stack/.drone.star

def fromSecret(name):
  return {
    "from_secret": name
  }
def environment(env):
  return dict(
    [(x.replace("-", "_").upper(), fromSecret(x)) for x in env]
  )
def map(fn, l):
  return [fn(x) for x in l]
def secretToEnvironment(secret):
  return secret.replace("-", "_").upper()
def echo(secret):
  return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format(
      secret = secret,
      environment = secret.replace("-", "_").upper(),
    )
def echoSecret(secret):
  return 'echo "export {environment}=???" >> ***filename*** # {secret}'.format(
      secret = secret,
      environment = secret.replace("-", "_").upper()
    )

def export(secret):
  return "export {toCaps}=${toCaps}".format(
    toCaps = secretToEnvironment(secret),
  )
def printSecrets(filename, env, secretEnv): 
  
  return {
    "name": "print secrets",
    "image": "appleboy/drone-ssh",
    "environment": environment(env),
    "settings": {
      "envs": [x.replace("-", "_") for x in env ],
      "host": fromSecret("ssh-host"),
      "port": fromSecret("ssh-port"),
      "username": fromSecret("ssh-user"),
      "password": fromSecret("ssh-password"),
      "script": [x.replace("***filename***", filename) for x in [
        "rm -f env-stack",
      ] + map(echo, env) 
      + map(echoSecret, secretEnv)]
    }
  }
def wait(delay, name): 
  return {
    "name": name,
    "image": "alpine",
    "commands": [
      "sleep {delay}".format(delay = delay),
    ],
  }
def build(name):
  return {
    "name": "build-{name}".format(name=name),
    "image": "docker:dind",
    "volumes": [
      {
        "name": "dockersock",
        "path": "/var/run",
      },
    ],
    "environment": environment([
      "local-docker-registry",
    ]),
    "commands": [
      "cd {name}".format(name=name),
      "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
      "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
    ],
  }
def buildHome():
  return {
    "name": "build-nginx-home",
    "image": "docker:dind",
    "volumes": [
      {
        "name": "dockersock",
        "path": "/var/run",
      },
    ],
    "environment": environment([
      "local-docker-registry",
    ]),
    "commands": [
      "cd letsencrypt-nginx",
      "sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}".format(),
    ],
  }

def buildNginx(name):
  return {
    "name": "build-nginx-{name}".format(name=name),
    "image": "docker:dind",
    "volumes": [
      {
        "name": "dockersock",
        "path": "/var/run",
      },
    ],
    "environment": environment([
      "local-docker-registry",
    ]),
    "commands": [
      "cd letsencrypt-nginx",
      "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
    ],
  }

def scp(target):
  return {
    "name": "scp files",
    "image": "appleboy/drone-scp",
    "settings": {
      "host": {
        "from_secret": "ssh-host",
      },
      "username": {
        "from_secret": "ssh-user",
      },
      "password": {
        "from_secret": "ssh-password",
      },
      "port": {
        "from_secret": "ssh-port",
      },
      "command_timeout": "2m",
      "target": target,
      "source": [
        ".",
      ],
    },
  }
def deploy(
  filename,
  folder,
): 
  secrets = [
    "drone-rpc-secret",
    "drone-gitea-client-id",
    "drone-gitea-client-secret",
    "drone-gitea-server",
    "drone-convert-secret",
    "ssh-user",
    "local-docker-registry",
    "certbot-email",
    "git-domain",
    "drone-domain",
    "chat-domain",
    "remote-domain",
    "blog-domain",
  ]
  return {
    "name": "deploy",
    "image": "appleboy/drone-ssh",
    "environment": environment(secrets),
    "settings": {
      "envs": [x.replace("-", "_") for x in secrets ],
      "host": fromSecret("ssh-host"),
      "port": fromSecret("ssh-port"),
      "username": fromSecret("ssh-root-user"),
      "password": fromSecret("ssh-root-password"),
      "script": [
        "set -e"
      ] + map(export, secrets) + [
        "echo {folder}".format(folder=folder),
        "cd {folder}".format(folder=folder),
        "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-git",
        "docker pull $${LOCAL_DOCKER_REGISTRY}nginx-home1",
        "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-chat",
        "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-remote",
        "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-blog",
        "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-drone",
        "docker network prune -f",
        "cd {folder}".format(folder=folder),
        "docker stack rm gitea",
        "sleep 60",
        "docker stack deploy -c {filename} gitea".format(filename = filename),
      ]
    }
  }
def pipeline(name, steps, dependsOn):
  return {
    "kind": "pipeline",
    "name": name,
    "depends_on": dependsOn,
    "steps": [
      printSecrets(
        "env-stack",
        [
          "blog-domain",
          "certbot-email",
          "chat-domain",
          "drone-domain",
          "drone-gitea-client-id",
          "drone-gitea-server",
          "git-domain",
          "local-docker-registry",
          "remote-domain",
          "ssh-user",
        ],
        [
          "drone-convert-secret",
          "drone-gitea-client-secret",
          "drone-rpc-secret",
        ],
      ),
      wait(15, "wait"),
    ] + steps,
    "services": [
      {
        "name": "docker",
        "image": "docker:dind",
        "privileged": True,
        "volumes": [
          {
            "name": "dockersock",
            "path": "/var/run",
          },
          {
            "name": "ca",
            "path": "/etc/docker/certs.d",
          },
        ],
      }
    ],
    "volumes": [
      {
        "name": "dockersock",
        "temp": {},
      },
      {
        "name": "ca",
        "host": {
          "path": "/home/giles/gitea-drone-stack/.ca",
        },
      },
    ],
  }

