neon/andre-ci
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
46 commits 1 branch 1 tag 468 KiB
  • Rust 96.5%
  • CSS 3.5%
Find a file
Exact
Jens Pitkanen f2dc099255 Bump version number
2022-12-26 23:05:27 +02:00
andre-builder Bump version number 2022-12-26 23:05:27 +02:00
andre-common Bump version number 2022-12-26 23:05:27 +02:00
andre-server Bump version number 2022-12-26 23:05:27 +02:00
.gitignore Revise configs, bootstrap andre-builder 2022-06-01 16:38:00 +03:00
Cargo.lock Bump version number 2022-12-26 23:05:27 +02:00
Cargo.toml Add andre-common for communication and shared types 2022-06-01 02:51:08 +03:00
LICENSE Add license 2022-06-06 21:17:34 +03:00
README.md Fix readme, add option for no timestamps in logs 2022-12-26 20:49:00 +02:00

README.md

Andre CI

Named after everyone's favourite blacksmith. Andre CI is a simple CI system I'm building for personal usage. If you find value in this, feel free to use it! But if you want new features, maybe consider forking it.

There's currently no authentication anywhere in this crate, all the repositories are assumed to be public information. The communication between the server and the builders is technically encrypted using ring's AEAD mechanism, using the ChaCha20-Poly1305 algorithm with a random nonce shared in plaintext and a shared secret's SHA256 hash as the key, but I would not trust the implementation to be waterproof. All the ring parts are good, but my usage of ring can very well be broken in some way.

Usage

Configuration

Example configuration for builders:

builder_secret = "hunter1"
server_address = "127.0.0.1:4477"
build_directory = "/tmp/andre-ci-builds"

Example configuration for the server:

bind_web = "0.0.0.0:8000"
bind_builders = "0.0.0.0:4477"
builder_secret = "hunter1"
public_url = "https://example.com"
build_log_pages_directory = "/var/lib/andre-ci/build-log-html"
build_artifacts_directory = "/var/lib/andre-ci/build-artifacts"

[gitea]
# Your gitea server url with the /api/v1 path
api_base_url = "https://gitea.server.local/api/v1"
# See "Setting up Gitea webhooks"
webhook_secret = "hunter2"
access_token = "from a user's Settings -> Applications -> Manage Access Tokens menu"

# This describes a Rust project at https://gitea.server.local/alice/crypto-project
[[gitea.project]]
owner = "alice"
repository = "crypto-project"
builder = "Cargo"
targets = ["linux-x86_64"]
artifact_files = ["target/$TARGET/release/crypto-project$EXE_SUFFIX"]

# [[gitea.project]]
# Etc.

And so on. The building pipelines are not programmable, they're built-in and you can pick the fitting one with the "builder" variable. The intention behind this is to fit my simple needs, and perhaps encourage simple build processes.

Setting up Gitea webhooks

To hook up Andre to Gitea webhooks (triggering builds on push), the following need to be set up:

  • Have a webhook secret in the gitea section of andre-server.toml: 
    [gitea]
webhook_secret = "hunter2"
    Note that anyone who knows this secret can pretend to be your Gitea instance and cause new builds to trigger. Generate a proper secret with e.g. 
    openssl rand -hex 16
  • Create a Gitea webhook for your repo/org/gitea with the following settings:
    • Target URL: https://<your-andre-domain>/api/v1/gitea-webhook
    • HTTP Method: POST
    • POST Content Type: application/json
    • Secret: the value from gitea.webhook_secret in the config, in this example hunter2.
    • Trigger On: from Custom Events... select Push and Create under Repository Events.

License