Skip to content

Commit

Permalink
[TASK] Add configuration examples
Browse files Browse the repository at this point in the history
Added example configuration for
CI and Runner
  • Loading branch information
ochorocho committed Jul 13, 2024
1 parent c1dc985 commit 88006a6
Show file tree
Hide file tree
Showing 5 changed files with 139 additions and 21 deletions.
2 changes: 0 additions & 2 deletions .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,5 @@ ddev-initialize:
- name: docker:dind
when: always
script:
# Fix for: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /builds/*/*'
- ddev config global --no-bind-mounts=true
- ddev --version
# ... do things
30 changes: 11 additions & 19 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,28 +1,18 @@
# DDEV GitLab CI - Docker in Docker (dind)

This image is most likely to be used within the GitLab Runner.
As of now it is only tested on gitlab.com
A image to run DDEV in GitLab any (hosted/self-hoster).

**GitLab CI example**: [.gitlab-ci.yml](.gitlab-ci.yml)

## Configuration for self-hosted GitLab Runners

:warning: This (section) information is "work in progress"

```toml
# ...

[[runners]]
# ...
[runners.docker]
# ...
# Could be a security issues: https://docs.gitlab.com/runner/security/#usage-of-docker-executor
privileged = true
volumes = ["gitlab-shared-cache:/cache", "/var/run/docker.sock:/var/run/docker.sock"]
# Add additional groups the container process will run as.
# See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdocker-section
group_add = ["999"]
```
The Runner can run on the two container engines - Docker and Podman.
Both container engines work, but the required configuration is slightly different.

### Example configurations for ...

* [gitlab.com](docs%2Fgitlab-com.md)
* [Docker](docs%2Fdocker.md)
* [Podman](docs%2Fpodman.md)

# Workflow - Image build

Expand All @@ -47,6 +37,8 @@ Available options:
| ./build.sh -v v1.23 | v1.23, v1.23.x (latest bugfix) |
| ... | ... |

The image is stored on the [GitHub Package Registry](https://github.com/ochorocho/ddev-gitlab-ci/pkgs/container/ddev-gitlab-ci)

## Run tests locally

Requires [bats-core](https://bats-core.readthedocs.io/en/stable/installation.html) and [yq](https://github.com/mikefarah/yq/tree/v4.44.2?tab=readme-ov-file#install).
Expand Down
51 changes: 51 additions & 0 deletions docs/docker.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Docker in Docker

The following examples shows how to configure the GitLab Runner
to use DDEV within the docker executor (DockerInDocker).

* GitLab [Docker in Docker docs](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker)
* [Enable SSL](https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/#configure-tls) connection
* Potential [security risk described](https://docs.gitlab.com/runner/security/#usage-of-docker-executor)

## GitLab Runner config.toml

`/etc/gitlab-runner/config.toml`:

```toml
[[runners]]
name = "Docker Runner"
executor = "docker"
# ...
[runners.docker]
# ...
tls_verify = false
services_privileged = true
allowed_privileged_services = ["docker:dind"]
```

## GitLab CI Job for DDEV

`.gitlab-ci.yml`:

```yaml
stages:
- testing

ddev-initialize-docker:
stage: testing
image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23
variables:
# Remove "umask 0000" usage, so DDEV has permissions on the cloned repository
# see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
# Disable Docker SSL connection
DOCKER_TLS_CERTDIR: ""
# Fix "fatal: unable to access '<REPO>': Could not resolve host: <HOST>"
FF_NETWORK_PER_BUILD: 0
services:
- name: docker:dind
when: always
script:
- ddev start
# ... do things
```
26 changes: 26 additions & 0 deletions docs/gitlab-com.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Running on gitlab.com

The gitlab.com runners are already configured
correctly and can run the image without any issue.


```yaml
stages:
- testing

ddev-initialize:
stage: testing
image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23
variables:
# Remove "umask 0000" usage, so DDEV has permissions on the cloned repository
# see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
services:
- name: docker:dind
when: always
script:
# Fix for: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /builds/*/*'
- ddev config global --no-bind-mounts=true
- ddev --version
# ... do things
```
51 changes: 51 additions & 0 deletions docs/podman.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Docker in Podman

The following examples shows how to configure the GitLab Runner
to use DDEV within the docker executor using Podman (DockerInPodman).

* Configure the [Runner to use Podman](https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands). More details in the [forum](https://forum.gitlab.com/t/gitlab-runner-setup-with-podman/87893/2)

## GitLab Runner config.toml

`/etc/gitlab-runner/config.toml`:

```toml
[[runners]]
name = "Podman Runner"
executor = "docker"
# ...
[runners.docker]
# ...
tls_verify = false
services_privileged = true
allowed_privileged_services = ["docker:dind"]
# Replace 1000 with the users id, run `id -u` to get the id
host = "unix:///run/user/1000/podman/podman.sock"
```

## GitLab CI Job for DDEV

`.gitlab-ci.yml`:

```yaml
stages:
- testing

ddev-initialize-podman:
stage: testing
image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23
variables:
# Remove "umask 0000" usage, so DDEV has permissions on the cloned repository
# see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
# Disable Docker SSL connection
DOCKER_TLS_CERTDIR: ""
# Fix: "Error response from daemon: bad parameter: link is not supported"
FF_NETWORK_PER_BUILD: 1
services:
- name: docker:dind
when: always
script:
- ddev start
# ... do things
```

0 comments on commit 88006a6

Please sign in to comment.