def main(ctx):
  if ctx.build.branch == 'home-deploy':
    return [
      pipeline(
        'home-deploy',
        [
          #build("guacamole-postgresql"),
          #build("ngrok-gitea"),
          #build("letsencrypt-nginx"),
          #buildHome(),
          build("drone-starlark"),
          #buildNginx("blog"),
          #buildNginx("drone"),
          #buildNginx("git"),
          #buildNginx("remote"),
          #buildNginx("chat"),
          scp("/home/giles/gitea-drone-stack"),
          deploy(
            "docker-compose-home.yml",
            "/home/giles/gitea-drone-stack",
          ),
        ],
        [],
      ),
    ]
  if ctx.build.branch == 'do':
    return [
      pipeline(
        'do-deploy',
        [
          build("guacamole-postgresql"),
          build("letsencrypt-nginx"),
          buildHome(),
          buildNginx("blog"),
          buildNginx("drone"),
          buildNginx("git"),
          buildNginx("remote"),
          buildNginx("chat"),
          scp("~/stack-deploy"),
          #deploy("docker-compose-do.yml", "~/stack-deploy"),
        ],
        [],
      ),
    ]
. 2020-04-24 10:29:25 +00:00			`def fromSecret(name):`
			`return {`
			`"from_secret": name`
. 2020-04-26 11:43:26 +00:00			`}`
. 2020-04-24 11:53:10 +00:00			`def environment(env):`
. 2020-04-24 11:52:21 +00:00			`return dict(`
			`[(x.replace("-", "_").upper(), fromSecret(x)) for x in env]`
			`)`
. 2020-04-24 13:37:38 +00:00			`def map(fn, l):`
. 2020-04-24 13:41:26 +00:00			`return [fn(x) for x in l]`
. 2020-04-26 08:29:18 +00:00			`def secretToEnvironment(secret):`
			`return secret.replace("-", "_").upper()`
. 2020-04-26 09:50:46 +00:00			`def echo(secret):`
. 2020-04-26 10:11:20 +00:00			`return 'echo "export {environment}=${environment}" >> *filename* # {secret}'.format(`
. 2020-04-26 09:50:46 +00:00			`secret = secret,`
			`environment = secret.replace("-", "_").upper(),`
			`)`
. 2020-04-26 08:54:48 +00:00			`def echoSecret(secret):`
. 2020-04-26 10:11:20 +00:00			`return 'echo "export {environment}=???" >> *filename* # {secret}'.format(`
. 2020-04-26 08:29:18 +00:00			`secret = secret,`
			`environment = secret.replace("-", "_").upper()`
			`)`
. 2020-04-26 08:54:48 +00:00
. 2020-04-25 21:24:24 +00:00			`def export(secret):`
. 2020-04-26 08:29:18 +00:00			`return "export {toCaps}=${toCaps}".format(`
			`toCaps = secretToEnvironment(secret),`
			`)`
. 2020-04-26 08:54:48 +00:00			`def printSecrets(filename, env, secretEnv):`
. 2020-04-24 13:30:51 +00:00
. 2020-04-24 10:29:25 +00:00			`return {`
. 2020-04-24 11:56:35 +00:00			`"name": "print secrets",`
. 2020-04-24 10:29:25 +00:00			`"image": "appleboy/drone-ssh",`
. 2020-04-24 11:50:26 +00:00			`"environment": environment(env),`
. 2020-04-24 10:29:25 +00:00			`"settings": {`
. 2020-04-25 21:24:24 +00:00			`"envs": [x.replace("-", "_") for x in env ],`
. 2020-04-24 10:29:25 +00:00			`"host": fromSecret("ssh-host"),`
			`"port": fromSecret("ssh-port"),`
			`"username": fromSecret("ssh-user"),`
			`"password": fromSecret("ssh-password"),`
. 2020-04-26 10:11:20 +00:00			`"script": [x.replace("*filename*", filename) for x in [`
. 2020-04-25 21:53:07 +00:00			`"rm -f env-stack",`
. 2020-04-26 10:01:23 +00:00			`] + map(echo, env)`
			`+ map(echoSecret, secretEnv)]`
. 2020-04-24 10:29:25 +00:00			`}`
			`}`
. 2020-04-25 18:57:07 +00:00			`def wait(delay, name):`
			`return {`
. 2020-04-25 18:59:22 +00:00			`"name": name,`
. 2020-04-25 18:57:07 +00:00			`"image": "alpine",`
. 2020-04-25 19:42:47 +00:00			`"commands": [`
			`"sleep {delay}".format(delay = delay),`
			`],`
. 2020-04-25 18:57:07 +00:00			`}`
. 2020-04-25 20:14:33 +00:00			`def build(name):`
. 2020-04-24 10:07:57 +00:00			`return {`
. 2020-04-25 20:44:43 +00:00			`"name": "build-{name}".format(name=name),`
			`"image": "docker:dind",`
			`"volumes": [`
			`{`
			`"name": "dockersock",`
			`"path": "/var/run",`
			`},`
			`],`
			`"environment": environment([`
			`"local-docker-registry",`
			`]),`
			`"commands": [`
			`"cd {name}".format(name=name),`
			`"docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),`
			`"docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),`
			`],`
			`}`
. 2020-04-25 20:49:57 +00:00			`def buildHome():`
			`return {`
			`"name": "build-nginx-home",`
			`"image": "docker:dind",`
			`"volumes": [`
			`{`
			`"name": "dockersock",`
			`"path": "/var/run",`
			`},`
			`],`
			`"environment": environment([`
			`"local-docker-registry",`
			`]),`
			`"commands": [`
. 2020-04-25 21:24:24 +00:00			`"cd letsencrypt-nginx",`
. 2020-04-25 21:37:21 +00:00			`"sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}".format(),`
. 2020-04-25 20:49:57 +00:00			`],`
			`}`

