compose + file: ${{ steps.compose_file_list.outputs.compose_list }} + name: "benedikta" + host: 192.168.1.250 + user: charish + ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} + args: --remove-orphans ${{ steps.services.outputs.docker_svc_list }} + env_file: ".env" + summary: true + + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Benedikta" + notification_message: "Deployment completed successfully." diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows/renovate.yml new file mode 100644 index 0000000..7cbfc5c --- /dev/null +++ b/.gitea/workflows/renovate.yml @@ -0,0 +1,65 @@ +name: Renovate + +on: + schedule: + - cron: "0/30 * * * *" + workflow_dispatch: + +env: + RENOVATE_VERSION: "42.50.3" + +jobs: + renovate: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Renovate Run + env: + DOCKER_HOST: tcp://dockerproxy:2375 + RENOVATE_PLATFORM: gitea + RENOVATE_ENDPOINT: https://git.trez.wtf/api/v1 + RENOVATE_TOKEN: ${{ secrets.RENOVATE_BOT_TOKEN }} + LOG_LEVEL: ${{ vars.RENOVATE_LOG_LEVEL }} + RENOVATE_GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_TOKEN }} + RENOVATE_CONFIG_FILE: renovate.json + RENOVATE_REPOSITORIES: trez/benedikta-ovos + RENOVATE_HOST_RULES: | + [ + { + "description": "Docker Hub authentication", + "hostType": "docker", + "matchHost": "docker.io", + "username": "${{ secrets.DOCKERHUB_USER }}", + "password": "${{ secrets.DOCKERHUB_PASSWORD }}" + }, + { + "description": "GitHub Container Registry (GHCR)", + "hostType": "docker", + "matchHost": "ghcr.io", + "username": "${{ secrets.GHCR_USER }}", + "password": "${{ secrets.GHCR_LOGIN_TOKEN }}" + }, + { + "description": "Self-hosted Gitea Docker Registry", + "hostType": "docker", + "matchHost": "git.trez.wtf", + "username": "${{ secrets.BOT_GITEA_USER }}", + "password": "${{ secrets.BOT_GITEA_PASSWORD }}" + } + ] + run: | + docker run --rm \ + -e RENOVATE_PLATFORM \ + -e RENOVATE_ENDPOINT \ + -e RENOVATE_TOKEN \ + -e LOG_LEVEL \ + -e RENOVATE_GITHUB_COM_TOKEN \ + -e RENOVATE_CONFIG_FILE \ + -e RENOVATE_REPOSITORIES \ + -e RENOVATE_HOST_RULES \ + --volumes-from ${{ env.JOB_CONTAINER_NAME }} \ + -w ${GITHUB_WORKSPACE} \ + renovate/renovate:${{ env.RENOVATE_VERSION }}-full diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8fce4b2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +**/.env +**/.cache_ggshield \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ced48e8 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,92 @@ +name: paine +services: + beszel-agent: + container_name: beszel-agent + environment: + LISTEN: 45876 + KEY: ${BESZEL_PAINE_AGENT_KEY} + TOKEN: ${BESZEL_PAINE_TOKEN} + HUB_URL: http://192.168.1.254:22220 + expose: + - 45876 + image: henrygd/beszel-agent:latest@sha256:8874e2c53f9de5e063a6a80d6b617e20fa593ac5dc4eb4c6ce1f912f510f38f8 + network_mode: host + restart: unless-stopped + volumes: + - beszel-agent-data:/var/lib/beszel-agent + - /var/run/docker.sock:/var/run/docker.sock:ro + - /dev/mmcblk0:/extra-filesystems/dev/mmcblk0:ro + docker-socket-proxy: + container_name: dockerproxy + environment: + AUTH: 1 + BUILD: 1 + COMMIT: 1 + CONFIGS: 1 + CONTAINERS: 1 + DISTRIBUTION: 1 + EVENTS: 1 + EXEC: 1 + GPRC: 1 + IMAGES: 1 + INFO: 1 + NETWORKS: 1 + NODES: 1 + POST: 1 + PLUGINS: 1 + SERVICES: 1 + SESSION: 1 + SYSTEM: 1 + TASKS: 1 + VOLUMES: 1 + LOG_LEVEL: debug + image: ghcr.io/tecnativa/docker-socket-proxy:latest@sha256:1f3a6f303320723d199d2316a3e82b2e2685d86c275d5e3deeaf182573b47476 + ports: + - 2375:2375 + privileged: true + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + portainer-agent: + container_name: portainer_agent + image: portainer/agent:latest@sha256:7af856876dcb2778108bf6846f3da31b176443db90e3de31fcfdf17e5ab7857e + volumes: + - /:/host + - /var/lib/docker/volumes:/var/lib/docker/volumes + - /var/run/docker.sock:/var/run/docker.sock + restart: always + ports: + - 9001:9001 + raspap: + container_name: raspap + image: ghcr.io/raspap/raspap-docker:latest + ports: + - "8081:8081" + privileged: true + network_mode: host + cgroup: host + environment: + RASPAP_SSID: raspap-webgui + RASPAP_SSID_PASS: ${RASPAP_SSID_PASS} + RASPAP_COUNTRY: US + RASPAP_WEBGUI_USER: admin + RASPAP_WEBGUI_PASS: ${RASPAP_WEBGUI_PASS} + RASPAP_WEBGUI_PORT: 8081 + cap_add: + - SYS_ADMIN + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + restart: unless-stopped + signoz-logspout: + command: signoz://192.168.1.254:8082 + container_name: signoz-logspout + environment: + ENV: prod + SIGNOZ_LOG_ENDPOINT: http://192.168.1.254:8082 + image: pavanputhra/logspout-signoz@sha256:6da8ce12279a5262de8b2d5c083ce82d4c878c4eab702b4d328afe147ed7553b + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock +volumes: + beszel-agent-data: + name: beszel-agent-data diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..21dfd1b --- /dev/null +++ b/renovate.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["local>trez/renovate-config"], + "git-submodules": { + "enabled": true + } +}