From 62aa194c961e390dbee056ab3867f907bb82b3f3 Mon Sep 17 00:00:00 2001 From: Jakob Meier Date: Wed, 27 Dec 2023 10:29:12 +0100 Subject: [PATCH] Added s3 configuration options for worker --- docs/CONFIGURATION.md | 2 +- group_vars/all/default.yml | 11 ++++++++ roles/builds.sr.ht/README.md | 36 +++++++++++++++++++++++++++ roles/builds.sr.ht/defaults/main.yml | 14 +++++++++++ roles/builds.sr.ht/tasks/worker.yml | 4 +-- roles/sr.ht-core/templates/config.ini | 6 ++--- 6 files changed, 67 insertions(+), 6 deletions(-) diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md index afe0e67..24c42f5 100644 --- a/docs/CONFIGURATION.md +++ b/docs/CONFIGURATION.md @@ -139,7 +139,7 @@ srht_email_privkey: | KEYHERE ``` -## Forward facing changes +## Configure the frontend Sourcehut allows you to customize the instance name and contact adress, this playbook exposes these options as follows: ```yaml diff --git a/group_vars/all/default.yml b/group_vars/all/default.yml index 6d05e62..0e044b2 100644 --- a/group_vars/all/default.yml +++ b/group_vars/all/default.yml @@ -91,3 +91,14 @@ srht_service_key: "" # A secret key to encrypt internal messages with. Use `srht-keygen network` to # generate this key. It must be consistent between all services and nodes. srht_network_key: "" + +# S3 ARTIFACT UPLOADING +# s3 server url +# https will automatiically be prepended to this +srht_s3_upstream: "s3.{{ srht_domain }}" +# s3 acces key +# used for authentification +srht_s3_access_key: "" +# s3 secret key +# used for authentification +srht_s3_secret_key: "" diff --git a/roles/builds.sr.ht/README.md b/roles/builds.sr.ht/README.md index 19d3a80..b63a191 100644 --- a/roles/builds.sr.ht/README.md +++ b/roles/builds.sr.ht/README.md @@ -18,6 +18,42 @@ and you probably do not need to change it. `buildssrht_runner_mem` allows you to specify the amount of memory (RAM) the worker container/VM is allowed to use. +#### Artifact uploads +To use the `artifacts` option to automatically upload artifacts, +you have to setup s3 object storage. + +**This requires access to an s3 storage server like minio or AWS**, +for example you could use +[the minio docker container](https://hub.docker.com/r/minio/minio/). + +Using the admin panel of your s3 storage solution, +create a new bucket (for example `builds.sr.ht`) +and create a new *access-key* with write permission for that bucket. +(NOTE: this will also generate a *secret-key* that will only be shown once, +so make sure to copy it). + +After creating the bucket and keys, +open you secret file and configure the following variables: + +``` yaml +# s3 server url +srht_s3_upstream: "s3.{{ srht_domain }}" +# s3 bucket name +buildssrht_s3_bucket: "builds.sr.ht" +# s3 prefix +buildssrht_s3_prefix: "" +# s3 acces key +# used for authentification +srht_s3_access_key: "" +# s3 secret key +# used for authentification +srht_s3_secret_key: "" +``` + +Note that `srht_s3_*` affects configuration options for your whole instance, +and thus require you to rerun the full playbook +(as the change files in `sr.ht-core`) + ### Setting up an Alpine Linux image Creating images should differ on a platform by platform basis, but lets walk through a basic alpine setup. diff --git a/roles/builds.sr.ht/defaults/main.yml b/roles/builds.sr.ht/defaults/main.yml index 1a03c9d..b7eaeac 100644 --- a/roles/builds.sr.ht/defaults/main.yml +++ b/roles/builds.sr.ht/defaults/main.yml @@ -10,3 +10,17 @@ buildssrht_runner_mem: "2048M" # how long the runner may be active # see buildssrht_runner_timeout for more buildssrht_runner_timeout: "45m" + +# S3 ARTIFACT UPLOADING +# currently at most 8 artifacts per job are accepted, +# where each artifact may only be 1GB in size. +# The bucket location is also hardcoded to us-east-1 +# for more implementation-related restrictions see here: +# https://git.sr.ht/~sircmpwn/builds.sr.ht/tree/master/item/worker/tasks.go +# +# format: https:////~ +# +# s3 bucket name +buildssrht_s3_bucket: "builds.sr.ht" +# s3 prefix +buildssrht_s3_prefix: "" diff --git a/roles/builds.sr.ht/tasks/worker.yml b/roles/builds.sr.ht/tasks/worker.yml index 351cef1..e57ff79 100644 --- a/roles/builds.sr.ht/tasks/worker.yml +++ b/roles/builds.sr.ht/tasks/worker.yml @@ -54,8 +54,8 @@ # Configure the S3 bucket and prefix for object storage. Leave empty to disable # object storage. Bucket is required to enable object storage; prefix is # optional. - s3-bucket= - s3-prefix= + s3-prefix={{ buildssrht_s3_prefix }} + s3-bucket={{ buildssrht_s3_bucket }} register: conf - name: Overwrite default runner setup diff --git a/roles/sr.ht-core/templates/config.ini b/roles/sr.ht-core/templates/config.ini index 6e4b675..dc7456c 100644 --- a/roles/sr.ht-core/templates/config.ini +++ b/roles/sr.ht-core/templates/config.ini @@ -53,9 +53,9 @@ global-domain={{ srht_domain }} # Configure S3-compatible object storage for services. Optional. # # Minio is recommended as a FOSS solution over AWS: https://min.io -s3-upstream= -s3-access-key= -s3-secret-key= +s3-upstream={{ srht_s3_upstream }} +s3-access-key={{ srht_s3_access_key }} +s3-secret-key={{ srht_s3_secret_key }} [mail] # -- 2.38.5