Quest For CICD - WoodpeckerCI

User Interface

I quite like the UI for Woodpecker. I don’t think it’s as nice as ConcourseCI but it does everything I need. The killer feater here for me is that I don’t need to manage another set of users. It integrates with Gitea and utilises the userlist from there. As long as you’re loged into Gitea, you’re logged into woodpecker.

The pipeline log is also displayed well, with the console output shown for each build step. This makes it pretty easy to debug what is going on with your pipeline.

Pipeline Syntax - YAML

The pipeline file is stored in a .woodpecker.yaml file in the same repo as the site code.

pipeline:
  buildjekyll:
    image: jekyll/builder
    commands:
      - chown -R jekyll:jekyll .
      - jekyll build
  builddocker:
    image: plugins/docker
    settings:
      registry: <CONTAINER_REGISTRY_URL>
      username:
        from_secret: dockerserversshuser      
      password:
        from_secret: giteapass      
      repo: <GITEA_URL>/omaraminme
      tags: latest
      dockerfile: Dockerfile
  restartcontainer:
    image: appleboy/drone-ssh
    settings:
      host:
        - <DOCKER_SERVER_HOSTNAME>
      username: 
        from_secret: dockerserversshuser
      password:
        from_secret: dockerserversshpass
      port: 22
      command_timeout: 2m
      script:
        - cd Docker
        - docker compose pull omaraminme
        - docker compose up -d omaraminme
  mail:
    image: drillster/drone-email
    settings:
      host: <SMTP_SERVER>
      username:
        from_secret: email  
      password:
        from_secret: emailpass
      from: <EMAIL_ADDRESS>
    when:
      status: [ success, failure ]                     

I found this syntax the easiest of the bunch to work with and it seems to be the shortest pipeline file too. I do think that the concept of resources from ConcourseCI makes more logical sense, but the lack of this concept hasn’t hindered me in any way yet.

This pipeline consists of 4 stages:

1. buildjekyll - Building the Jekyll site
2. builddocker - Building the docker image and pushing it to the container repository
3. restartcontainer - ssh into the docker server, pull and restart the site
4. mail - email the results of the build Each of the stages uses a docker image to run it’s commands. There are a few ways to interact with each image. For some, like the drillster/drone-email image, it’s a fixed output and takes some of the relevent information from WoodpeckerCI enironment variables in the background. One interesting point is there there is no stage to clone the git repo. This is done without specification in the pipeline and the files are made available in the root of the Woodpecker build environment.

Stage 1 - buildjekyll

  buildjekyll:
    image: jekyll/builder
    commands:
      - chown -R jekyll:jekyll .
      - jekyll build

This is a simple stage definition where we specify the builder image and run the jekyll build commands.

Stage 2 - builddocker

  builddocker:
    image: plugins/docker
    settings:
      registry: <CONTAINER_REGISTRY_URL>
      username:
        from_secret: dockerserversshuser      
      password:
        from_secret: giteapass      
      repo: <GITEA_URL>/omaraminme
      tags: latest
      dockerfile: Dockerfile

This stage is a little more complex. We are using one of Woodpecker’s standard plugins (but it’s still a docker image) - plugins/docker. This image allows us to run the docker build commands.

The image has a settings: block where we define the contianer registy that we will be working with when building our image as well as the image specifications such as the tags to assign the image and the location of the Dockerfile to build the image from. There are no commands to execute here because the plugins/docker builds, tags and pushes as default. There are other images that give you more fine grained control. This block uses the from_secret: tag. This pulls credentials from the built in secrets store. It’s a really nice implementation, but it does not allow global secrets, so you have to define all of your credentials for each pipeline.

Stage 3 - restartcontainer

  restartcontainer:
    image: appleboy/drone-ssh
    settings:
      host:
        - <DOCKER_SERVER_HOSTNAME>
      username: 
        from_secret: dockerserversshuser
      password:
        from_secret: dockerserversshpass
      port: 22
      command_timeout: 2m
      script:
        - cd Docker
        - docker compose pull omaraminme
        - docker compose up -d omaraminme

This stage uses a DroneCI container to provide ssh functionality. We also have a settings: block where you define the host, user, password, port and any ssh variables for the ssh connection you want to establish. The script: block defines the commands you want to run over ssh. In this case the docker compose commands to pull and restart the site container.

Stage 4 - mail

  mail:
    image: drillster/drone-email
    settings:
      host: <SMTP_SERVER>
      username:
        from_secret: email  
      password:
        from_secret: emailpass
      from: <EMAIL_ADDRESS>
    when:
      status: [ success, failure ]         

This stage is another drone image that we are using. The settings: block define the email server details and the from: tag specifies who the email is from. The image emails the owner of the repo with the build status in a nicely formatted email. The when: block tells WoodpeckerCI to send the email on success and on failure of the pipeline.