ansible-nas/roles/drone-ci/tasks/main.yml

---
- name: Start Drone-CI
  block:
    - name: Check for Gitea installation
      ansible.builtin.fail:
        msg: "Drone-CI requires Gitea enabled and running for authentication, please set that up first."
      when: gitea_enabled is false

    - name: Check for Gitea config
      ansible.builtin.fail:
        msg: "Missing Gitea Oauth2 config! Read https://docs.drone.io/server/provider/gitea/ and set drone_ci_gitea_client_id and drone_ci_gitea_client_secret."
      when: drone_ci_gitea_client_id == "notset"

    - name: Create Drone-CI Directories
      ansible.builtin.file:
        path: "{{ item }}"
        state: directory
      with_items:
        - "{{ drone_ci_data_directory }}"

    - name: Create Drone-CI container
      community.docker.docker_container:
        name: "{{ drone_ci_container_name }}"
        image: drone/drone:2
        pull: true
        volumes:
          - "{{ drone_ci_data_directory }}:/var/lib/drone:rw"
        ports:
          - "{{ drone_ci_port_http }}:80"
        env:
          DRONE_USER_CREATE: "username:{{ drone_ci_admin_user }},admin:true"
          DRONE_SERVER_HOST: "{{ drone_ci_address }}"
          DRONE_RPC_SECRET: "{{ drone_ci_agent_secret }}"
          DRONE_GITEA_SERVER: "{{ drone_ci_gitea_url }}"
          DRONE_GITEA_CLIENT_ID: "{{ drone_ci_gitea_client_id }}"
          DRONE_GITEA_CLIENT_SECRET: "{{ drone_ci_gitea_client_secret }}"
          DRONE_LOGS_DEBUG: "{{ drone_ci_debug_logging | string }}"
          DRONE_SERVER_PROTO: "http"
        restart_policy: unless-stopped
        memory: "{{ drone_ci_memory }}"
        labels:
          traefik.enable: "{{ drone_ci_available_externally | string }}"
          traefik.http.routers.drone_ci.rule: "Host(`{{ drone_ci_hostname }}.{{ ansible_nas_domain }}`)"
          traefik.http.routers.drone_ci.tls.certresolver: "letsencrypt"
          traefik.http.routers.drone_ci.tls.domains[0].main: "{{ ansible_nas_domain }}"
          traefik.http.routers.drone_ci.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
          traefik.http.services.drone_ci.loadbalancer.server.port: "80"

    - name: Create Drone-CI Runner container
      community.docker.docker_container:
        name: "{{ drone_ci_runner_container_name }}"
        image: drone/drone-runner-docker:1
        pull: true
        volumes:
          - "/var/run/docker.sock:/var/run/docker.sock:rw"
        ports:
          - "{{ drone_ci_runner_port_http }}:3000"
        env:
          DRONE_RPC_HOST: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ drone_ci_port_http }}"
          DRONE_RPC_SECRET: "{{ drone_ci_agent_secret }}"
          DRONE_RPC_PROTO: "http"
          DRONE_RUNNER_CAPACITY: "{{ drone_ci_runner_capacity | string }}"
          DRONE_RUNNER_NAME: "{{ drone_ci_runner_name }}"
        restart_policy: unless-stopped
        memory: "{{ drone_ci_agent_memory }}"

    - name: Add webhook allowed hosts to Gitea
      ansible.builtin.blockinfile:
        path: "{{ gitea_data_directory }}/gitea/gitea/conf/app.ini"
        block: |
          [webhook]
          ALLOWED_HOST_LIST=private
          SKIP_TLS_VERIFY=true
      notify: restart gitea
  when: drone_ci_enabled is true

- name: Stop Drone-CI
  block:
    - name: Stop Drone-CI
      community.docker.docker_container:
        name: "{{ drone_ci_container_name }}"
        state: absent

    - name: Stop Drone-CI Runner
      community.docker.docker_container:
        name: "{{ drone_ci_runner_container_name }}"
        state: absent
  when: drone_ci_enabled is false
Add Drone CI 2022-11-06 23:26:26 +00:00			`---`
			`- name: Start Drone-CI`
			`block:`
			`- name: Check for Gitea installation`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`ansible.builtin.fail:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`msg: "Drone-CI requires Gitea enabled and running for authentication, please set that up first."`
			`when: gitea_enabled is false`

