Alright so now that I finally got done with part one of this blog post, here is part 2!
By now you should have Cloudflare Argo tunnel and Gitlab runner running.
$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 31f46243cbe9 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... 8 days ago Up About an hour ago gitlab-runner $ systemctl --user status cloudflared Loaded: loaded (/home/leon/.config/systemd/user/cloudflared.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-10-10 14:51:26 IST; 1h 8min ago For Gitlab CI/CD to work you need to add a .gitlab-ci.yml, in the root folder of your project This is like the main ingredient.
This is what my .gitlab-ci.yml looks like.
stages: - publish - deploy variables: TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA # Begin building the image publish: image: quay.io/podman/stable:latest stage: publish tags: - publish script: - podman build -t $TAG_COMMIT -t $TAG_LATEST . - podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - podman push $TAG_COMMIT - podman push $TAG_LATEST # Deployment deploy: image: alpine:latest stage: deploy tags: - deployment before_script: - apk update && apk add openssh-client - mkdir -p ~/.ssh - chmod 700 ~/.ssh - eval $(ssh-agent -s) - echo "${PK_KEY}" |tr -d '\r' | ssh-add - - ssh-keyscan $SERVER_IP script: - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman container rm -f $WEB_NAME || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "podman run -d -p 8080:80 --name $WEB_NAME $TAG_COMMIT" environment: name: production url: https://portfolio.afro-coder.com/ # Run only on the main branch only: - main Now let us dive into some of the important variables here, these need to be defined in your Gitlab Repository(Individual repository) => Settings => CI/CD => Variables.
Make sure you mask the important and sensitive variables, and protect them so that they do not show up in your logs,
your username also needs to be longer than 4 chars to mask it and also meet their RegEx criteria
- $SERVER_USER - SSH login for the user.
- $SERVER_IP - The VM where you would run these containers
- $WEB_NAME - Container name you would like to keep
- $PK_KEY - Private key used to SSH to the server. You can use
ssh-keygento create a key and add the public key to your.ssh/authorized_keysfile
Further documentation on the Gitlab Variables can be found here
Now go ahead and commit this file to your repository.
git add .gitlab-ci.yml git commit -s -m "Added Gitlab CI" git push -u If your gitlab CI/CD doesn't run after pushing it to the main branch re-check the branch name
and the tags you've given your runner, they should match the one in the .gitlab-ci.yml file
If your build goes successfully, you should see the following.
After the pipeline builds the container should be running on the host
$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 31646243cbe9 docker.io/gitlab/gitlab-runner:alpine run --user=gitlab... 8 days ago Up 16 minutes ago gitlab-runner-priv 4930b205caa1 registry.gitlab.com/leon9923/new-portfolio/main:c2054av4 httpd-foreground 15 minutes ago Up 15 minutes ago 0.0.0.0:8080->80/tcp portfolio.afro-coder.com And thats it, you now have a self-hosted rootless(But still insecure if not protected correctly.) gitlab CI/CD with podman and Argo Tunnels and it works!
My next goal would be to create a custom executor for gitlab that uses podman without the docker interface altogether, thank you for reading!
Top comments (0)