Reorganizing configs.
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 8m53s
Gitea Branch PR & Ansible Deployment / Docker Compose & Ansible Lints (push) Failing after 12m35s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Successful in 31s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Failing after 19m9s
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 8m53s
Gitea Branch PR & Ansible Deployment / Docker Compose & Ansible Lints (push) Failing after 12m35s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Successful in 31s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Failing after 19m9s
This commit is contained in:
@@ -0,0 +1,101 @@
|
||||
# Example configuration file, it's safe to copy this as the default config file without any modification.
|
||||
|
||||
# You don't have to copy this file to your instance,
|
||||
# just run `./act_runner generate-config > config.yaml` to generate a config file.
|
||||
|
||||
log:
|
||||
# The level of logging, can be trace, debug, info, warn, error, fatal
|
||||
level: info
|
||||
|
||||
runner:
|
||||
# Where to store the registration result.
|
||||
file: .runner
|
||||
# Execute how many tasks concurrently at the same time.
|
||||
capacity: 3
|
||||
# Extra environment variables to run jobs.
|
||||
# envs:
|
||||
# A_TEST_ENV_NAME_1: a_test_env_value_1
|
||||
# A_TEST_ENV_NAME_2: a_test_env_value_2
|
||||
# Extra environment variables to run jobs from a file.
|
||||
# It will be ignored if it's empty or the file doesn't exist.
|
||||
# env_file: .env
|
||||
# The timeout for a job to be finished.
|
||||
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
|
||||
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
|
||||
timeout: 3h
|
||||
# The timeout for the runner to wait for running jobs to finish when shutting down.
|
||||
# Any running jobs that haven't finished after this timeout will be cancelled.
|
||||
shutdown_timeout: 0s
|
||||
# Whether skip verifying the TLS certificate of the Gitea instance.
|
||||
insecure: false
|
||||
# The timeout for fetching the job from the Gitea instance.
|
||||
fetch_timeout: 5s
|
||||
# The interval for fetching the job from the Gitea instance.
|
||||
fetch_interval: 2s
|
||||
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
|
||||
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
|
||||
# If it's empty when registering, it will ask for inputting labels.
|
||||
# If it's empty when execute `daemon`, will use labels in `.runner` file.
|
||||
labels:
|
||||
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
|
||||
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
|
||||
|
||||
cache:
|
||||
# Enable cache server to use actions/cache.
|
||||
enabled: true
|
||||
# The directory to store the cache data.
|
||||
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
|
||||
dir: ""
|
||||
# The host of the cache server.
|
||||
# It's not for the address to listen, but the address to connect from job containers.
|
||||
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
|
||||
host: "192.168.1.254"
|
||||
# The port of the cache server.
|
||||
# 0 means to use a random available port.
|
||||
port: 63604
|
||||
# The external cache server URL. Valid only when enable is true.
|
||||
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
|
||||
# The URL should generally end with "/".
|
||||
external_server: ""
|
||||
|
||||
container:
|
||||
# Specifies the network to which the container will connect.
|
||||
# Could be host, bridge or the name of a custom network.
|
||||
# If it's empty, act_runner will create a network automatically.
|
||||
network: "compose_default"
|
||||
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
|
||||
privileged: false
|
||||
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
|
||||
options:
|
||||
# The parent directory of a job's working directory.
|
||||
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
|
||||
# If the path starts with '/', the '/' will be trimmed.
|
||||
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
|
||||
# If it's empty, /workspace will be used.
|
||||
workdir_parent:
|
||||
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
|
||||
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
|
||||
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
|
||||
# valid_volumes:
|
||||
# - data
|
||||
# - /src/*.json
|
||||
# If you want to allow any volume, please use the following configuration:
|
||||
# valid_volumes:
|
||||
# - '**'
|
||||
valid_volumes: []
|
||||
# overrides the docker client host with the specified one.
|
||||
# If it's empty, act_runner will find an available docker host automatically.
|
||||
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
|
||||
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
|
||||
docker_host: ""
|
||||
# Pull docker image(s) even if already present
|
||||
force_pull: false
|
||||
# Rebuild docker image(s) even if already present
|
||||
force_rebuild: false
|
||||
|
||||
host:
