Something basically working, maybe

CloudronManifest.json

@@ -0,0 +1,25 @@
+{
+  "id": "com.concourse",
+  "title": "Concourse",
+  "description": "Automated CI tool",
+  "tagline": "Deploy it all",
+  "author": "Ian Fijolek <ian@iamthefij.com>",
+  "website": "https://ghost.iamthefij.com/",
+  "version": "0.0.1",
+  "healthCheckPath": "/",
+  "httpPort": 8080,
+  "tcpPorts": {
+    "TSA_PORT": {
+      "title": "TSA Port",
+      "description": "Port for the TSA to run",
+      "defaultValue": 2222
+    }
+  },
+  "addons": {
+    "oauth": {},
+    "postgresql": {},
+    "localstorage": {}
+  },
+  "manifestVersion": 1,
+  "contactEmail": "ian@iamthefij.com"
+}

DESCRIPTION.md

@@ -0,0 +1,4 @@
+Concourse is a simple, scalable CI tool
+
+### Note
+There is marginal manual setup for workers and much of the interface is via a command line tool. As this is a tool intended for developers, they should be comfortable with Unix.

Dockerfile

@@ -0,0 +1,13 @@
+FROM cloudron/base:0.10.0
+
+RUN mkdir -p /app/code
+RUN cd /app/code && wget -O concourse_linux_amd64 https://github.com/concourse/concourse/releases/download/v2.7.3/concourse_linux_amd64
+RUN chmod +x /app/code/concourse_linux_amd64
+
+RUN mkdir -p /run/logs
+COPY supervisor/ /etc/supervisor/conf.d/
+COPY start.sh /app/code/start.sh
+
+RUN mkdir -p /app/data
+
+CMD /app/code/start.sh

POSTINSTALL.md

@@ -0,0 +1,32 @@
+# Postinstall
+
+In order to run builds, you will need to set up a worker somewhere. Since this requires `sudo` and/or Docker running as `privileged`, it cannot be started by Cloudron and requires this manual step. It's easiest to do this with Docker on the same host. Executing the following commands will start up your worker connected to your main Concourse application. 
+
+    tsa_container=$(cloudron list | awk '/com.concourse/{print $1;}')
+    tsa_hostname=$(cloudron exec --app $tsa_container env | grep HOSTNAME | sed s/.*=//)
+    tsa_port=$(cloudron exec --app $tsa_container env | grep TSA_PORT | sed s/.*=//)
+    docker run \
+      --privileged \
+      --network cloudron \
+      --volumes-from $tsa_container \
+      concourse/concourse worker \
+        --tsa-host $tsa_hostname \
+        --tsa-port $tsa_port \
+        --tsa-public-key /app/data/tsa_host_key.pub \
+        --tsa-worker-private-key /app/data/worker_key
+
+If you wish to do this with the binary or on another server, you will need to download your keys to facilitate the connection. This can be done using the following commands:
+
+    cloudron pull /app/data/worker_key
+    cloudron pull /app/data/tsa_host_key.pub
+
+Then run a worker either with the binary, you should be able to execute the following from any server:
+
+    sudo concourse worker \
+      --tsa-host ${APP_URL} \
+      --tsa-port ${TSA_PORT} \
+      --tsa-public-key tsa_host_key.pub \
+      --tsa-worker-private-key worker_key
+
+If you would like to generate new worker keys, you must add them to `/app/data/authorized_worker_keys` in order for the workers to connect.
+    

concourse_worker.sh

@@ -0,0 +1,15 @@
+#! /bin/bash
+
+tsa_container=$(cloudron list | awk '/com.concourse/{print $1;}')
+tsa_hostname=$(cloudron exec --app $tsa_container env | grep HOSTNAME | sed s/.*=//)
+tsa_port=$(cloudron exec --app $tsa_container env | grep TSA_PORT | sed s/.*=//)
+
+sudo docker run --rm \
+	--privileged \
+	--network cloudron \
+	--volumes-from $tsa_container \
+	concourse/concourse worker \
+		--tsa-host $tsa_hostname \
+		--tsa-port $tsa_port \
+		--tsa-public-key /app/data/tsa_host_key.pub \
+		--tsa-worker-private-key /app/data/worker_key

start.sh

@@ -0,0 +1,38 @@
+#! /bin/bash
+set -e
+
+# Chown necessary directories here since these are volumes
+chown -R cloudron:cloudron /app/data /run
+
+if ! [ -f /app/data/.initialized ]; then
+    echo "First time init!"
+
+    ssh-keygen -t rsa -f /app/data/tsa_host_key -N ''
+    ssh-keygen -t rsa -f /app/data/worker_key -N ''
+    ssh-keygen -t rsa -f /app/data/session_signing_key -N ''
+
+    cp /app/data/worker_key.pub /app/data/authorized_worker_keys
+
+    touch /app/data/.initialized
+else
+    echo "Already initialized. Starting" 
+fi
+
+export CONCOURSE_EXTERNAL_URL=$APP_ORIGIN
+export CONCOURSE_POSTGRES_HOST=$POSTGRESQL_HOST
+export CONCOURSE_POSTGRES_PORT=$POSTGRESQL_PORT
+export CONCOURSE_POSTGRES_USER=$POSTGRESQL_USERNAME
+export CONCOURSE_POSTGRES_PASSWORD=$POSTGRESQL_PASSWORD
+export CONCOURSE_POSTGRES_DATABASE=$POSTGRESQL_DATABASE
+export CONCOURSE_GENERIC_OAUTH_DISPLAY_NAME="Cloudron"
+export CONCOURSE_GENERIC_OAUTH_CLIENT_ID=$OAUTH_CLIENT_ID
+export CONCOURSE_GENERIC_OAUTH_CLIENT_SECRET=$OAUTH_CLIENT_SECRET
+export CONCOURSE_GENERIC_OAUTH_AUTH_URL=${API_ORIGIN}/api/v1/oauth/dialog/authorize
+export CONCOURSE_GENERIC_OAUTH_TOKEN_URL=${API_ORIGIN}/api/v1/oauth/token
+export CONCOURSE_TSA_BIND_PORT=$TSA_PORT
+export CONCOURSE_TSA_HOST_KEY=/app/data/tsa_host_key
+export CONCOURSE_TSA_AUTHORIZED_KEYS=/app/data/authorized_worker_keys
+export CONCOURSE_SESSION_SIGNING_KEY=/app/data/session_signing_key
+
+#exec /usr/local/bin/gosu cloudron:cloudron /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon --logfile /run/logs/supervisord.log -i Concourse
+exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon --logfile /run/logs/supervisord.log -i Concourse

supervisor/concourse.conf

@@ -0,0 +1,10 @@
+[program:concourse]
+directory=/app/code/
+command=/app/code/concourse_linux_amd64 web 
+user=cloudron
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0