. 2020-04-25 20:44:43 +00:00			`def buildNginx(name):`
			`return {`
			`"name": "build-nginx-{name}".format(name=name),`
			`"image": "docker:dind",`
			`"volumes": [`
			`{`
			`"name": "dockersock",`
			`"path": "/var/run",`
			`},`
			`],`
			`"environment": environment([`
			`"local-docker-registry",`
			`]),`
			`"commands": [`
. 2020-04-25 21:34:03 +00:00			`"cd letsencrypt-nginx",`
. 2020-04-25 20:46:58 +00:00			`"sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),`
. 2020-04-25 20:44:43 +00:00			`],`
			`}`

. 2020-04-25 20:59:14 +00:00			`def scp(target):`
			`return {`
			`"name": "scp files",`
			`"image": "appleboy/drone-scp",`
			`"settings": {`
			`"host": {`
			`"from_secret": "ssh-host",`
			`},`
			`"username": {`
			`"from_secret": "ssh-user",`
			`},`
			`"password": {`
			`"from_secret": "ssh-password",`
			`},`
			`"port": {`
			`"from_secret": "ssh-port",`
			`},`
. 2020-04-25 21:40:32 +00:00			`"command_timeout": "2m",`
			`"target": target,`
			`"source": [`
			`".",`
			`],`
. 2020-04-25 20:59:14 +00:00			`},`
			`}`
. 2020-04-26 10:52:28 +00:00			`def deploy(`
			`filename,`
			`folder,`
			`):`
. 2020-04-25 21:24:24 +00:00			`secrets = [`
			`"drone-rpc-secret",`
			`"drone-gitea-client-id",`
			`"drone-gitea-client-secret",`
			`"drone-gitea-server",`
			`"drone-convert-secret",`
			`"ssh-user",`
			`"local-docker-registry",`
			`"certbot-email",`
			`"git-domain",`
			`"drone-domain",`
			`"chat-domain",`
			`"remote-domain",`
			`"blog-domain",`
			`]`
			`return {`
			`"name": "deploy",`
			`"image": "appleboy/drone-ssh",`
			`"environment": environment(secrets),`
			`"settings": {`
			`"envs": [x.replace("-", "_") for x in secrets ],`
			`"host": fromSecret("ssh-host"),`
			`"port": fromSecret("ssh-port"),`
			`"username": fromSecret("ssh-root-user"),`
			`"password": fromSecret("ssh-root-password"),`
			`"script": [`
			`"set -e"`
			`] + map(export, secrets) + [`
. 2020-04-26 10:56:24 +00:00			`"echo {folder}".format(folder=folder),`
			`"cd {folder}".format(folder=folder),`
. 2020-04-25 21:42:26 +00:00			`"docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-git",`
			`"docker pull $${LOCAL_DOCKER_REGISTRY}nginx-home1",`
			`"docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-chat",`
			`"docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-remote",`
			`"docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-blog",`
			`"docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-drone",`
. 2020-04-25 21:24:24 +00:00			`"docker network prune -f",`
. 2020-04-26 10:52:28 +00:00			`"cd {folder}".format(folder=folder),`
. 2020-04-25 21:57:48 +00:00			`"docker stack rm gitea",`
. 2020-04-25 21:24:24 +00:00			`"sleep 60",`
. 2020-04-26 10:52:28 +00:00			`"docker stack deploy -c {filename} gitea".format(filename = filename),`
