Getting started with Woodpecker CI

 ยท Systeemkabouter

Having moved my personal projects from my selfhosted Gitlab instance to my selfhosted Forgejo instance, there was still the issue of replacing Gitlab-CI.

During this weekend I briefly went back to Jenkins, but I came to the conclusion that it is too involved for what I need. The boilerplate code is to fragile to just edit and run. I also considered a plugin that translates a yaml pipeline definition to jenkins native code, but it still seems a bit of a proof of concept that is not well integrated in the documentation.

A couple of weeks ago at FOSDEM I met people from Codeberg at the codeberg stand and it was suggested to check out Woodpecker CI.

Deploying Woodpecker using Helm

So yesterday I deployed Woodpecker CI to one of my kubernetes environments using the helm chart and some custom values. It did take some trial and error to find out the minimum set of attributes I needed to set to have a successful deployment, but after some time I was able to connect to the WebUI and authenticate. This uses my Codeberg account/organisation which is rather nice and easy.

My cleaned up values.yaml that I used:

agent:
  enabled: true

  env:
    WOODPECKER_SERVER: 'woodpecker-server:9000'
    WOODPECKER_AGENT_SECRET: 'XXXXXXXXXXXX'
    WOODPECKER_BACKEND: kubernetes
    WOODPECKER_BACKEND_K8S_NAMESPACE: XXXXXXXXXXXXXX
    WOODPECKER_BACKEND_K8S_STORAGE_CLASS: ''
    WOODPECKER_BACKEND_K8S_VOLUME_SIZE: 10G
    WOODPECKER_BACKEND_K8S_STORAGE_RWX: false
    WOODPECKER_BACKEND_K8S_POD_LABELS: ''
    WOODPECKER_BACKEND_K8S_POD_ANNOTATIONS: ''
    WOODPECKER_CONNECT_RETRY_COUNT: '1'

server:
  enabled: true

  env:
    WOODPECKER_ADMIN: 'woodpecker,admin'
    WOODPECKER_HOST: 'https://automation.example.org'
    WOODPECKER_AGENT_SECRET: 'XXXXXXXXXXXXXXXX'
    WOODPECKER_OPEN: true
    WOODPECKER_GITEA: true
    WOODPECKER_GITEA_URL: https://codeberg.org/
    WOODPECKER_GITEA_CLIENT: XXXXXXXXXXXXXXXXXX
    WOODPECKER_GITEA_SECRET: XXXXXXXXXXXXXXXXXX

  ingress:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/proxy-body-size: 40m
      nginx.ingress.kubernetes.io/configuration-snippet: |
        more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";

    ingressClassName: 'nginx'

    hosts:
      - host: automation.example.org
        paths:
          - path: /
            backend:
              serviceName: woodpecker-server
              servicePort: 80
    tls:
      - secretName: automation-example-org-tls
        hosts:
          - automation.example.org

helm commands to deploy:

helm repo add woodpecker https://woodpecker-ci.org/
helm repo update 
helm upgrade --install woodpecker woodpecker/woodpecker -f values.yaml

Creating the first pipeline

Today I was fiddling with "My First Woodpecker Pipeline". It took me a couple of hours to get my first working recipe, including secrets handling etc. But when I got it to work, I really liked what I saw. There is really nice integration of pipelines in Woodpecker on the one side and the code repository in Codeberg on the other side. Like seeing pipeline results in merge requests. I was used to having these type of features in Gitlab Premium and it is great to see I can have this level of functionality using pure open source solutions. There is a lot to like in this, I will most certainly do more exploration in this regard.

Screenshot of Woodpecker CI webui for hub.mastodon.nl project

The current Woodpecker deployment I have, is linked to Codeberg to do some automation for Mastodon.nl related tasks. But on this rainy day I will most likely try running it against Forgejo and Gitlab too.

This is my first Woodpecker CI pipeline to deploy updates to the hub.mastodon.nl website. It is still rather crude but it does the job for now:

---

steps:
  - name: deploy
    image: debian
    secrets: [ ssh_private_key ]
    commands:
      - echo "deploying new revision of hub website"
      - apt-get update && apt-get install -y wget rsync ssh
      - wget -q https://github.com/gohugoio/hugo/releases/download/v0.122.0/hugo_0.122.0_Linux-64bit.tar.gz
      - tar -xf hugo*tar.gz
      - chmod 750 hugo
      - mkdir -p ~/.ssh
      - umask 7377; echo "$${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519
      - umask 0022; bin/deploy.sh

Resulting in successful deployment, but also feedback to the pull request on codeberg:

Screenshot of codeberg pull request with Woodpecker feedback

Time for coffee and celebration!