Merge pull request #10 from ochorocho/task/self-hosted-runner

[TASK] Add configuration examples for self-hosted Runners
ddev · Sep 5, 2024 · a1f508f · a1f508f
2 parents 8c0f756 + 1f59554
commit a1f508f
Show file tree

Hide file tree

Showing 4 changed files with 129 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,9 +1,17 @@
 # DDEV GitLab CI - Docker in Docker (dind)
 
-This image is most likely to be used within the GitLab Runner.
-As of now it only tested it on gitlab.com
+A container image to run DDEV on any GitLab Runner (hosted/self-hoster).
 
-**GitLab CI example**: [.gitlab-ci.yml](.gitlab-ci.yml)
+## Configuration for self-hosted GitLab Runners
+
+The Runner can run on the two container engines - Docker and Podman.
+Both container engines work, but the required configuration is slightly different.
+
+### Example configurations for ...
+
+* [gitlab.com](docs%2Fgitlab-com.md)
+* [Docker](docs%2Fdocker.md)
+* [Podman](docs%2Fpodman.md)
 
 # Workflow - Image build
 
@@ -28,6 +36,8 @@ Available options:
 | ./build.sh -v v1.23   | v1.23, v1.23.x (latest bugfix) |
 | ...                   | ...                            |
 
+The image is stored on the [GitHub Package Registry](https://github.com/ochorocho/ddev-gitlab-ci/pkgs/container/ddev-gitlab-ci) 
+
 ## Run tests locally
 
 Requires [bats-core](https://bats-core.readthedocs.io/en/stable/installation.html) and [yq](https://github.com/mikefarah/yq/tree/v4.44.2?tab=readme-ov-file#install).

diff --git a/docs/docker.md b/docs/docker.md
@@ -0,0 +1,51 @@
+# Docker in Docker
+
+The following example describes how to configure the GitLab Runner
+to use DDEV within the docker executor (DockerInDocker).
+
+* GitLab [Docker in Docker docs](https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-in-docker)
+* [Enable SSL](https://about.gitlab.com/blog/2019/07/31/docker-in-docker-with-docker-19-dot-03/#configure-tls) connection
+* Potential [security risk described](https://docs.gitlab.com/runner/security/#usage-of-docker-executor)
+
+## GitLab Runner config.toml
+
+`/etc/gitlab-runner/config.toml`:
+
+```toml
+[[runners]]
+  name = "Docker Runner"
+  executor = "docker"
+  # ...
+  [runners.docker]
+    # ...
+    tls_verify = false
+    services_privileged = true
+    allowed_privileged_services = ["docker:dind"]
+```
+
+## GitLab CI Job for DDEV  
+
+`.gitlab-ci.yml`:
+
+```yaml
+stages:
+  - testing
+
+ddev-initialize-docker:
+  stage: testing
+  image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23
+  variables:
+    # Remove "umask 0000" usage, so DDEV has permissions on the cloned repository
+    # see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags
+    FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
+    # Disable Docker SSL connection
+    DOCKER_TLS_CERTDIR: ""
+    # Fix "fatal: unable to access '<REPO>': Could not resolve host: <HOST>"
+    FF_NETWORK_PER_BUILD: 0
+  services:
+    - name: docker:dind
+  when: always
+  script:
+    - ddev start
+    # ... do things
+```
diff --git a/.gitlab-ci.yml → docs/gitlab-com.md b/.gitlab-ci.yml → docs/gitlab-com.md
@@ -1,5 +1,15 @@
+# Running on gitlab.com
+
+The gitlab.com runners are already configured
+correctly and can run the image without any issue.
+
+
+```yaml
+stages:
+  - testing
+
 ddev-initialize:
-  stage: project-template-test
+  stage: testing
   image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23
   variables:
     # Remove "umask 0000" usage, so DDEV has permissions on the cloned repository
@@ -9,5 +19,8 @@ ddev-initialize:
     - name: docker:dind
   when: always
   script:
+    # Fix for: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /builds/*/*'
+    - ddev config global --no-bind-mounts=true
     - ddev --version
     # ... do things
+```
diff --git a/docs/podman.md b/docs/podman.md
@@ -0,0 +1,51 @@
+# Docker in Podman
+
+The following example describes how to configure the GitLab Runner
+to use DDEV within the docker executor using Podman (DockerInPodman).
+
+* Configure the [Runner to use Podman](https://docs.gitlab.com/runner/executors/docker.html#use-podman-to-run-docker-commands). More details in the [forum](https://forum.gitlab.com/t/gitlab-runner-setup-with-podman/87893/2)
+
+## GitLab Runner config.toml
+
+`/etc/gitlab-runner/config.toml`:
+
+```toml
+[[runners]]
+  name = "Podman Runner"
+  executor = "docker"
+  # ...
+  [runners.docker]
+    # ...
+    tls_verify = false
+    services_privileged = true
+    allowed_privileged_services = ["docker:dind"]
+    # Replace 1000 with the users id, run `id -u` to get the id
+    host = "unix:///run/user/1000/podman/podman.sock"
+```
+
+## GitLab CI Job for DDEV  
+
+`.gitlab-ci.yml`:
+
+```yaml
+stages:
+  - testing
+
+ddev-initialize-podman:
+  stage: testing
+  image: ghcr.io/ochorocho/ddev-gitlab-ci:v1.23
+  variables:
+    # Remove "umask 0000" usage, so DDEV has permissions on the cloned repository
+    # see https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags
+    FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
+    # Disable Docker SSL connection
+    DOCKER_TLS_CERTDIR: ""
+    # Fix: "Error response from daemon: bad parameter: link is not supported"
+    FF_NETWORK_PER_BUILD: 1
+  services:
+    - name: docker:dind
+  when: always
+  script:
+    - ddev start
+    # ... do things
+```