. 2020-04-25 21:24:24 +00:00			`]`
			`}`
			`}`
. 2020-04-26 10:39:42 +00:00			`def pipeline(name, steps, dependsOn):`
. 2020-04-25 20:14:33 +00:00			`return {`
			`"kind": "pipeline",`
			`"name": name,`
			`"depends_on": dependsOn,`
			`"steps": [`
. 2020-04-26 08:54:48 +00:00			`printSecrets(`
			`"env-stack",`
			`[`
. 2020-04-26 09:01:39 +00:00			`"blog-domain",`
. 2020-04-26 08:54:48 +00:00			`"certbot-email",`
			`"chat-domain",`
			`"drone-domain",`
			`"drone-gitea-client-id",`
			`"drone-gitea-server",`
			`"git-domain",`
			`"local-docker-registry",`
			`"remote-domain",`
			`"ssh-user",`
			`],`
			`[`
			`"drone-convert-secret",`
			`"drone-gitea-client-secret",`
			`"drone-rpc-secret",`
			`],`
			`),`
. 2020-04-25 21:57:48 +00:00			`wait(15, "wait"),`
. 2020-04-26 10:39:42 +00:00			`] + steps,`
. 2020-04-25 20:07:36 +00:00			`"services": [`
			`{`
			`"name": "docker",`
			`"image": "docker:dind",`
			`"privileged": True,`
			`"volumes": [`
			`{`
			`"name": "dockersock",`
			`"path": "/var/run",`
			`},`
			`{`
			`"name": "ca",`
			`"path": "/etc/docker/certs.d",`
			`},`
			`],`
			`}`
			`],`
			`"volumes": [`
			`{`
			`"name": "dockersock",`
			`"temp": {},`
			`},`
			`{`
			`"name": "ca",`
			`"host": {`
			`"path": "/home/giles/gitea-drone-stack/.ca",`
			`},`
			`},`
			`],`
. 2020-04-24 10:07:57 +00:00			`}`
star 2020-04-24 06:58:20 +00:00
star 2020-04-24 06:32:20 +00:00			`def main(ctx):`
. 2020-04-26 08:22:49 +00:00			`if ctx.build.branch == 'home-deploy':`
. 2020-04-26 08:19:22 +00:00			`return [`
. 2020-04-26 10:39:42 +00:00			`pipeline(`
. 2020-04-26 10:52:28 +00:00			`'home-deploy',`
			`[`
			`#build("guacamole-postgresql"),`
			`#build("ngrok-gitea"),`
			`#build("letsencrypt-nginx"),`
			`#buildHome(),`
. 2020-04-26 11:43:26 +00:00			`build("drone-starlark"),`
. 2020-04-26 10:52:28 +00:00			`#buildNginx("blog"),`
			`#buildNginx("drone"),`
			`#buildNginx("git"),`
			`#buildNginx("remote"),`
			`#buildNginx("chat"),`
. 2020-04-26 10:58:36 +00:00			`scp("/home/giles/gitea-drone-stack"),`
. 2020-04-26 10:52:28 +00:00			`deploy(`
			`"docker-compose-home.yml",`
. 2020-04-26 10:58:36 +00:00			`"/home/giles/gitea-drone-stack",`
. 2020-04-26 10:52:28 +00:00			`),`
			`],`
			`[],`
			`),`
			`]`
			`if ctx.build.branch == 'do':`
			`return [`
			`pipeline(`
			`'do-deploy',`
. 2020-04-26 10:39:42 +00:00			`[`
			`build("guacamole-postgresql"),`
			`build("letsencrypt-nginx"),`
			`buildHome(),`
			`buildNginx("blog"),`
			`buildNginx("drone"),`
			`buildNginx("git"),`
			`buildNginx("remote"),`
			`buildNginx("chat"),`
. 2020-04-26 10:52:28 +00:00			`scp("~/stack-deploy"),`
			`#deploy("docker-compose-do.yml", "~/stack-deploy"),`
. 2020-04-26 10:39:42 +00:00			`],`
			`[],`
			`),`
. 2020-04-26 08:19:22 +00:00			`]`
. 2020-04-24 09:56:09 +00:00