JankariTech
diff --git a/‎src/assets/woodpeckerCI/images/woodpecker.png‎
37.7 KB b/‎src/assets/woodpeckerCI/images/woodpecker.png‎
37.7 KB
diff --git a/‎src/assets/woodpeckerCI/woodpeckerCI.md‎
Lines changed: 138 additions & 0 deletions b/‎src/assets/woodpeckerCI/woodpeckerCI.md‎
Lines changed: 138 additions & 0 deletions
@@ -0,0 +1,138 @@
+---
+title: Starlark in woodpecker CI
+authorName: Prashant Gurung
+authorAvatar: https://avatars.githubusercontent.com/u/53248463?v=4
+authorLink: https://github.com/prashant-gurung899
+createdAt: July 3, 2025
+tags: CI/CD
+banner: https://raw.githubusercontent.com/JankariTech/blog/woodpecker-ci-starlark/src/assets/woodpeckerCI/images/woodpecker.png
+---
+
+## Background
+Continuous Integration (CI) tools are vital for automating the testing and deployment of modern software. One such open-source tool is Woodpecker CI, a lightweight CI/CD system. Woodpecker CI is an open-source continuous integration and delivery platform that helps developers automate building, testing, and deploying their code. It is a community-driven fork and successor of the popular Drone CI project, sharing many design principles and compatibility with Drone pipelines. Traditionally, Woodpecker pipelines are written in YAML. But with the rise of programmable pipelines, we now have the flexibility to define our CI configuration using Starlark — a Python-like configuration language.
+
+In this blog, I’ll walk you through how I set up Woodpecker CI with a dynamic Starlark-to-YAML conversion service (WCCS), enabling us to write pipelines in .woodpecker.star files. Here's a high-level view of what we'll cover:
+
+- Spinning up a Woodpecker server
+
+- Authenticating with GitHub
+
+- Enabling a repository
+
+- Setting up WCCS (Woodpecker Config Conversion Service)
+
+- Connecting WCCS with the Woodpecker server
+
+By the end, you’ll be able to write CI pipelines in Starlark and dynamically convert them to YAML during runtime.
+
+
+## Setting Up Woodpecker Server
+We started by running the Woodpecker server using Docker. Here's the essential setup:
+
+```yml
+version: '3'
+services:
+  woodpecker-server:
+    image: woodpeckerci/woodpecker-server:latest
+    ports:
+      - 8000:8000
+    environment:
+      - WOODPECKER_OPEN=true
+      - WOODPECKER_HOST=https://<ngrok-or-your-domain>
+      - WOODPECKER_GITHUB=true
+      - WOODPECKER_GITHUB_CLIENT=<client-id>
+      - WOODPECKER_GITHUB_SECRET=<client-secret>
+      - WOODPECKER_AGENT_SECRET=supersecret
+      - WOODPECKER_CONFIG_ENDPOINT=http://wccs:3000/ciconfig
+    volumes:
+      - woodpecker-data:/var/lib/woodpecker
+
+  woodpecker-agent:
+    image: woodpeckerci/woodpecker-agent:latest
+    depends_on:
+      - woodpecker-server
+    environment:
+      - WOODPECKER_SERVER=http://woodpecker-server:8000
+      - WOODPECKER_AGENT_SECRET=supersecret
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+volumes:
+  woodpecker-data:
+```
+
+## Authenticating with GitHub
+
+To connect GitHub with Woodpecker:
+
+1. Register a new OAuth application in your GitHub developer settings.
+
+2. Set the callback URL to https://<your-ngrok-url>/authorize
+
+3. Copy the generated Client ID and Secret.
+
+4. Use these values in the WOODPECKER_GITHUB_CLIENT and WOODPECKER_GITHUB_SECRET env vars.
+
+After that, you can log into the Woodpecker web UI using your GitHub account.
+
+## Enabling a Repository
+From the Woodpecker UI:
+
+- Select your GitHub repo.
+
+- Enable it for CI.
+
+Woodpecker will automatically add the necessary webhooks to the repo.
+
+## Setting Up WCCS-Woodpecker CI Config Service (Starlark Conversion Service)
+The Woodpecker Config Conversion Service (WCCS) is a lightweight web service created and maintained by [Opencloud-eu](https://opencloud.eu/en). It enables Woodpecker CI to convert pipeline definitions written in Starlark into standard YAML on the fly by receiving a signed POST request from Woodpecker.
+You can easily deploy WCCS using their official Docker image available on Docker Hub: [opencloudeu/wccs](https://hub.docker.com/r/opencloudeu/wccs).
+```yml
+wccs:
+  image: opencloudeu/wccs:latest
+  ports:
+    - 3000:3000
+  command: server
+```
+
+## Generating the Public Key
+Every request sent by Woodpecker is signed using a http-signature by a private key (ed25519) generated on the first start of the Woodpecker server. You can get the public key for the verification of the http-signature from:
+```console
+http(s)://your-woodpecker-server/api/signature/public-key
+```
+
+## Connecting WCCS with Woodpecker
+To allow Woodpecker to fetch pipeline configs from WCCS, we added this to the server env:
+```console
+WOODPECKER_CONFIG_ENDPOINT=http://wccs:3000/ciconfig
+```
+Woodpecker now sends a signed JSON payload to WCCS whenever a build is triggered. WCCS verifies the signature using the public key and responds with a YAML pipeline based on your .woodpecker.star file.
+
+## Testing WCCS Manually
+
+To debug or test WCCS manually, we used curl:
+```console
+curl -v -X POST http://<wccs-server>:3000/ciconfig \
+  -H "Content-Type: application/json" \
+  -d '{}'
+```
+
+## Sample Starlark Pipeline
+Here's a simple .woodpecker.star example:
+```console
+def main(ctx):
+    return {
+        "steps": [
+            {
+                "name": "hello",
+                "image": "alpine",
+                "commands": ["echo Hello from Starlark"]
+            }
+        ]
+    }
+```
+This gets converted by WCCS into a valid Woodpecker pipeline YAML.
+
+Now, we can write pipelines in Starlark and let WCCS handle the conversion on the fly. This approach brings flexibility, structure, and the power of logic-based configurations to our CI pipelines.
+
+Want to try it yourself? Check out Woodpecker's config service example and start building smarter pipelines today!