Introduction
The original Woodpecker reference can be found here.
Woodpecker is a CI tool that was forked from the open source community from drone.io. Woodpecker has no commercial features and will stay free open source software (FOSS). In comparison to GitHub Action it has no integration of Variables that can be set on the Host / in the Pipeline configuration that can be used during the pipeline execution. This makes it especially hard to include more complex information like a SSH key.
Troubleshooting
Info
It seems like it is currently not possible to include SSH keys from the Host system into Pipelines. Using the Secrets feature SSH keys will always create a libcrypto error. And mounting via Docker Volumes is also not working. Currently the fallback solution is using password authentication for
scporsshcommands and only using it within private networks.
Deploy Woodpecker-Service
The setup information for a selfhosted Docker container can be found here. The additional configuration for a gitea integration can be found here.
To summarize these steps: In gitea Woodpecker has to be reigstered as a new Application with a Redirect URI like this:
<http/https>://<ip_or_url_to_woodpecker>:<woodpecker_port>/authorizeThe newly created Client ID and the secret will then have to be added as environment variables to the Woodpecker Docker Compose file as can be seen below. Upon the first start of Woodpecker you will have to accept that Woodpecker is allowed to interface with gitea. Additionally you will have to setup Webhooks to automatically trigger pipelines.
An exemplary Docker Compose file could look like this:
version: '3'
services:
woodpecker-server:
image: woodpeckerci/woodpecker-server:latest
container_name: woodpeckerci_server
ports:
- <webui_port>:8000
volumes:
- <path_to_woodpecker_server_mount>:/var/lib/woodpecker/:rw
environment:
- WOODPECKER_OPEN=true
- WOODPECKER_ADMIN=<username>
- WOODPECKER_HOST=<hhtp/https>://<host_ip>:<webui_port>
- WOODPECKER_GITEA=true
- WOODPECKER_GITEA_URL=<http/https>://<ip_or_url_to_gitea>
- WOODPECKER_GITEA_CLIENT=<gitea_client_id>
- WOODPECKER_GITEA_SECRET=<gitea_client_secret>
- WOODPECKER_AGENT_SECRET=<woodpecker_secret>
woodpecker-agent:
image: woodpeckerci/woodpecker-agent:latest
container_name: woodpeckerci_agent01
command: agent
restart: always
depends_on:
- woodpecker-server
volumes:
- <path_to_woodpecker_agent_mount>:/etc/woodpecker:rw
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WOODPECKER_SERVER=woodpecker-server:9000
- WOODPECKER_AGENT_SECRET=<woodpecker_secret>
volumes:
woodpecker-server-data:
woodpecker-agent-config:Pipelines
An example Woodpecker Pipeline that builds a LaTeX project using the Tectonic Typesetting System and deploys it over SCP can be seen in the following code block. The password for the SCP connection is supplied as a secret through Woodpecker.
steps:
build:
image: dxjoke/tectonic-docker
environment:
- TEX_FOLDER=<relative_path_to_tex_file>
- TEX_FILENAME=<tex_file_name>
commands:
- tectonic -r 1 $TEX_FOLDER/$TEX_FILENAME.tex
deploy:
image: debian
environment:
- TEX_FOLDER=<relative_path_to_tex_file>
- TEX_FILENAME=<tex_file_name>
commands:
- apt-get update -y
- apt-get install openssh-server -y
- apt-get install sshpass -y
- ssh-keyscan <ip_of_remote_file_server> >> /root/.ssh/known_hosts
- sshpass -p $SSH_PWD scp -v $TEX_FOLDER/$TEX_FILENAME.pdf <user_on_remote_server>@<ip_of_remote_file_server>:/<target_file_path>/<target_file_name>.pdf
secrets: [ssh_pwd]Webhooks
To make sure that specific pipelines are triggered by the connected git server it is important to enable and debug the corresponding webhook. To setup webhooks with gitea for instance it is important to set Woodpeckers IP address as one of the allowed hosts. This is explained here Webhooks.
Environment Variables
Woodpecker provides a list of environment varibales that can be used in the pipelines. The list of variables can be found here.