Skip to content

Latest commit

 

History

History
117 lines (80 loc) · 3.14 KB

docker-deployment.md

File metadata and controls

117 lines (80 loc) · 3.14 KB
Raw

This document gives a step-by-step guide to deploying OCaml-CI from the Docker images and how to integrate them into a GitHub organisation to monitor PRs.

Build the Docker images

git clone --recursive https://github.com/ocurrent/ocaml-ci.git
cd ocaml-ci
docker build -t ocaml-ci-service .
docker build -f Dockerfile.web -t ocaml-ci-web .

Create a GitHub App

Sign in to your GitHub account

  1. Navigate to your account/organizations settings. ...
  2. In the left sidebar, click Developer settings.
  3. In the left sidebar, click GitHub Apps.
  4. Click New GitHub App.
  5. In "GitHub App name", type the name of your app. ...
  6. Optionally, in "Description", type a description of your app that users will see.

Complete the form

App Name: example-ci (must be unique across GitHub) Homepage URL: https://ci.example.org/ Callback URL: https://ci.example.org:8100/login Webhook URL: https://ci.example.org:8100/webhooks/github Webhook Secret: Create a secure webhook secret - perhaps like this ruby -rsecurerandom -e 'print SecureRandom.hex(20)'

Give repository permissions:

  • Checks: Read/Write
  • Commit statuses: Read/Write
  • Contents: Read-only
  • Metadata: Read-only (default)
  • Pull requests: Read-only

Subscribe to events:

  • Create
  • Pull request
  • Push

Where can this GitHub App be installed? Any account

Once the app has been created record the App ID: 215418 (unique App ID)

Docker Secrets

In GitHub, generate and download a private key for the new app. i.e. example-ci.2022-06-28.private-key.pem

On the machine which will host the Docker containers, ensure it is in swarm mode to allow the use of secrets:

docker swarm init --advertise-addr 127.0.0.1:2377 --listen-addr 127.0.0.1:2377

Create the Docker secrets required for the app.

Be careful not to have a trailing return character on the webhook secret. Also be mindful of your shell history when creating secrets.

This may be a good way to create a random secret in a file without a return character:

ruby -rsecurerandom -e 'print SecureRandom.hex(20)' > example-ci-webhook-secret

You will need a submission cap for a OCurrent cluster.

docker secret create example-ci-github-key example-ci.2022-06-28.private-key.pem
docker secret create example-ci-webhook-secret example-ci-webhook-secret
docker secret create ocaml-ci-submission.cap cluster.cap

Caddy Proxy

Setup Caddy to act as a proxy for the Docker services. Create /etc/caddy/Caddyfile as follows

ci.example.org:8100 {
        reverse_proxy ci:8080
}               

ci.example.org {
        reverse_proxy web:8090
}

Deploy the Docker Stack

Update example-stack.yml:

  • match the secret names created above
  • update the application id
docker stack deploy example --compose-file example-stack.yml

Check the webhook delivery status under your app's advanced settings:

https://github.com/organizations/example/settings/apps/example-ci/advanced

Testing

Install the GitHub App for a user and select which repository you want to test

Check https://ci.example.org and https://ci.example.org:8100