Alright so now that I finally got done with part one of this blog post, here is part 2!
By now you should have Cloudflare Argo tunnel and Gitlab runner running.
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
31f46243cbe9 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... 8 days ago Up About an hour ago gitlab-runner
$ systemctl --user status cloudflared
Loaded: loaded (/home/leon/.config/systemd/user/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-10-10 14:51:26 IST; 1h 8min ago
For Gitlab CI/CD to work you need to add a .gitlab-ci.yml, in the root folder of your project This is like the main ingredient.
This is what my .gitlab-ci.yml looks like.
stages:
- publish
- deploy
variables:
TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
# Begin building the image
publish:
image: quay.io/podman/stable:latest
stage: publish
tags:
- publish
script:
- podman build -t $TAG_COMMIT -t $TAG_LATEST .
- podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- podman push $TAG_COMMIT
- podman push $TAG_LATEST
# Deployment
deploy:
image: alpine:latest
stage: deploy
tags:
- deployment
before_script:
- apk update && apk add openssh-client
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- eval $(ssh-agent -s)
- echo "${PK_KEY}" |tr -d '\r' | ssh-add -
- ssh-keyscan $SERVER_IP
script:
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman pull $TAG_COMMIT"
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman container rm -f $WEB_NAME || true"
- ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman run -d -p 8080:80 --name $WEB_NAME $TAG_COMMIT"
environment:
name: production
url: https://portfolio.afro-coder.com/
# Run only on the main branch
only:
- main
Now let us dive into some of the important variables here, these need to be defined in your Gitlab Repository(Individual repository) => Settings => CI/CD => Variables.
Make sure you mask the important and sensitive variables, and protect them so that they do not show up in your logs,
your username also needs to be longer than 4 chars to mask it and also meet their RegEx criteria
- $SERVER_USER - SSH login for the user.
- $SERVER_IP - The VM where you would run these containers
- $WEB_NAME - Container name you would like to keep
- $PK_KEY - Private key used to SSH to the server. You can use
ssh-keygento create a key and add the public key to your.ssh/authorized_keysfile
Further documentation on the Gitlab Variables can be found here
Now go ahead and commit this file to your repository.
git add .gitlab-ci.yml
git commit -s -m "Added Gitlab CI"
git push -u
If your gitlab CI/CD doesn't run after pushing it to the main branch re-check the branch name
and the tags you've given your runner, they should match the one in the .gitlab-ci.yml file
If your build goes successfully, you should see the following.
After the pipeline builds the container should be running on the host
$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
31646243cbe9 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... 8 days ago Up 16 minutes ago gitlab-runner-priv
4930b205caa1 registry.gitlab.com/leon9923/new-portfolio/main:c2054av4 httpd-foreground 15 minutes ago Up 15 minutes ago 0.0.0.0:8080->80/tcp portfolio.afro-coder.com
And thats it, you now have a self-hosted rootless(But still insecure if not protected correctly.) gitlab CI/CD with podman and Argo Tunnels and it works!
My next goal would be to create a custom executor for gitlab that uses podman without the docker interface altogether, thank you for reading!
Top comments (0)