<--

Self hosted CI/CD!

Yesterday, i decided that i was tired of using Github Actions to deploy my code from Github. So i decided to self host my own CI/CD. This is mostly because i am not comfortable having port 22 on my web server be publicly accessible on the internet.

To do this, i went down quite the rabbit hole. First i looked at TeamCity from JetBrains as this is what i use at work. It looked promising, however i decided it was too complex and had too many features i did not really care about.

Then i stumbled across Drone, which seemed to fit my use-case. However it has since gotten very corporate when it was bought up, so i decided to go with the open source fork called Woodpecker

This turned out to be a bit of a bigger challenge than i first thought, but i somehow got it up and running in the end. Follow along!

Installing

This was by far the easiest. As i have not gotten around to setting up my Kubernetes cluster yet, and i wanted to start of simple. I just used the docker compose provided by the Woodpecker team.

To provide integration with Github, i use a github Oauth2 App i made in the github UI, this is very well explained in the documentation of Woodpecker.

Now that i have configured the docker compose, i created a VM on cronus and deployed the compose file using Ansible.

Setting up a pipeline

Writing the pipeline was simple enough, as it has a very similar syntax to Github actions. However, i needed a docker image for the pipeline to run in. This actually turned out to be a challenge, as i currently do not have a docker registry in my homelab (i will be setting up Gitea in the future dw).

To solve the docker registry problem, i decided to simply build the image locally on the server. Ansible comes to the rescue again. I wrote a simple playbook that builds the docker image on the VM such that it is available to Woodpecker. Missing registry problem solved!

Now finally, i could make my own image that had all the dependencies for this website!

We were not out of the woods yet however, i still had to figure out how i wanted to transfer the files to the server they will be hosted on. Previously i had used rsync to transfer them into a directory on my web server, and i decided to do something similar this time.

However, since i did not want to put the SSH keys into the docker image. So i ended up adding a private ssh key into the secret store of Woodpecker. This allows rsync to communicate with my web server.

This meant i have to distribute the public key to the web server beforehand, ansible saved the day again.

Pipeline finished

Finally, i could deploy this very website, using woodpecker to my own web server, all without exposing port 22 on the web server to the internet.