diff --git a/docker-compose-infra.yml b/docker-compose-infra.yml new file mode 100644 index 0000000000000..6e41e8fce5b2d --- /dev/null +++ b/docker-compose-infra.yml @@ -0,0 +1,98 @@ +version: '3.8' + +services: + nginx: + image: nginx:latest + container_name: nginx + restart: on-failure + volumes: + - $PWD/docker_compose_conf/nginx/nginx.conf:/etc/nginx/nginx.conf + - $PWD/docker_compose_conf/nginx/conf.d:/etc/nginx/conf.d + - nginx_log:/var/log/nginx # 无关的卷均随机绑定 + ports: + - "80:80" + networks: + - gitea_network + nexus: + image: sonatype/nexus3:latest + container_name: nexus3 + restart: on-failure + ports: + # web服务使用 + - "8081:8081" + # http仓库使用 + - "8082:8082" + # https仓库使用,本例不使用 + #- "5000:5000" + volumes: + - nexus_data:/nexus-data + environment: + # 配置nexus3服务的内存,避免小规格机器崩掉 + INSTALL4J_ADD_VM_PARAMS: "-Xms512m -Xmx512m -XX:MaxDirectMemorySize=512m -Djava.util.prefs.userRoot=/nexus-data/javaprefs" + networks: + - gitea_network + portainer: + image: portainer/portainer:latest + container_name: gitea_portainer + restart: always + ports: + - "9000:9000" + - "8000:8000" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + environment: + - ADMIN_PASSWORD=admin123456789 # 设置管理员密码 + networks: + - gitea_network + gitea: + image: docker.io/gitea/gitea:1.23.1 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=mysql + - GITEA__database__HOST=mysql:3306 + - GITEA__database__NAME=gitea + - GITEA__database__USER=root + - GITEA__database__PASSWD=${MYSQL_ROOT_PASSWORD} + restart: always + networks: + - gitea_network + volumes: + - gitea_data:/data + - $PWD/docker_compose_conf/gitea/app.ini:/data/gitea/conf/app.ini + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "222:22" + mysql: + image: mysql:8.0.20 + container_name: gitea_mysql + restart: always + privileged: true # 允许root远程连接 + ports: + - "3306:3306" + volumes: + - mysql_log:/var/log/mysql + - $PWD/docker_compose_conf/mysql/conf.d:/etc/mysql/conf.d + - mysql_data:/var/lib/mysql + environment: + MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} + MYSQL_DATABASE: gitea + networks: + - gitea_network +# 定义自定义网络 +networks: + gitea_network: + name: gitea + driver: bridge + +volumes: + nginx_log: + nexus_data: + portainer_data: + mysql_log: + mysql_data: + gitea_data: diff --git a/docker_compose_conf/act_runner/config.yaml b/docker_compose_conf/act_runner/config.yaml new file mode 100644 index 0000000000000..d5238f9f45658 --- /dev/null +++ b/docker_compose_conf/act_runner/config.yaml @@ -0,0 +1,101 @@ +# Example configuration file, it's safe to copy this as the default config file without any modification. + +# You don't have to copy this file to your instance, +# just run `./act_runner generate-config > config.yaml` to generate a config file. + +log: + # The level of logging, can be trace, debug, info, warn, error, fatal + level: info + +runner: + # Where to store the registration result. + file: .runner + # Execute how many tasks concurrently at the same time. + capacity: 1 + # Extra environment variables to run jobs. + envs: + A_TEST_ENV_NAME_1: a_test_env_value_1 + A_TEST_ENV_NAME_2: a_test_env_value_2 + # Extra environment variables to run jobs from a file. + # It will be ignored if it's empty or the file doesn't exist. + env_file: .env + # The timeout for a job to be finished. + # Please note that the Gitea instance also has a timeout (3h by default) for the job. + # So the job could be stopped by the Gitea instance if it's timeout is shorter than this. + timeout: 3h + # The timeout for the runner to wait for running jobs to finish when shutting down. + # Any running jobs that haven't finished after this timeout will be cancelled. + shutdown_timeout: 0s + # Whether skip verifying the TLS certificate of the Gitea instance. + insecure: true + # The timeout for fetching the job from the Gitea instance. + fetch_timeout: 5s + # The interval for fetching the job from the Gitea instance. + fetch_interval: 2s + # The labels of a runner are used to determine which jobs the runner can run, and how to run them. + # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + # Find more images provided by Gitea at https://gitea.com/gitea/runner-images . + # If it's empty when registering, it will ask for inputting labels. + # If it's empty when execute `daemon`, will use labels in `.runner` file. + labels: + - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" + - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04" + - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04" + +cache: + # Enable cache server to use actions/cache. + enabled: true + # The directory to store the cache data. + # If it's empty, the cache data will be stored in $HOME/.cache/actcache. + dir: "" + # The host of the cache server. + # It's not for the address to listen, but the address to connect from job containers. + # So 0.0.0.0 is a bad choice, leave it empty to detect automatically. + host: "" + # The port of the cache server. + # 0 means to use a random available port. + port: 0 + # The external cache server URL. Valid only when enable is true. + # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself. + # The URL should generally end with "/". + external_server: "" + +container: + # Specifies the network to which the container will connect. + # Could be host, bridge or the name of a custom network. + # If it's empty, act_runner will create a network automatically. + network: "" + # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker). + privileged: false + # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway). + options: + # The parent directory of a job's working directory. + # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. + # If the path starts with '/', the '/' will be trimmed. + # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir + # If it's empty, /workspace will be used. + workdir_parent: + # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob + # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted. + # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to: + # valid_volumes: + # - data + # - /src/*.json + # If you want to allow any volume, please use the following configuration: + # valid_volumes: + # - '**' + valid_volumes: [] + # overrides the docker client host with the specified one. + # If it's empty, act_runner will find an available docker host automatically. + # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers. + # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work. + docker_host: "" + # Pull docker image(s) even if already present + force_pull: true + # Rebuild docker image(s) even if already present + force_rebuild: false + +host: + # The parent directory of a job's working directory. + # If it's empty, $HOME/.cache/act/ will be used. + workdir_parent: diff --git a/docker_compose_conf/gitea/app.ini b/docker_compose_conf/gitea/app.ini new file mode 100644 index 0000000000000..b1e53fe9693b7 --- /dev/null +++ b/docker_compose_conf/gitea/app.ini @@ -0,0 +1,98 @@ +APP_NAME = Gitea: Git with a cup of tea +RUN_MODE = prod +RUN_USER = git +WORK_PATH = /data/gitea + +[repository] +ROOT = /data/git/repositories + +[repository.local] +LOCAL_COPY_PATH = /data/gitea/tmp/local-repo + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea +DOMAIN = silky.com +SSH_DOMAIN = silky.com +HTTP_PORT = 3000 +ROOT_URL = http://silky.com/ +DISABLE_SSH = false +SSH_PORT = 22 +SSH_LISTEN_PORT = 22 +LFS_START_SERVER = true +LFS_JWT_SECRET = RWR3YAnnMrQYgnYH1Txq0DbqN51CFXKmA_DSkDE0vAI +OFFLINE_MODE = true + +[database] +PATH = /data/gitea/gitea.db +DB_TYPE = mysql +HOST = mysql:3306 +NAME = gitea +USER = root +PASSWD = silky +LOG_SQL = false +SCHEMA = +SSL_MODE = disable + +[indexer] +ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve + +[session] +PROVIDER_CONFIG = /data/gitea/sessions +PROVIDER = file + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars +REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars + +[attachment] +PATH = /data/gitea/attachments + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /data/gitea/log + +[security] +INSTALL_LOCK = true +SECRET_KEY = +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = * +INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3MzgyMTA3OTd9.hAEOcjnj5P4mj06GeNxQYupI7Vbcqm_zNseC5Syj9ug +PASSWORD_HASH_ALGO = pbkdf2 + +[service] +DISABLE_REGISTRATION = false +REQUIRE_SIGNIN_VIEW = false +REGISTER_EMAIL_CONFIRM = false +ENABLE_NOTIFY_MAIL = false +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[lfs] +PATH = /data/git/lfs + +[mailer] +ENABLED = false + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = true + +[cron.update_checker] +ENABLED = false + +[repository.pull-request] +DEFAULT_MERGE_STYLE = merge + +[repository.signing] +DEFAULT_TRUST_MODEL = committer + +[oauth2] +JWT_SECRET = 5DNV8lSMMqr9Ve05Mzk960yrydAwRJCPkuX3-TK23oo diff --git a/docker_compose_conf/mysql/conf.d/my.cnf b/docker_compose_conf/mysql/conf.d/my.cnf new file mode 100644 index 0000000000000..3e472d6b03257 --- /dev/null +++ b/docker_compose_conf/mysql/conf.d/my.cnf @@ -0,0 +1,18 @@ +[client] +default-character-set=utf8mb4 + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +#服务端口号 默认3306 +port=3306 + +datadir = /work/docker/mysql/data + +init_connect='SET NAMES utf8mb4' +character-set-server=utf8mb4 +collation-server=utf8mb4_unicode_ci + +# 最大连接数 +max_connections=200 diff --git a/docker_compose_conf/nginx/conf.d/default.conf b/docker_compose_conf/nginx/conf.d/default.conf new file mode 100644 index 0000000000000..ac54d8e8e8145 --- /dev/null +++ b/docker_compose_conf/nginx/conf.d/default.conf @@ -0,0 +1,45 @@ +server { + listen 80; + listen [::]:80; + server_name localhost; + + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/docker_compose_conf/nginx/conf.d/nexus.silky.com.conf b/docker_compose_conf/nginx/conf.d/nexus.silky.com.conf new file mode 100644 index 0000000000000..d9e59d49c6eb8 --- /dev/null +++ b/docker_compose_conf/nginx/conf.d/nexus.silky.com.conf @@ -0,0 +1,11 @@ +server { + listen 80; # 监听 HTTP 端口 + server_name nexus.silky.com; # 绑定域名 + + location / { + proxy_pass http://nexus3:8081; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/docker_compose_conf/nginx/conf.d/portainer.silky.com.conf b/docker_compose_conf/nginx/conf.d/portainer.silky.com.conf new file mode 100644 index 0000000000000..73737fa8aa471 --- /dev/null +++ b/docker_compose_conf/nginx/conf.d/portainer.silky.com.conf @@ -0,0 +1,11 @@ +server { + listen 80; # 监听 HTTP 端口 + server_name portainer.silky.com; # 绑定域名 + + location / { + proxy_pass http://portainer:9000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} diff --git a/docker_compose_conf/nginx/conf.d/silky.com.conf b/docker_compose_conf/nginx/conf.d/silky.com.conf new file mode 100644 index 0000000000000..58c30734b8ce3 --- /dev/null +++ b/docker_compose_conf/nginx/conf.d/silky.com.conf @@ -0,0 +1,15 @@ +server { + listen 80; + server_name silky.com; + + location / { + client_max_body_size 512M; + proxy_pass http://gitea:3000; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/docker_compose_conf/nginx/nginx.conf b/docker_compose_conf/nginx/nginx.conf new file mode 100644 index 0000000000000..5e076aadc82d4 --- /dev/null +++ b/docker_compose_conf/nginx/nginx.conf @@ -0,0 +1,32 @@ + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/prod.env b/prod.env new file mode 100644 index 0000000000000..b86e414d173b8 --- /dev/null +++ b/prod.env @@ -0,0 +1,17 @@ +# gitea + + +# mysql +MYSQL_ROOT_PASSWORD=silky + +# gitea +PROTOCOL=http +DOMAIN=silky.com + +# gitea_runner +GITEA_RUNNER_REGISTRATION_TOKEN=GJGt8uElYTjjFwLOmbG594qfnM0KTCvDrjTruFSo +GITEA_RUNNER_NAME=runner-main +GITEA_RUNNER_LABELS=main + +# compose +COMPOSE_FILE=docker-compose-infra.yml diff --git a/script/delete_all_docker_container.sh b/script/delete_all_docker_container.sh new file mode 100755 index 0000000000000..f679880823896 --- /dev/null +++ b/script/delete_all_docker_container.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# 停止所有运行中的容器 +docker stop $(docker ps -a -q) + +# 删除所有容器 +docker rm $(docker ps -a -q) + +# 删除所有的数据卷 +# docker volume rm $(docker volume ls -q) diff --git a/script/deploy_the_act_runner.sh b/script/deploy_the_act_runner.sh new file mode 100755 index 0000000000000..bf9e597785a8b --- /dev/null +++ b/script/deploy_the_act_runner.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# 检查传入的参数数量 +if [ "$#" -ne 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +token=$1 + +docker stop gitea_runner +docker rm gitea_runner +docker run \ + -v $PWD/docker_compose_conf/act_runner/config.yaml:/config.yaml \ + -v $PWD/docker_compose_conf/act_runner/data:/data \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -e CONFIG_FILE=/config.yaml \ + -e GITEA_INSTANCE_URL=http://gitea:3000 \ + -e GITEA_RUNNER_REGISTRATION_TOKEN=$token \ + -e GITEA_RUNNER_NAME=runner-main \ + -e GITEA_RUNNER_LABELS=main \ + --name gitea_runner \ + --network gitea \ + -d gitea/act_runner:latest