GitOps - Stacks managed by Git #471
Conversation
|
|
||
| let exitCode = await Terminal.exec(server, socket, terminalName, "git", [ "clone", "-b", branch, gitUrl, stackName ], server.stacksDir); | ||
| if (exitCode !== 0) { | ||
| throw new Error("Failed to clone git repo"); |
There was a problem hiding this comment.
Would including the exit code in this error message be helpful?
stderr would be nice, but looks like Terminal.exec only exposes the exit code so I suppose that isn't possible without other changes.
I think this is related to #214, and actually exactly my use case too. If you like I can do that, since I am interested in this too, but I think it should be a separate PR. |
|
awesome proposal! maybe its possible to play with |
|
this looks amazing! just what i've been waiting for. when can it be merged? :) |
|
when to merged? |
|
That looks amazing and it looks like all checks have passed too! When is this beauty going to be merged? |
|
Even if you are eager for this feature, avoid asking when it will be merged as it spams unnecessarily. |
There was a problem hiding this comment.
How would one enter credentials for the git repos if they are not public? I did not find anything in the PR about it. I'm not saying you need to implement credential handling (would be way out of scope, I think). However, maybe you can add some documentation about it to the wiki to make it easier and prevent upcoming issues about it.
| <div class="form-check form-switch my-3"> | ||
| <input id="git-auto-update" v-model="settings.gitAutoUpdate" class="form-check-input" type="checkbox"> | ||
| <label class="form-check-label"> | ||
| {{ $t("enableAutoUpdate") }} |
There was a problem hiding this comment.
Would it make sense to display the current update interval here? So that people know what to expect from "periodical checks". Or maybe you could even offer an option to set a custom interval. Either would improve the user experience. What do you think?
There was a problem hiding this comment.
How would one enter credentials for the git repos if they are not public? I did not find anything in the PR about it. I'm not saying you need to implement credential handling (would be way out of scope, I think). However, maybe you can add some documentation about it to the wiki to make it easier and prevent upcoming issues about it.
Currently, private repositories can be used by including an access-token in the url https://username:[email protected]/username/repo.git. This is not ideal and I would like to improve this. However I dont think it is in the spirit of this project to add credential handling. Possibly we could have dockge generate its own private/public key pair and require the user to add the public key to their github profile. That way the repo could be cloned via ssh and the stacks could still be managed without dockge by any user that is authorized.
Would it make sense to display the current update interval here? So that people know what to expect from "periodical checks". Or maybe you could even offer an option to set a custom interval. Either would improve the user experience. What do you think?
I agree, I would like to add an option to configure the update interval in the settings (next to enabling the periodic checks)
However, this PR was intended as a POC. To this point I am not certain @louislam even wants this functionality in his project so I wont invest any more time in this feature until I get a reaction.
There was a problem hiding this comment.
I appreciate your replies. Both of them absolutely make sense and I agree with them. Like you said, this is a POC - just wanted to make sure you are aware of these two points. 😊
Thanks for the effort and time you put into this! 🥳 Hope that it will be released eventually. :)
There was a problem hiding this comment.
as i had the same question as @mh166, i will document my findings here.
problem
we are using a private gitlab instance with a private docker registry. both have their own token we use for deployments.
our workaround
as @Felioh mentioned, one can put the token into the repo url. but there is another way (which also allows to change tokens later):
git can pull its config from the environment (see docs). git also has a means of filling the credentials from somewhere else (see docs).
we provide these environment variables to the dockge container to enable private repository access
services:
dockge:
environment:
- GITLAB_TOKEN=thisisatoken
- GIT_CONFIG_COUNT=2
- GIT_CONFIG_KEY_0=credential.https://git.example.com.username
- GIT_CONFIG_VALUE_0=dockge_deploy
- GIT_CONFIG_KEY_1=credential.https://git.example.com.helper
- GIT_CONFIG_VALUE_1=!f()·{·test·"$$1"·=·get·&&·echo·"password=$${GITLAB_TOKEN}";·};·flast thing to conquer is the access token to enable use of the private registry.
to do that, we specify a docker config containing the auth to the dockge-container:
services:
dockge:
configs:
- source: docker_json
target: /root/.docker/config.json
configs:
docker_json:
content: |
{
"auths": {
"registry.example.com:5050": {
"auth": "LONGrandomAUTHstring"
}
}
}HINT: you can not just put the access token into the "auth"-field above. instead: use docker login once and put credentials in there. then copy the relevant parts from ~/.docker/config.json.
result
we are now able to use @Felioh's dockge version without having to manually execute commands or configs within a fresh dockge-instance and without opening repos or registries to the public. as an added benefit, we are easily able to change the gitlab token and just recreate our dockge container.
There was a problem hiding this comment.
Thank you for sharing your findings @elgarfo , however, I think I should point out that the 'randomAuthString'
"auth": "LONGrandomAUTHstring"
is not random but rather just username:password base64 encoded. Therefore you should be careful using this.
| create(app: Express, server: DockgeServer): ExpressRouter { | ||
| const router = express.Router(); | ||
|
|
||
| router.get("/webhook/update/:stackname", async (req, res, _next) => { |
There was a problem hiding this comment.
So if i know or find out the stack name I can update it a few hundred times a day, just for fun..? 😉 Usually webhooks are kind of "masked" by using a random string.
|
I'm looking forward to being able to use this :)
|
|
Hi, are there any updates on this? I'm really looking forward to be able to do what's proposed here, without having to deal with something like Portainer, which is a bit overkill for my use case... I can help with testing, if that might help. Thanks! |
|
This was supposed to be kind of a proof of concept and I would like to work further on this. However, before investing any more time, I want to ensure this feature is wanted. |
|
It surely is wanted by me! |
|
Defiantly wanted and highly appreciated if it get merged too. |
https://github.com/louislam/dockge/blob/master/CONTRIBUTING.md
Tick the checkbox if you understand [x]:
Description
This is an initial draft of a GitOps integration, related to #36 . Including:
Since I have not discussed this before, I first would like to know if this is a feature that you (@louislam) would like to see included in this project. If you do, I am happy to apply any wanted changes.
I have some stuff in mind that could be really cool here, but that I would like to discuss before.
In the future allowing for local changes (displaying the editor in the edit view) and adding an option to commit/push could be implemented. (local changes should not be a problem with the way it is implemented right now, and should just be overwritten by any merge-conflicts with the remote).
I have tried to follow conventions, but I have never used ts, js, or vue before so if I can improve anything, please let me know :).
Type of change
Please delete any options that are not relevant.
Checklist
(including JSDoc for methods)
Screenshots (if any)
Please do not use any external image service. Instead, just paste in or drag and drop the image here, and it will be uploaded automatically.
