diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8639c18..0cf73d6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,7 +12,5 @@ ddev-initialize: - name: docker:dind when: always script: - # Fix for: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /builds/*/*' - - ddev config global --no-bind-mounts=true - ddev --version # ... do things diff --git a/README.md b/README.md index 33b5a98..dc142b8 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,18 @@ # DDEV GitLab CI - Docker in Docker (dind) -This image is most likely to be used within the GitLab Runner. -As of now it is only tested on gitlab.com +A image to run DDEV in GitLab any (hosted/self-hoster). -**GitLab CI example**: [.gitlab-ci.yml](.gitlab-ci.yml) ## Configuration for self-hosted GitLab Runners -:warning: This (section) information is "work in progress" - -```toml -# ... - -[[runners]] - # ... - [runners.docker] - # ... - # Could be a security issues: https://docs.gitlab.com/runner/security/#usage-of-docker-executor - privileged = true - volumes = ["gitlab-shared-cache:/cache", "/var/run/docker.sock:/var/run/docker.sock"] - # Add additional groups the container process will run as. - # See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdocker-section - group_add = ["999"] -``` +The Runner can run on the two container engines - Docker and Podman. +Both container engines work, but the required configuration is slightly different. + +### Example configurations for ... + +* [gitlab.com](docs%2Fgitlab-com.md) +* [Docker](docs%2Fdocker.md) +* [Podman](docs%2Fpodman.md) # Workflow - Image build @@ -47,6 +37,8 @@ Available options: | ./build.sh -v v1.23 | v1.23, v1.23.x (latest bugfix) | | ... | ... | +The image is stored on the [GitHub Package Registry](https://github.com/ochorocho/ddev-gitlab-ci/pkgs/container/ddev-gitlab-ci) + ## Run tests locally Requires [bats-core](https://bats-core.readthedocs.io/en/stable/installation.html) and [yq](https://github.com/mikefarah/yq/tree/v4.44.2?tab=readme-ov-file#install). diff --git a/docs/docker.md b/docs/docker.md new file mode 100644 index 0000000..e139bdc --- /dev/null +++ b/docs/docker.md @@ -0,0 +1,51 @@ +# Docker in Docker + +The following examples shows how to configure the GitLab Runner +to use DDEV within the docker executor (DockerInDocker). + +* GitLab [Docker in Docker docs](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker) +* [Enable SSL](https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/#configure-tls) connection +* Potential [security risk described](https://docs.gitlab.com/runner/security/#usage-of-docker-executor) + +## GitLab Runner config.toml + +`/etc/gitlab-runner/config.toml`: + +```toml +[[runners]] + name = "Docker Runner" + executor = "docker" + # ... + [runners.docker] + # ... + tls_verify = false + services_privileged = true + allowed_privileged_services = ["docker:dind"] +``` + +## GitLab CI Job for DDEV + +`.gitlab-ci.yml`: + +```yaml +stages: + - testing + +ddev-initialize-docker: + stage: testing + image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23 + variables: + # Remove "umask 0000" usage, so DDEV has permissions on the cloned repository + # see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags + FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1 + # Disable Docker SSL connection + DOCKER_TLS_CERTDIR: "" + # Fix "fatal: unable to access '': Could not resolve host: " + FF_NETWORK_PER_BUILD: 0 + services: + - name: docker:dind + when: always + script: + - ddev start + # ... do things +``` diff --git a/docs/gitlab-com.md b/docs/gitlab-com.md new file mode 100644 index 0000000..f94918c --- /dev/null +++ b/docs/gitlab-com.md @@ -0,0 +1,26 @@ +# Running on gitlab.com + +The gitlab.com runners are already configured +correctly and can run the image without any issue. + + +```yaml +stages: + - testing + +ddev-initialize: + stage: testing + image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23 + variables: + # Remove "umask 0000" usage, so DDEV has permissions on the cloned repository + # see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags + FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1 + services: + - name: docker:dind + when: always + script: + # Fix for: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /builds/*/*' + - ddev config global --no-bind-mounts=true + - ddev --version + # ... do things +``` diff --git a/docs/podman.md b/docs/podman.md new file mode 100644 index 0000000..5c35929 --- /dev/null +++ b/docs/podman.md @@ -0,0 +1,51 @@ +# Docker in Podman + +The following examples shows how to configure the GitLab Runner +to use DDEV within the docker executor using Podman (DockerInPodman). + +* Configure the [Runner to use Podman](https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands). More details in the [forum](https://forum.gitlab.com/t/gitlab-runner-setup-with-podman/87893/2) + +## GitLab Runner config.toml + +`/etc/gitlab-runner/config.toml`: + +```toml +[[runners]] + name = "Podman Runner" + executor = "docker" + # ... + [runners.docker] + # ... + tls_verify = false + services_privileged = true + allowed_privileged_services = ["docker:dind"] + # Replace 1000 with the users id, run `id -u` to get the id + host = "unix:///run/user/1000/podman/podman.sock" +``` + +## GitLab CI Job for DDEV + +`.gitlab-ci.yml`: + +```yaml +stages: + - testing + +ddev-initialize-podman: + stage: testing + image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23 + variables: + # Remove "umask 0000" usage, so DDEV has permissions on the cloned repository + # see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags + FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1 + # Disable Docker SSL connection + DOCKER_TLS_CERTDIR: "" + # Fix: "Error response from daemon: bad parameter: link is not supported" + FF_NETWORK_PER_BUILD: 1 + services: + - name: docker:dind + when: always + script: + - ddev start + # ... do things +```