			`- name: Check for Gitea config`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`ansible.builtin.fail:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`msg: "Missing Gitea Oauth2 config! Read https://docs.drone.io/server/provider/gitea/ and set drone_ci_gitea_client_id and drone_ci_gitea_client_secret."`
			`when: drone_ci_gitea_client_id == "notset"`

			`- name: Create Drone-CI Directories`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`ansible.builtin.file:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`path: "{{ item }}"`
			`state: directory`
			`with_items:`
			`- "{{ drone_ci_data_directory }}"`

			`- name: Create Drone-CI container`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`community.docker.docker_container:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`name: "{{ drone_ci_container_name }}"`
			`image: drone/drone:2`
			`pull: true`
			`volumes:`
			`- "{{ drone_ci_data_directory }}:/var/lib/drone:rw"`
			`ports:`
			`- "{{ drone_ci_port_http }}:80"`
			`env:`
			`DRONE_USER_CREATE: "username:{{ drone_ci_admin_user }},admin:true"`
			`DRONE_SERVER_HOST: "{{ drone_ci_address }}"`
			`DRONE_RPC_SECRET: "{{ drone_ci_agent_secret }}"`
			`DRONE_GITEA_SERVER: "{{ drone_ci_gitea_url }}"`
			`DRONE_GITEA_CLIENT_ID: "{{ drone_ci_gitea_client_id }}"`
			`DRONE_GITEA_CLIENT_SECRET: "{{ drone_ci_gitea_client_secret }}"`
			`DRONE_LOGS_DEBUG: "{{ drone_ci_debug_logging \| string }}"`
			`DRONE_SERVER_PROTO: "http"`
			`restart_policy: unless-stopped`
			`memory: "{{ drone_ci_memory }}"`
			`labels:`
			`traefik.enable: "{{ drone_ci_available_externally \| string }}"`
			traefik.http.routers.drone_ci.rule: "Host(`{{ drone_ci_hostname }}.{{ ansible_nas_domain }}`)"
			`traefik.http.routers.drone_ci.tls.certresolver: "letsencrypt"`
			`traefik.http.routers.drone_ci.tls.domains[0].main: "{{ ansible_nas_domain }}"`
			`traefik.http.routers.drone_ci.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"`
			`traefik.http.services.drone_ci.loadbalancer.server.port: "80"`

			`- name: Create Drone-CI Runner container`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`community.docker.docker_container:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`name: "{{ drone_ci_runner_container_name }}"`
			`image: drone/drone-runner-docker:1`
			`pull: true`
			`volumes:`
			`- "/var/run/docker.sock:/var/run/docker.sock:rw"`
			`ports:`
			`- "{{ drone_ci_runner_port_http }}:3000"`
			`env:`
			`DRONE_RPC_HOST: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ drone_ci_port_http }}"`
			`DRONE_RPC_SECRET: "{{ drone_ci_agent_secret }}"`
			`DRONE_RPC_PROTO: "http"`
			`DRONE_RUNNER_CAPACITY: "{{ drone_ci_runner_capacity \| string }}"`
			`DRONE_RUNNER_NAME: "{{ drone_ci_runner_name }}"`
			`restart_policy: unless-stopped`
			`memory: "{{ drone_ci_agent_memory }}"`

Fix block indentation 2022-11-08 22:02:45 +00:00			`- name: Add webhook allowed hosts to Gitea`
More FQCNs and linting 2023-04-18 20:58:54 +00:00			`ansible.builtin.blockinfile:`
Fix block indentation 2022-11-08 22:02:45 +00:00			`path: "{{ gitea_data_directory }}/gitea/gitea/conf/app.ini"`
			`block: \|`
			`[webhook]`
			`ALLOWED_HOST_LIST=private`
			`SKIP_TLS_VERIFY=true`
			`notify: restart gitea`
Add Drone CI 2022-11-06 23:26:26 +00:00			`when: drone_ci_enabled is true`

			`- name: Stop Drone-CI`
			`block:`
			`- name: Stop Drone-CI`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`community.docker.docker_container:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`name: "{{ drone_ci_container_name }}"`
			`state: absent`

			`- name: Stop Drone-CI Runner`
Finish switch to FQCNs 2023-04-15 13:11:49 +00:00			`community.docker.docker_container:`
Add Drone CI 2022-11-06 23:26:26 +00:00			`name: "{{ drone_ci_runner_container_name }}"`
			`state: absent`
			`when: drone_ci_enabled is false`