From 78b0161585b0488e25651acc06d70e502345e6c0 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 1 Jan 2022 18:23:32 +0000 Subject: [PATCH] Install renovate It doesn't quite work, as really it needs docker to correctly update packages. But it's a start for now --- ansible/main.yml | 1 + ansible/roles/renovate/files/config.js | 11 ++++++ .../roles/renovate/files/docker-compose.yml | 23 +++++++++++ ansible/roles/renovate/files/entrypoint.sh | 11 ++++++ ansible/roles/renovate/handlers/main.yml | 4 ++ ansible/roles/renovate/tasks/main.yml | 38 +++++++++++++++++++ ansible/roles/renovate/vars/main.yml | 2 + ansible/roles/renovate/vars/vault.yml | 11 ++++++ 8 files changed, 101 insertions(+) create mode 100644 ansible/roles/renovate/files/config.js create mode 100644 ansible/roles/renovate/files/docker-compose.yml create mode 100644 ansible/roles/renovate/files/entrypoint.sh create mode 100644 ansible/roles/renovate/handlers/main.yml create mode 100644 ansible/roles/renovate/tasks/main.yml create mode 100644 ansible/roles/renovate/vars/main.yml create mode 100644 ansible/roles/renovate/vars/vault.yml diff --git a/ansible/main.yml b/ansible/main.yml index ff43776..d72e7b7 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -56,6 +56,7 @@ - pve_nebula_route - privatebin - vaultwarden + - renovate - hosts: ingress roles: diff --git a/ansible/roles/renovate/files/config.js b/ansible/roles/renovate/files/config.js new file mode 100644 index 0000000..731a916 --- /dev/null +++ b/ansible/roles/renovate/files/config.js @@ -0,0 +1,11 @@ +module.exports = { + endpoint: 'https://git.theorangeone.net/api/v4/', + token: '{{ renovate_gitlab_token }}', + platform: 'gitlab', + //dryRun: true, + autodiscover: true, + onboarding: false, + redisUrl: 'redis://redis', + repositoryCache: 'enabled', + persistRepoData: true +}; diff --git a/ansible/roles/renovate/files/docker-compose.yml b/ansible/roles/renovate/files/docker-compose.yml new file mode 100644 index 0000000..568b819 --- /dev/null +++ b/ansible/roles/renovate/files/docker-compose.yml @@ -0,0 +1,23 @@ +version: "2.3" +services: + renovate: + image: renovate/renovate:31-slim + user: "{{ docker_user.id }}" + command: /entrypoint.sh + environment: + - TZ={{ TZ }} + - GITHUB_COM_TOKEN={{ renovate_github_token }} + restart: unless-stopped + depends_on: + - redis + tmpfs: + - /tmp + volumes: + - "{{ app_data_dir }}/renovate/config.js:/usr/src/app/config.js:ro" + - "{{ app_data_dir }}/renovate/entrypoint.sh:/entrypoint.sh:ro" + + redis: + image: redis:6-alpine + restart: unless-stopped + volumes: + - /mnt/tank/dbs/redis/renovate:/data diff --git a/ansible/roles/renovate/files/entrypoint.sh b/ansible/roles/renovate/files/entrypoint.sh new file mode 100644 index 0000000..6b7f42e --- /dev/null +++ b/ansible/roles/renovate/files/entrypoint.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -e + +while true; +do + renovate $@ + echo "> Sleeping for 1 hour..." + sleep 1h & + wait $! +done diff --git a/ansible/roles/renovate/handlers/main.yml b/ansible/roles/renovate/handlers/main.yml new file mode 100644 index 0000000..9ec2233 --- /dev/null +++ b/ansible/roles/renovate/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart renovate + shell: + chdir: /opt/renovate + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/renovate/tasks/main.yml b/ansible/roles/renovate/tasks/main.yml new file mode 100644 index 0000000..dc065c7 --- /dev/null +++ b/ansible/roles/renovate/tasks/main.yml @@ -0,0 +1,38 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/renovate + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/renovate/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart renovate + become: true + +- name: Install config file + template: + src: files/config.js + dest: "{{ app_data_dir }}/renovate/config.js" + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + notify: restart renovate + become: true + +- name: Install custom entrypoint + template: + src: files/entrypoint.sh + dest: "{{ app_data_dir }}/renovate/entrypoint.sh" + mode: "0755" + owner: "{{ docker_user.name }}" + notify: restart renovate + become: true diff --git a/ansible/roles/renovate/vars/main.yml b/ansible/roles/renovate/vars/main.yml new file mode 100644 index 0000000..9635a1e --- /dev/null +++ b/ansible/roles/renovate/vars/main.yml @@ -0,0 +1,2 @@ +renovate_gitlab_token: "{{ vault_renovate_gitlab_token }}" +renovate_github_token: "{{ vault_renovate_github_token }}" diff --git a/ansible/roles/renovate/vars/vault.yml b/ansible/roles/renovate/vars/vault.yml new file mode 100644 index 0000000..3f0466d --- /dev/null +++ b/ansible/roles/renovate/vars/vault.yml @@ -0,0 +1,11 @@ +$ANSIBLE_VAULT;1.1;AES256 +37666339323131376463616330376335623238363930353938383162623162633665623763626464 +3833623739633363616362643166393538386139373139310a393530323937373938346237633536 +32376237386536633134613438383730323565356164313933376232343866303764643033396237 +6133313835663637660a336162303239636137313339366330323463326339366537343164663336 +61346434383164336138626261663939333265306430316535653062393431646230636162373665 +39386436306534316632376238616332636265303534316366356139303865323631323064303665 +64636565666231643330396164383066623166393339633330363633343639346637343239313936 +37613266393438616166326138313262623837386231393666633361396364313335346238313863 +65383435626335333631326537373366636439306366373235386132393839663063333063383133 +6333613165306462376631326239613864613630363738633331