Update Docker Registry URLs to HTTPS endpoint (registry.michaelschiemer.de)

- Replace git.michaelschiemer.de:5000 (HTTP) with registry.michaelschiemer.de (HTTPS) - Update all Ansible playbooks and configuration files - Update CI/CD workflows to use HTTPS registry endpoint - Update Docker Compose files with new registry URL - Update documentation and scripts Benefits: - Secure HTTPS connection (no insecure registry config needed) - Consistent use of HTTPS endpoint via Traefik - Better security practices for production deployment
2025-10-31 14:35:39 +01:00
parent 82fb65eb00
commit c087d372c2
24 changed files with 1341 additions and 217 deletions
--- a/deployment/ansible/playbooks/deploy-update.yml
+++ b/deployment/ansible/playbooks/deploy-update.yml
@@ -9,7 +9,7 @@
    image_tag: "{{ image_tag | default('latest') }}"
    git_commit_sha: "{{ git_commit_sha | default('unknown') }}"
    deployment_timestamp: "{{ deployment_timestamp | default(ansible_date_time.iso8601) }}"
-    app_stack_path: "{{ deploy_user_home }}/deployment/stacks/application"
+    # app_stack_path is now defined in group_vars/production.yml

  pre_tasks:
    - name: Optionally load registry credentials from encrypted vault
@@ -126,8 +126,8 @@
    - name: Update docker-compose.yml with new image tag (all services)
      replace:
        path: "{{ app_stack_path }}/docker-compose.yml"
-        # Match both localhost:5000 and git.michaelschiemer.de:5000 (or any registry URL)
-        regexp: '^(\s+image:\s+)(localhost:5000|git\.michaelschiemer\.de:5000|{{ docker_registry }})/{{ app_name }}:.*$'
+        # Match both localhost:5000 and registry.michaelschiemer.de (or any registry URL)
+        regexp: '^(\s+image:\s+)(localhost:5000|registry\.michaelschiemer\.de|{{ docker_registry }})/{{ app_name }}:.*$'
        replace: '\1{{ app_image }}:{{ image_tag }}'
      # Always update to ensure localhost:5000 is used (registry only accessible via localhost)
      when: true
--- a/deployment/ansible/playbooks/setup-gitea-runner-ci.yml
+++ b/deployment/ansible/playbooks/setup-gitea-runner-ci.yml
@@ -0,0 +1,156 @@
+---
+# Ansible Playbook: Setup Gitea Runner CI Image and Configuration
+# Purpose: Build CI Docker image, configure runner labels, and update runner registration
+# Usage: 
+#   Local: ansible-playbook -i inventory/local.yml playbooks/setup-gitea-runner-ci.yml
+#   Or: ansible-playbook -i localhost, -c local playbooks/setup-gitea-runner-ci.yml
+
+- name: Setup Gitea Runner CI Image
+  hosts: localhost
+  connection: local
+  vars:
+    project_root: "{{ lookup('env', 'PWD') | default(playbook_dir + '/../..', true) }}"
+    ci_image_name: "php-ci:latest"
+    ci_image_registry: "{{ ci_registry | default('registry.michaelschiemer.de') }}"
+    ci_image_registry_path: "{{ ci_registry }}/ci/php-ci:latest"
+    gitea_runner_dir: "{{ project_root }}/deployment/gitea-runner"
+    docker_dind_container: "gitea-runner-dind"
+    push_to_registry: false  # Set to true to push to registry after build
+
+  tasks:
+    - name: Verify project root exists
+      stat:
+        path: "{{ project_root }}"
+      register: project_root_stat
+
+    - name: Fail if project root not found
+      fail:
+        msg: "Project root not found at {{ project_root }}. Set project_root variable or run from project root."
