From fe00fcd29f764408aa6e89631897b7186655c28d Mon Sep 17 00:00:00 2001 From: Mike Wilson Date: Thu, 23 Feb 2023 14:32:18 -0500 Subject: [PATCH] Initial setup of renovate bot --- ansible/main.yml | 1 + ansible/roles/renovate/tasks/main.yml | 29 +++++++++++++++++++ ansible/roles/renovate/templates/config.js | 14 +++++++++ .../renovate/templates/docker-compose.yml | 27 +++++++++++++++++ ansible/roles/renovate/vars/main.yml | 8 +++++ ansible/roles/traefik/tasks/main.yml | 4 +++ .../traefik/templates/docker-compose.yml | 9 ++++-- 7 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/renovate/tasks/main.yml create mode 100644 ansible/roles/renovate/templates/config.js create mode 100644 ansible/roles/renovate/templates/docker-compose.yml create mode 100644 ansible/roles/renovate/vars/main.yml diff --git a/ansible/main.yml b/ansible/main.yml index de8e400..dc8eea5 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -18,3 +18,4 @@ - nextcloud - tautulli - gitea + - renovate diff --git a/ansible/roles/renovate/tasks/main.yml b/ansible/roles/renovate/tasks/main.yml new file mode 100644 index 0000000..5ff8917 --- /dev/null +++ b/ansible/roles/renovate/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Create install directory + file: + path: "{{ install_directory }}/{{ role_name }}" + state: directory + owner: "{{ docker_user }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Copy docker-compose file to destination + template: + src: docker-compose.yml + dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml" + owner: "{{ docker_user }}" + mode: "{{ docker_compose_file_mask }}" + validate: docker-compose -f %s config + become: true + +- name: Copy config.js to destination + template: + src: config.js + dest: "{{ install_directory }}/renovate/config.js" + mode: "{{ docker_compose_file_mask }}" + become: true + +- name: Start docker container + community.docker.docker_compose: + project_src: "{{ install_directory }}/{{ role_name }}" + pull: true + remove_orphans: yes diff --git a/ansible/roles/renovate/templates/config.js b/ansible/roles/renovate/templates/config.js new file mode 100644 index 0000000..86ffcfe --- /dev/null +++ b/ansible/roles/renovate/templates/config.js @@ -0,0 +1,14 @@ +module.exports = { + endpoint: "git.{{ personal_domain }}/api/v2", + token: '{{ renovate_gitea_token }}', + platform: 'gitea', + dryRun: true, + autodiscover: true, + onboarding: false, + redisUrl: 'redis://redis', + repositoryCache: 'enabled', + persistRepoData: true, + binarySource: "docker", + dockerUser: "{{ primary_uid }}", + baseDir: "{{ data_dir }}/renovate", +}; diff --git a/ansible/roles/renovate/templates/docker-compose.yml b/ansible/roles/renovate/templates/docker-compose.yml new file mode 100644 index 0000000..5301675 --- /dev/null +++ b/ansible/roles/renovate/templates/docker-compose.yml @@ -0,0 +1,27 @@ +version: "{{ docker_compose_version }}" + +networks: + docker-socket-proxy: + external: true + +services: + renovate: + container_name: renovate + image: renovate/renovate:slim + restart: unless-stopped + depends_on: + - redis + networks: + - docker-socket-proxy + user: "{{ service_user.uid }}:{{ service_user.group }}" + environment: + - TZ={{ timezone }} + - DOCKER_HOST=tcp://docker_socket_proxy:2375 + - "RENOVATE_TOKEN={{ renovate_gitea_token }}" + volumes: + - "{{ data_dir }}/renovate:/{{ data_dir }}/renovate" # These must be the same + - ./config.js:/usr/src/app/config.js:ro + + redis: + image: redis:7-alpine + restart: unless-stopped diff --git a/ansible/roles/renovate/vars/main.yml b/ansible/roles/renovate/vars/main.yml new file mode 100644 index 0000000..1714a59 --- /dev/null +++ b/ansible/roles/renovate/vars/main.yml @@ -0,0 +1,8 @@ +renovate_gitea_token: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61383064643566343633633962376238346137633933643634353564316266656338333665613235 + 3230613339633561313064393163393537623763393336300a383332626538376335613763313439 + 64326566393761666266303438313435346535626231376661653863663664623839663431363632 + 6434306532613065650a636562663030363162396435346262353839653736343530393365633331 + 65366534333234353239376566326234666566303038396661343137316265306433313235366530 + 6164656437346131376165613136363161646437343038393266 diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index 08b84aa..178095a 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -2,6 +2,10 @@ community.docker.docker_network: name: traefik +- name: Create docker network for Docker Socket Proxy + community.docker.docker_network: + name: docker-socket-proxy + - name: Create install directory file: path: "{{ install_directory }}/traefik" diff --git a/ansible/roles/traefik/templates/docker-compose.yml b/ansible/roles/traefik/templates/docker-compose.yml index b426a50..56b54b7 100644 --- a/ansible/roles/traefik/templates/docker-compose.yml +++ b/ansible/roles/traefik/templates/docker-compose.yml @@ -4,14 +4,15 @@ networks: traefik: external: true docker-socket-proxy: - external: false + external: true services: traefik: container_name: traefik image: traefik:v2.9 depends_on: - - docker_socket_proxy + docker_socket_proxy: + condition: service_healthy networks: - traefik - docker-socket-proxy @@ -30,6 +31,7 @@ services: traefik.http.routers.traefik-dashboard.middlewares: lan-whitelist@file docker_socket_proxy: + container_name: docker_socket_proxy image: tecnativa/docker-socket-proxy:latest restart: unless-stopped networks: @@ -40,3 +42,6 @@ services: - INFO=1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro + healthcheck: + test: "exit 0" + start_period: 5s