|
||||
# The parent directory of a job's working directory.
|
||||
# If it's empty, $HOME/.cache/act/ will be used.
|
||||
workdir_parent:
|
||||
@@ -0,0 +1,125 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
APP_NAME = Gitea: Git with a cup of tea
|
||||
RUN_MODE = prod
|
||||
RUN_USER = git
|
||||
WORK_PATH = /data/gitea
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
DEFAULT_PRIVATE = last
|
||||
EMABLE_PUSH_CREATE_USER = true
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = /data/gitea/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data/gitea
|
||||
DOMAIN = git.trez.wtf
|
||||
SSH_DOMAIN = git-ssh.trez.wtf
|
||||
HTTP_PORT = 3000
|
||||
ROOT_URL = https://git.trez.wtf/
|
||||
DISABLE_SSH = false
|
||||
SSH_PORT = 22
|
||||
SSH_LISTEN_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
LFS_JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_LFS_JWT_SECRET'] }}
|
||||
OFFLINE_MODE = true
|
||||
|
||||
[database]
|
||||
PATH = /data/gitea/gitea.db
|
||||
DB_TYPE = postgres
|
||||
HOST = gitea-db:5432
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_PG_DB_PASSWORD'] }}
|
||||
LOG_SQL = false
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||
REPO_INDEXER_ENABLED = true
|
||||
REPO_INDEXER_PATH = indexers/repos.bleve
|
||||
MAX_FILE_SIZE = 1048576
|
||||
REPO_INDEXER_INCLUDE =
|
||||
REPO_INDEXER_EXCLUDE = resources/bin/**
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /data/gitea/sessions
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||
|
||||
[attachment]
|
||||
PATH = /data/gitea/attachments
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
LEVEL = info
|
||||
ROOT_PATH = root
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY =
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||
INTERNAL_TOKEN = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_INTERNAL_TOKEN'] }}
|
||||
PASSWORD_HASH_ALGO = pbkdf2
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
REGISTER_EMAIL_CONFIRM = true
|
||||
ENABLE_NOTIFY_MAIL = true
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ENABLE_CAPTCHA = true
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
|
||||
DEFAULT_ENABLE_TIMETRACKING = false
|
||||
NO_REPLY_ADDRESS = noreply@trez.wtf
|
||||
|
||||
[lfs]
|
||||
PATH = /data/git/lfs
|
||||
|
||||
[mailer]
|
||||
PASSWD = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
||||
PROTOCOL = smtp
|
||||
ENABLED = true
|
||||
FROM = '"Gitea" <noreply@trez.wtf>'
|
||||
SMTP_PORT = 25
|
||||
USER = rinoa/postal-smtp
|
||||
SMTP_ADDR = postal-smtp
|
||||
IS_TLS_ENABLED = faLse
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = true
|
||||
ENABLE_OPENID_SIGNUP = true
|
||||
|
||||
[cron.update_checker]
|
||||
ENABLED = false
|
||||
|
||||
[repository.pull-request]
|
||||
DEFAULT_MERGE_STYLE = merge
|
||||
|
||||
[repository.signing]
|
||||
DEFAULT_TRUST_MODEL = committer
|
||||
|
||||
[oauth2]
|
||||
JWT_SECRET = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_OAUTH2_JWT_SECRET'] }}
|
||||
|
||||
[ui]
|
||||
THEMES =
|
||||
|
||||
[actions]
|
||||
ENABLED = true
|
||||
|
||||
[webhook]
|
||||
ALLOWED_HOST_LIST = private,104.21.1.234,172.67.152.146
|
||||
SKIP_TLS_VERIFY = true
|
||||
@@ -0,0 +1,81 @@
|
||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
||||
{% set secrets_path = 'rinoa-docker/env' %}
|
||||
|
||||
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
||||
gitea:
|
||||
# Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI.
|
||||
url: https://git.trez.wtf
|
||||
|
||||
# Created access token for the user that shall be used as bot account.
|
||||
# User needs "Read project" permissions with access to "Pull Requests"
|
||||
token:
|
||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# file: /path/to/gitea/token
|
||||
|
||||
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
||||
# request will be ignored.
|
||||
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
||||
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
||||
webhook:
|
||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# secretFile: /path/to/gitea/webhook/secret
|
||||
|
||||
# Pull Request status check settings.
|
||||
statusCheck:
|
||||
# Configure the label/name of the PR status check.
|
||||
name: "gitea-sonarqube-bot"
|
||||
|
||||
# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
|
||||
sonarqube:
|
||||
# Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path.
|
||||
url: https://sqube.trez.wtf
|
||||
|
||||
# Created access token for the user that shall be used as bot account.
|
||||
# User needs "Browse on project" permissions
|
||||
token:
|
||||
value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# file: /path/to/sonarqube/token
|
||||
|
||||
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
||||
# request will be ignored.
|
||||
# The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
|
||||
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
||||
# validated.
|
||||
webhook:
|
||||
secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}"
|
||||
# # or path to file containing the plain text secret
|
||||
# secretFile: /path/to/sonarqube/webhook/secret
|
||||
|
||||
# Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc.
|
||||
# By default, the bot will extract "bugs,vulnerabilities,code_smells"
|
||||
# Setting this option you can extend that default list by your own metrics.
|
||||
# additionalMetrics: []
|
||||
# - "new_security_hotspots"
|
||||
|
||||
# List of project mappings to take care of. Webhooks for other projects will be ignored.
|
||||
# At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own.
|
||||
projects:
|
||||
- sonarqube:
|
||||
key: rinoa-docker
|
||||
# A repository specification contains the owner name and the repository name itself. The owner can be the name of a
|
||||
# real account or an organization in which the repository is located.
|
||||
gitea:
|
||||
owner: Trez.One
|
||||
name: rinoa-docker
|
||||
|
||||
# Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema.
|
||||
namingPattern:
|
||||
# Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR.
|
||||
# That integer part is identical to the pull request ID in Gitea.
|
||||
regex: "^.*$"
|
||||
|
||||
# Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID.
|
||||
# See: https://pkg.go.dev/fmt#hdr-Printing
|
||||
template: "%s"
|
||||
|
||||
# Example for integer-only names
|
||||
# # regex: "^(\\d+)$"
|
||||
# # template: "%d"
|
||||
Reference in New Issue
Block a user