+      when: not project_root_stat.stat.exists
+
+    - name: Check if CI Dockerfile exists
+      stat:
+        path: "{{ project_root }}/docker/ci/Dockerfile"
+      register: dockerfile_stat
+
+    - name: Fail if Dockerfile not found
+      fail:
+        msg: "CI Dockerfile not found at {{ project_root }}/docker/ci/Dockerfile"
+      when: not dockerfile_stat.stat.exists
+
+    - name: Check if docker-dind container is running
+      docker_container_info:
+        name: "{{ docker_dind_container }}"
+      register: dind_container_info
+      ignore_errors: yes
+
+    - name: Fail if docker-dind not running
+      fail:
+        msg: "docker-dind container '{{ docker_dind_container }}' is not running. Start it with: cd {{ gitea_runner_dir }} && docker-compose up -d docker-dind"
+      when: dind_container_info.exists is not defined or not dind_container_info.exists
+
+    - name: Build CI Docker image
+      community.docker.docker_image:
+        name: "{{ ci_image_name }}"
+        source: build
+        build:
+          path: "{{ project_root }}"
+          dockerfile: docker/ci/Dockerfile
+          platform: linux/amd64
+        tag: "latest"
+        force_source: "{{ force_rebuild | default(false) }}"
+      register: build_result
+
+    - name: Display build result
+      debug:
+        msg: "✅ CI Docker image built successfully: {{ ci_image_name }}"
+      when: build_result.changed or not build_result.failed
+
+    - name: Tag image for registry
+      community.docker.docker_image:
+        name: "{{ ci_image_registry_path }}"
+        source: "{{ ci_image_name }}"
+        force_source: true
+      when: push_to_registry | bool
+
+    - name: Load image into docker-dind
+      shell: |
+        docker save {{ ci_image_name }} | docker exec -i {{ docker_dind_container }} docker load
+      register: load_result
+      changed_when: "'Loaded image' in load_result.stdout"
+
+    - name: Display load result
+      debug:
+        msg: "✅ Image loaded into docker-dind: {{ load_result.stdout_lines | last }}"
+      when: load_result.changed
+
+    - name: Check if .env file exists
+      stat:
+        path: "{{ gitea_runner_dir }}/.env"
+      register: env_file_stat
+
+    - name: Copy .env.example to .env if not exists
+      copy:
+        src: "{{ gitea_runner_dir }}/.env.example"
+        dest: "{{ gitea_runner_dir }}/.env"
+        mode: '0644'
+      when: not env_file_stat.stat.exists
+
+    - name: Read current .env file
+      slurp:
+        src: "{{ gitea_runner_dir }}/.env"
+      register: env_file_content
+      when: env_file_stat.stat.exists
+
+    - name: Check if php-ci label already exists
+      set_fact:
+        php_ci_label_exists: "{{ 'php-ci:docker://' + ci_image_name in env_file_content.content | b64decode | default('') }}"
+      when: env_file_stat.stat.exists
+
+    - name: Update GITEA_RUNNER_LABELS to include php-ci
+      lineinfile:
+        path: "{{ gitea_runner_dir }}/.env"
+        regexp: '^GITEA_RUNNER_LABELS=(.*)$'
+        line: 'GITEA_RUNNER_LABELS=\1,php-ci:docker://{{ ci_image_name }}'
+        backrefs: yes
+      when: 
+        - env_file_stat.stat.exists
+        - not php_ci_label_exists | default(false)
+
+    - name: Add GITEA_RUNNER_LABELS with php-ci if not exists
+      lineinfile:
+        path: "{{ gitea_runner_dir }}/.env"
+        line: 'GITEA_RUNNER_LABELS=php-ci:docker://{{ ci_image_name }}'
+        insertafter: '^# Runner Labels'
+      when: 
+        - env_file_stat.stat.exists
+        - "'GITEA_RUNNER_LABELS' not in (env_file_content.content | b64decode | default(''))"
+
+    - name: Display setup summary
+      debug:
+        msg: |
+          ✅ Gitea Runner CI Setup Complete!
+          
+          Image: {{ ci_image_name }}
+          Loaded into: {{ docker_dind_container }}
+          
+          Next steps:
+          1. Verify .env file at {{ gitea_runner_dir }}/.env has php-ci label
+          2. Re-register runner:
+             cd {{ gitea_runner_dir }}
+             ./unregister.sh
+             ./register.sh
+          
+          3. Verify runner in Gitea UI shows php-ci label
+
+    - name: Display push to registry instructions
+      debug:
+        msg: |
+          📤 To push image to registry:
+          
+          docker login {{ ci_image_registry }}
+          docker push {{ ci_image_registry_path }}
+          
+          Then update .env:
+          GITEA_RUNNER_LABELS=...,php-ci:docker://{{ ci_image_registry_path }}
+      when: not push_to_registry | bool