husjon · March 16, 2018 12:37
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
 # Example
 ---
 stages:
  - test
  - build

 run_all_tests:
  stage: test
  script:
    - nose2
 run_specific_test:
  stage: test
  script:
    - nose2 tests.test_SomeClass

 build_all_the_things:
  stage: build
  script:
    - ./build_script.sh
diff --git a/config.toml b/config.toml
 # /srv/gitlab-runner/config/config.toml
 concurrent = 1
 check_interval = 0

 [[runners]]
  name = "runner-name"
  url = "http://<gitlab-server>"
  token = "token"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "<registry>:443/<image>:<tag>"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
diff --git a/prep-client b/prep-client
 # Clients
    # Instruct every Docker daemon to trust that certificate. The way to do this depends on your OS.
    # Copy the domain.crt file to /etc/docker/certs.d/<domain>:443/ca.crt on every Docker host.
    #   You do not need to restart Docker.
diff --git a/prep-server b/prep-server
 # https://docs.docker.com/registry/insecure/#use-self-signed-certificates

 # Server
    $ mkdir -p certs
    $ openssl req \
        -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
        -x509 -days 365 -out certs/domain.crt
        # Make sure CA is identical to domain / hostname of server

    $ docker run -d \
      --restart=always \
      --name registry \
      -v `pwd`/certs:/certs \
      -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
      -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
      -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
      -p 443:443 \
      registry:2
	# Example
	---
	stages:
	- test
	- build

	run_all_tests:
	stage: test
	script:
	- nose2
	run_specific_test:
	stage: test
	script:
	- nose2 tests.test_SomeClass

	build_all_the_things:
	stage: build
	script:
	- ./build_script.sh
	# /srv/gitlab-runner/config/config.toml
	concurrent = 1
	check_interval = 0

	[[runners]]
	name = "runner-name"
	url = "http://<gitlab-server>"
	token = "token"
	executor = "docker"
	[runners.docker]
	tls_verify = false
	image = "<registry>:443/<image>:<tag>"
	privileged = false
	disable_cache = false
	volumes = ["/cache"]
	shm_size = 0
	# Clients
	# Instruct every Docker daemon to trust that certificate. The way to do this depends on your OS.
	# Copy the domain.crt file to /etc/docker/certs.d/<domain>:443/ca.crt on every Docker host.
	# You do not need to restart Docker.
	# https://docs.docker.com/registry/insecure/#use-self-signed-certificates

	# Server
	$ mkdir -p certs
	$ openssl req \
	-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
	-x509 -days 365 -out certs/domain.crt
	# Make sure CA is identical to domain / hostname of server

	$ docker run -d \
	--restart=always \
	--name registry \
	-v `pwd`/certs:/certs \
	-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
	-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
	-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
	-p 443:443 \
	registry:2