This commit is contained in:
parent
b3573bb36a
commit
351ca1d128
SSH key fingerprint:
SHA256:bsA1SKZxuEcEVHAy3gY1HUeM5ykRJl0U0kQHQn0hMg8
6 changed files with 824 additions and 31 deletions
163
content/blog/forgejo-setup.md
Normal file
163
content/blog/forgejo-setup.md
Normal file
|
|
@ -0,0 +1,163 @@
|
|||
+++
|
||||
title = "Setting Forgejo and Forgejo actions with `Docker Compose`, with `Nix` based actions"
|
||||
date = 2025-08-26
|
||||
|
||||
[taxonomies]
|
||||
tags = ["forgejo", "nix", "CI", "actions", "docker"]
|
||||
+++
|
||||
|
||||
## Docker Compose Configuration
|
||||
```yaml
|
||||
traefik:
|
||||
# ...
|
||||
command:
|
||||
# ...
|
||||
- "--entrypoints.ssh.address=:222"
|
||||
ports:
|
||||
# ...
|
||||
- "222:222"
|
||||
forgejo:
|
||||
container_name: forgejo
|
||||
image: codeberg.org/forgejo/forgejo:11
|
||||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- FORGEJO__database__DB_TYPE=postgres
|
||||
- FORGEJO__database__HOST=pgforgejo:5432
|
||||
- FORGEJO__database__NAME=forgejo
|
||||
- FORGEJO__database__USER=forgejo
|
||||
- FORGEJO__database__PASSWD=forgejo
|
||||
restart: always
|
||||
networks:
|
||||
- forgejo
|
||||
- <network name>
|
||||
volumes:
|
||||
- ./forgejo:/data
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
# ports:
|
||||
# - "3000:3000"
|
||||
# - "222:22"
|
||||
depends_on:
|
||||
- pgforgejo
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.forgejo.rule=Host(`git.example.com`)"
|
||||
- "traefik.http.routers.forgejo.entrypoints=websecure"
|
||||
- "traefik.http.routers.forgejo.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.forgejo.service=forgejo"
|
||||
|
||||
- "traefik.http.routers.forgejo-http.rule=Host(`git.example.com`)"
|
||||
- "traefik.http.routers.forgejo-http.entrypoints=web"
|
||||
- "traefik.http.routers.forgejo-http.middlewares=forgejo-redirect"
|
||||
- "traefik.http.middlewares.forgejo-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.forgejo-redirect.redirectscheme.permanent=true"
|
||||
|
||||
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
|
||||
- "traefik.docker.network=<network name>"
|
||||
- "traefik.tcp.routers.forgejo-ssh.entrypoints=ssh"
|
||||
- "traefik.tcp.routers.forgejo-ssh.rule=HostSNI(`*`)"
|
||||
- "traefik.tcp.routers.forgejo-ssh.service=forgejo-ssh"
|
||||
- "traefik.tcp.services.forgejo-ssh.loadbalancer.server.port=22"
|
||||
|
||||
pgforgejo:
|
||||
container_name: pgforgejo
|
||||
image: postgres:17.6-alpine
|
||||
restart: always
|
||||
environment:
|
||||
- POSTGRES_USER=forgejo
|
||||
- POSTGRES_PASSWORD=forgejo
|
||||
- POSTGRES_DB=forgejo
|
||||
networks:
|
||||
- forgejo
|
||||
volumes:
|
||||
- ./pgforgejo:/var/lib/postgresql/data
|
||||
|
||||
docker-in-docker:
|
||||
container_name: docker-dind
|
||||
image: docker:dind
|
||||
privileged: "true"
|
||||
command: ["dockerd", "-H", "tcp://0.0.0.0:2375", "--tls=false"]
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
- forgejo
|
||||
|
||||
forgejo-action:
|
||||
container_name: "forgejo-action"
|
||||
image: "data.forgejo.org/forgejo/runner:9"
|
||||
links:
|
||||
- docker-in-docker
|
||||
depends_on:
|
||||
docker-in-docker:
|
||||
condition: service_started
|
||||
environment:
|
||||
DOCKER_HOST: tcp://docker-in-docker:2375
|
||||
networks:
|
||||
- forgejo
|
||||
# User without root privileges, but with access to `./data`.
|
||||
user: 1001:1001
|
||||
volumes:
|
||||
- ./forgejo-data:/data
|
||||
restart: "unless-stopped"
|
||||
# command: '/bin/sh -c "while : ; do sleep 1 ; done ;"'
|
||||
command: '/bin/sh -c "sleep 5; forgejo-runner daemon"'
|
||||
```
|
||||
|
||||
## Forgejo Actions
|
||||
```json
|
||||
# .runner
|
||||
{
|
||||
"WARNING": "This file is automatically generated by act-runner. Do not edit it manually unless you know what you are doing. Removing this file will cause act runner to re-register as a new runner.",
|
||||
"id": 1,
|
||||
"uuid": "****",
|
||||
"name": "<runner name>",
|
||||
"token": "****",
|
||||
"address": "https://git.example.com",
|
||||
"labels": [
|
||||
"bookworm:docker://node:24-bookworm",
|
||||
"nix-base:docker://docker.nix-community.org/nixpkgs/nix-unstable:latest",
|
||||
"nix:docker://git.nexveridian.com/nexveridian/action-attic:latest"
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
### Available runner images
|
||||
- bookworm: closest to GitHub actions
|
||||
- nix-base: for bootstrapping
|
||||
- nix: custom image with packages pre installed, see [Creating custom runner images](../forgejo-github-to-forgejo-actions)
|
||||
|
||||
## Creating custom runner images
|
||||
`git clone ssh://git@git.nexveridian.com:222/NexVeridian/docker-nixpkgs.git`
|
||||
|
||||
### Create a copy of `images/action-attic`
|
||||
```nix
|
||||
{
|
||||
docker-nixpkgs,
|
||||
pkgs,
|
||||
attic-client,
|
||||
nodejs_24,
|
||||
nix-fast-build,
|
||||
# add more packages here
|
||||
}:
|
||||
(docker-nixpkgs.nix.override {
|
||||
nix = pkgs.nixVersions.latest;
|
||||
|
||||
extraContents = [
|
||||
attic-client
|
||||
nodejs_24
|
||||
nix-fast-build
|
||||
# and the corresponding packages here
|
||||
];
|
||||
}).overrideAttrs
|
||||
(prev: {
|
||||
meta = (prev.meta or { }) // {
|
||||
description = "Forgejo action image, with Nix and Attic client";
|
||||
};
|
||||
})
|
||||
```
|
||||
|
||||
### Edit folder name in `.forgejo/workflows/nix.yaml`
|
||||
```yaml
|
||||
- name: Build Nix package
|
||||
run: nix-build -A action-attic
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue