diff --git a/.drone.do.yml b/.drone.do.yml index 33a1ea4..cb1fdc7 100644 --- a/.drone.do.yml +++ b/.drone.do.yml @@ -49,6 +49,26 @@ steps: - echo LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY >> env - echo CERTBOT_EMAIL=$CERTBOT_EMAIL >> env - echo GIT_DOMAIN=$GIT_DOMAIN >> env +- name: clear + when: + branch: + - do + image: appleboy/drone-ssh + settings: + host: + from_secret: ssh-host + username: + from_secret: ssh-user + password: + from_secret: ssh-password + #key: + # from_secret: ssh-key + #passphrase: + # from_secret: ssh-passphrase + port: + from_secret: ssh-port + script: + - rm -r -f /home/giles/stack-deploy - name: wait when: branch: @@ -104,25 +124,22 @@ steps: - cd guacamole-postgresql - docker build . -t $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql - docker push $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql - -- name: clear +- name: build-drone-starlark when: branch: - do - image: appleboy/drone-ssh - settings: - host: - from_secret: ssh-host - username: - from_secret: ssh-user - key: - from_secret: ssh-key - passphrase: - from_secret: ssh-passphrase - port: - from_secret: ssh-port - script: - - rm -r -f ~/stack-deploy + image: docker:dind + volumes: + - name: dockersock + path: /var/run + environment: + LOCAL_DOCKER_REGISTRY: + from_secret: local-docker-registry + commands: + - cd drone-starlark + - docker build . -t $${LOCAL_DOCKER_REGISTRY}drone-starlark + - docker push $${LOCAL_DOCKER_REGISTRY}drone-starlark + - name: scp files when: branch: @@ -133,6 +150,8 @@ steps: from_secret: ssh-host username: from_secret: ssh-user + #password: + # from_secret: ssh-password key: from_secret: ssh-key passphrase: @@ -140,7 +159,7 @@ steps: port: from_secret: ssh-port command_timeout: 2m - target: ~/stack-deploy + target: /home/giles/stack-deploy source: - . - name: deploy @@ -155,6 +174,8 @@ steps: from_secret: drone-gitea-client-id DRONE_GITEA_CLIENT_SECRET: from_secret: drone-gitea-client-secret + DRONE_CONVERT_SECRET: + from_secret: drone-convert-secret LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry SSH_USER: @@ -174,6 +195,7 @@ steps: - drone_rpc_secret - drone_gitea_client_id - drone_gitea_client_secret + - drone_convert_secret - ssh_user - local_docker_registry - certbot_email @@ -185,10 +207,12 @@ steps: from_secret: ssh-host username: from_secret: ssh-user - key: - from_secret: ssh-key - passphrase: - from_secret: ssh-passphrase + password: + from_secret: ssh-password + #key: + # from_secret: ssh-key + #passphrase: + # from_secret: ssh-passphrase port: from_secret: ssh-port script: @@ -203,10 +227,12 @@ steps: - export GUACAMOLE_POSTGRES_USER=$GUACAMOLE_POSTGRES_USER - export GUACAMOLE_POSTGRES_DB=$GUACAMOLE_POSTGRES_DB - export GUACAMOLE_POSTGRES_PASSWORD=$GUACAMOLE_POSTGRES_PASSWORD + - export DRONE_CONVERT_SECRET=$DRONE_CONVERT_SECRET - docker network prune -f - cd ~/stack-deploy - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-do - docker pull $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql + - docker pull $${LOCAL_DOCKER_REGISTRY}drone-starlark - docker stack rm gitea - sleep 60 - docker stack deploy -c docker-compose-do.yml gitea diff --git a/.drone.home.yml b/.drone.home.yml index c4b9158..740a102 100644 --- a/.drone.home.yml +++ b/.drone.home.yml @@ -49,17 +49,13 @@ steps: when: branch: - home-deploy - image: docker:dind - volumes: - - name: dockersock - path: /var/run - + image: alpine commands: - - sleep 60 + - sleep 15 - name: build-postgres when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -74,7 +70,7 @@ steps: - name: build-ngrok when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -83,13 +79,13 @@ steps: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - - cd ngrok2 + - cd ngrok-gitea - docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - name: build-letsencrypt-nginx when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -104,7 +100,7 @@ steps: - name: build-nginx-home when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -118,7 +114,7 @@ steps: - name: build-letsencrypt-blog when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -132,7 +128,7 @@ steps: - name: build-letsencrypt-drone when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -146,7 +142,7 @@ steps: - name: build-letsencrypt-git when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -160,7 +156,7 @@ steps: - name: build-letsencrypt-remote when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock @@ -174,7 +170,7 @@ steps: - name: build-letsencrypt-chat when: branch: - - home-deploy + - home-deploy-skip image: docker:dind volumes: - name: dockersock diff --git a/.drone.m.yml b/.drone.m.yml deleted file mode 100644 index e8928f4..0000000 --- a/.drone.m.yml +++ /dev/null @@ -1,238 +0,0 @@ ---- - -kind: pipeline -type: docker -name: default -when: - branch: - - remote - -clone: - # skip_verify: true - -steps: -steps: -- name: test-ssh - when: - branch: - - remote - image: appleboy/drone-ssh - environment: - DRONE_RPC_SECRET: - from_secret: drone-rpc-secret - DRONE_GITEA_CLIENT_ID: - from_secret: drone-gitea-client-id - DRONE_GITEA_CLIENT_SECRET: - from_secret: drone-gitea-client-secret - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - SSH_USER: - from_secret: ssh-user - CERTBOT_EMAIL: - from_secret: certbot-email - GIT_DOMAIN: - from_secret: git-domain - DRONE_DOMAIN: - from_secret: drone-domain - REMOTE_DOMAIN: - from_secret: remote-domain - settings: - envs: - - drone_rpc_secret - - drone_gitea_client_id - - drone_gitea_client_secret - - ssh_user - - local_docker_registry - - certbot_email - - git_domain - - drone_domain - - remote_domain - host: - from_secret: ssh-host - username: - from_secret: ssh-root-user - password: - from_secret: ssh-root-password - port: - from_secret: ssh-port - script: - - echo 'ssh ok' -- name: wait - when: - branch: - - remote - image: docker:dind - volumes: - - name: dockersock - path: /var/run - - commands: - - sleep 60 -- name: build-postgres - when: - branch: - - remote - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd guacamole-postgresql - - docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql - - docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql -- name: build-ngrok - when: - branch: - - remote - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd ngrok2 - - docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea - - docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea -- name: build-letsencrypt-nginx - when: - branch: - - remote - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx - - docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx -- name: build-letsencrypt-drone - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh drone $${LOCAL_DOCKER_REGISTRY} -- name: build-letsencrypt-remote - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh remote $${LOCAL_DOCKER_REGISTRY} -- name: scp files - when: - branch: - - remote - image: appleboy/drone-scp - settings: - host: - from_secret: ssh-host - username: - from_secret: ssh-user - password: - from_secret: ssh-password - port: - from_secret: ssh-port - command_timeout: 2m - target: ~/gitea-drone-stack - source: - - . -- name: deploy - when: - branch: - - remote - image: appleboy/drone-ssh - environment: - DRONE_RPC_SECRET: - from_secret: drone-rpc-secret - DRONE_GITEA_CLIENT_ID: - from_secret: drone-gitea-client-id - DRONE_GITEA_CLIENT_SECRET: - from_secret: drone-gitea-client-secret - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - SSH_USER: - from_secret: ssh-user - CERTBOT_EMAIL: - from_secret: certbot-email - GIT_DOMAIN: - from_secret: git-domain - DRONE_DOMAIN: - from_secret: drone-domain - REMOTE_DOMAIN: - from_secret: remote-domain - settings: - envs: - - drone_rpc_secret - - drone_gitea_client_id - - drone_gitea_client_secret - - ssh_user - - local_docker_registry - - certbot_email - - git_domain - - drone_domain - - remote_domain - host: - from_secret: ssh-host - username: - from_secret: ssh-root-user - password: - from_secret: ssh-root-password - port: - from_secret: ssh-port - script: - - set -e - - export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY - - export DRONE_RPC_SECRET=$DRONE_RPC_SECRET - - export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID - - export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET - - export SSH_USER=$SSH_USER - - export CERTBOT_EMAIL=$CERTBOT_EMAIL - - export GIT_DOMAIN=$GIT_DOMAIN - - export DRONE_DOMAIN=$DRONE_DOMAIN - - export REMOTE_DOMAIN=$REMOTE_DOMAIN - - docker network prune -f - - cd /home/$SSH_USER/gitea-drone-stack - - docker stack rm remote-drone - - sleep 60 - - docker stack deploy -c docker-compose-drone.yml remote-drone - #- sleep 300 - -services: -- name: docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run - - name: ca - path: /etc/docker/certs.d - -volumes: -- name: dockersock - temp: {} -- name: ca - host: - path: /home/giles/gitea-drone-stack/.ca diff --git a/.drone.remote.yml b/.drone.remote.yml index 9936018..b1022d1 100644 --- a/.drone.remote.yml +++ b/.drone.remote.yml @@ -149,7 +149,7 @@ steps: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - - cd ngrok2 + - cd ngrok-gitea - docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - name: build-letsencrypt-nginx diff --git a/.drone.star b/.drone.star new file mode 100644 index 0000000..2573d16 --- /dev/null +++ b/.drone.star @@ -0,0 +1,151 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:print-secrets.star", "printSecrets") + +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:echo.star", "echo") +load("@this//:export.star", "export") +load("@this//:echo-secret.star", "echoSecret") +load("@this//:wait.star", "wait") +load("@this//:build.star", "build") +load("@this//:scp.star", "scp") +load("@this//:public-secrets.star", "publicSecrets") +load("@this//:secret-secrets.star", "secretSecrets") +load("@this//:pull.star", "pull") +load("@this//:deploy.star", "deploy") + +def buildHome(): + return { + "name": "build-nginx-home", + "image": "docker:dind", + "volumes": [ + { + "name": "dockersock", + "path": "/var/run", + }, + ], + "environment": environment([ + "local-docker-registry", + ]), + "commands": [ + "cd letsencrypt-nginx", + "sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}".format(), + ], + } + +def buildNginx(name): + return { + "name": "build-nginx-{name}".format(name=name), + "image": "docker:dind", + "volumes": [ + { + "name": "dockersock", + "path": "/var/run", + }, + ], + "environment": environment([ + "local-docker-registry", + ]), + "commands": [ + "cd letsencrypt-nginx", + "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), + ], + } +def pipeline(name, steps, dependsOn): + return { + "kind": "pipeline", + "name": name, + "depends_on": dependsOn, + "steps": [ + printSecrets( + "env-stack", + publicSecrets, + secretSecrets, + ), + wait(15, "wait"), + ] + steps, + "services": [ + { + "name": "docker", + "image": "docker:dind", + "privileged": True, + "volumes": [ + { + "name": "dockersock", + "path": "/var/run", + }, + { + "name": "ca", + "path": "/etc/docker/certs.d", + }, + ], + } + ], + "volumes": [ + { + "name": "dockersock", + "temp": {}, + }, + { + "name": "ca", + "host": { + "path": "/home/giles/gitea-drone-stack/.ca", + }, + }, + ], + } + +def main(ctx): + if ctx.build.branch == 'home-deploy': + return [ + pipeline( + 'home-deploy', + [ + #build("guacamole-postgresql"), + #build("ngrok-gitea"), + #build("letsencrypt-nginx"), + build("drone-starlark"), + #buildHome(), + #buildNginx("blog"), + #buildNginx("drone"), + #buildNginx("git"), + #buildNginx("remote"), + #buildNginx("chat"), + scp("~/gitea-drone-stack"), + pull([ + "letsencrypt-git", + "letsencrypt-chat", + "letsencrypt-drone", + "letsencrypt-remote", + "letsencrypt-blog", + "nginx-home1", + "drone-starlark", + ]), + deploy( + "docker-compose-home.yml", + "/home/giles/gitea-drone-stack", + ), + ], + [], + ), + ] + if ctx.build.branch == 'do': + return [ + pipeline( + 'do-deploy', + [ + build("guacamole-postgresql"), + build("letsencrypt-nginx"), + buildHome(), + buildNginx("blog"), + buildNginx("drone"), + buildNginx("git"), + buildNginx("remote"), + buildNginx("chat"), + scp("~/stack-deploy"), + #deploy("docker-compose-do.yml", "~/stack-deploy"), + ], + [], + ), + ] + \ No newline at end of file diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 639275a..0000000 --- a/.drone.yml +++ /dev/null @@ -1,248 +0,0 @@ ---- - -kind: pipeline -type: docker -name: default -when: - branch: - - master - -clone: - # skip_verify: true - -steps: -steps: -- name: wait - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - - commands: - - sleep 60 -- name: build-postgres - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd guacamole-postgresql - - docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql - - docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql -- name: build-ngrok - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd ngrok2 - - docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea - - docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea -- name: build-letsencrypt-nginx - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx - - docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx -- name: build-letsencrypt-blog - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh blog $${LOCAL_DOCKER_REGISTRY} -- name: build-letsencrypt-drone - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh drone $${LOCAL_DOCKER_REGISTRY} -- name: build-letsencrypt-git - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh git $${LOCAL_DOCKER_REGISTRY} -- name: build-letsencrypt-remote - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh remote $${LOCAL_DOCKER_REGISTRY} -- name: build-letsencrypt-chat - when: - branch: - - master - image: docker:dind - volumes: - - name: dockersock - path: /var/run - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - commands: - - cd letsencrypt-nginx - - sh build.sh chat $${LOCAL_DOCKER_REGISTRY} -- name: scp files - when: - branch: - - master - image: appleboy/drone-scp - settings: - host: - from_secret: ssh-host - username: - from_secret: ssh-user - password: - from_secret: ssh-password - port: - from_secret: ssh-port - command_timeout: 2m - target: ~/gitea-drone-stack - source: - - . -- name: deploy - when: - branch: - - master - image: appleboy/drone-ssh - environment: - DRONE_RPC_SECRET: - from_secret: drone-rpc-secret - DRONE_GITEA_CLIENT_ID: - from_secret: drone-gitea-client-id - DRONE_GITEA_CLIENT_SECRET: - from_secret: drone-gitea-client-secret - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - SSH_USER: - from_secret: ssh-user - CERTBOT_EMAIL: - from_secret: certbot-email - GIT_DOMAIN: - from_secret: git-domain - DRONE_DOMAIN: - from_secret: drone-domain - CHAT_DOMAIN: - from_secret: chat-domain - REMOTE_DOMAIN: - from_secret: remote-domain - BLOG_DOMAIN: - from_secret: blog-domain - settings: - envs: - - drone_rpc_secret - - drone_gitea_client_id - - drone_gitea_client_secret - - ssh_user - - local_docker_registry - - certbot_email - - git_domain - - drone_domain - - chat_domain - - remote_domain - - blog_domain - host: - from_secret: ssh-host - username: - from_secret: ssh-root-user - password: - from_secret: ssh-root-password - port: - from_secret: ssh-port - script: - - set -e - - export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY - - export DRONE_RPC_SECRET=$DRONE_RPC_SECRET - - export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID - - export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET - - export SSH_USER=$SSH_USER - - export CERTBOT_EMAIL=$CERTBOT_EMAIL - - export GIT_DOMAIN=$GIT_DOMAIN - - export DRONE_DOMAIN=$DRONE_DOMAIN - - export CHAT_DOMAIN=$CHAT_DOMAIN - - export REMOTE_DOMAIN=$REMOTE_DOMAIN - - export BLOG_DOMAIN=$BLOG_DOMAIN - - docker network prune -f - - cd /home/$SSH_USER/gitea-drone-stack - - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-git - - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-chat - - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-remote - - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-blog - - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-drone - - docker stack rm gitea - - sleep 60 - - docker stack deploy -c docker-compose.yml gitea - #- sleep 300 - -services: -- name: docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run - - name: ca - path: /etc/docker/certs.d - -volumes: -- name: dockersock - temp: {} -- name: ca - host: - path: /home/giles/gitea-drone-stack/.ca diff --git a/docker-compose-do.yml b/docker-compose-do.yml index 3ed9215..db0e8bd 100644 --- a/docker-compose-do.yml +++ b/docker-compose-do.yml @@ -125,6 +125,8 @@ services: - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_USER_CREATE=username:giles,admin:true - DRONE_AGENTS_ENABLED=true + - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 + - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 #- DRONE_ENV_PLUGIN_TOKEN=anything networks: @@ -149,6 +151,20 @@ services: - DRONE_RUNNER_NAME="docker-runner" #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 #- DRONE_ENV_PLUGIN_TOKEN=anything + drone-starlark: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: ${LOCAL_DOCKER_REGISTRY}drone-starlark + environment: + - DRONE_DEBUG=true + - DRONE_SECRET=${DRONE_CONVERT_SECRET} + - DRONE_STARLARK_REPO_PATHS=this:/repos + networks: + - appnet registry: deploy: placement: diff --git a/docker-compose-drone.yml b/docker-compose-drone.yml index 2932a0b..cfcb554 100644 --- a/docker-compose-drone.yml +++ b/docker-compose-drone.yml @@ -47,7 +47,7 @@ services: ports: - "4040:4040" volumes: - - ./ngrok2/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro + - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro environment: - GIT_DOMAIN=${GIT_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN} diff --git a/docker-compose-home.yml b/docker-compose-home.yml index 3921e46..bc32a65 100644 --- a/docker-compose-home.yml +++ b/docker-compose-home.yml @@ -101,14 +101,13 @@ services: ports: - "4040:4040" volumes: - - ./ngrok2/ngrok._yml:/home/ngrok/.ngrok2/ngrok._yml:ro + - ./ngrok-gitea/ngrok._yml:/home/ngrok/.ngrok2/ngrok._yml:ro environment: - GIT_DOMAIN=${GIT_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN} - REMOTE_DOMAIN=${REMOTE_DOMAIN} - BLOG_DOMAIN=${BLOG_DOMAIN} - CHAT_DOMAIN=${CHAT_DOMAIN} - #command: /bin/sh -c " cat /run/secrets/ngrok-auth-token /home/ngrok/.ngrok2/ngrok._yml > /home/ngrok/.ngrok2/ngrok.yml && ngrok start --all" depends_on: - gitea networks: @@ -143,8 +142,6 @@ services: - DRONE_AGENTS_ENABLED=true - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything networks: - appnet drone-docker-runner: @@ -165,8 +162,6 @@ services: - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_NAME="docker-runner" - #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 - #- DRONE_ENV_PLUGIN_TOKEN=anything drone-starlark: deploy: placement: @@ -174,10 +169,11 @@ services: replicas: 1 restart_policy: condition: any - image: drone/drone-convert-starlark + image: ${LOCAL_DOCKER_REGISTRY}drone-starlark environment: - DRONE_DEBUG=true - DRONE_SECRET=${DRONE_CONVERT_SECRET} + - DRONE_STARLARK_REPO_PATHS=this:/repos networks: - appnet diff --git a/docker-compose-remote.yml b/docker-compose-remote.yml index c7f475f..bc7be3c 100644 --- a/docker-compose-remote.yml +++ b/docker-compose-remote.yml @@ -47,7 +47,7 @@ services: ports: - "4040:4040" volumes: - - ./ngrok2/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro + - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro environment: - GIT_DOMAIN=${GIT_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN} diff --git a/drone-starlark/Dockerfile b/drone-starlark/Dockerfile new file mode 100644 index 0000000..776096e --- /dev/null +++ b/drone-starlark/Dockerfile @@ -0,0 +1,2 @@ +FROM drone/drone-convert-starlark +COPY repos /repos \ No newline at end of file diff --git a/drone-starlark/repos/build.star b/drone-starlark/repos/build.star new file mode 100644 index 0000000..827c7ab --- /dev/null +++ b/drone-starlark/repos/build.star @@ -0,0 +1,21 @@ +load("@this//:environment.star", "environment") + +def build(name): + return { + "name": "build-{name}".format(name=name), + "image": "docker:dind", + "volumes": [ + { + "name": "dockersock", + "path": "/var/run", + }, + ], + "environment": environment([ + "local-docker-registry", + ]), + "commands": [ + "cd {name}".format(name=name), + "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), + "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), + ], + } diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star new file mode 100644 index 0000000..f2a2a64 --- /dev/null +++ b/drone-starlark/repos/deploy.star @@ -0,0 +1,34 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:export.star", "export") +load("@this//:public-secrets.star", "publicSecrets") +load("@this//:secret-secrets.star", "secretSecrets") + +def deploy( + filename, + folder, +): + return { + "name": "deploy", + "image": "appleboy/drone-ssh", + "environment": environment(publicSecrets + secretSecrets), + "settings": { + "envs": [x.replace("-", "_") for x in publicSecrets + secretSecrets ], + "host": fromSecret("ssh-host"), + "port": fromSecret("ssh-port"), + "username": fromSecret("ssh-root-user"), + "password": fromSecret("ssh-root-password"), + "script": [ + "set -e" + ] + + map(export, publicSecrets + secretSecrets) + + [ + "docker network prune -f", + "cd {folder}".format(folder=folder), + "docker stack rm gitea", + "sleep 30", + "docker stack deploy -c {filename} gitea".format(filename = filename), + ] + } + } diff --git a/drone-starlark/repos/echo-secret.star b/drone-starlark/repos/echo-secret.star new file mode 100644 index 0000000..bf0901a --- /dev/null +++ b/drone-starlark/repos/echo-secret.star @@ -0,0 +1,7 @@ +load("@this//:secret-to-environment.star", "secretToEnvironment") + +def echoSecret(secret): + return 'echo "export {environment}=???" >> ***filename*** # {secret}'.format( + secret = secret, + environment = secretToEnvironment(secret), # .replace("-", "_").upper() + ) diff --git a/drone-starlark/repos/echo.star b/drone-starlark/repos/echo.star new file mode 100644 index 0000000..4f1cc1c --- /dev/null +++ b/drone-starlark/repos/echo.star @@ -0,0 +1,7 @@ +load("@this//:secret-to-environment.star", "secretToEnvironment") + +def echo(secret): + return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format( + secret = secret, + environment = secretToEnvironment(secret), #secret.replace("-", "_").upper(), + ) diff --git a/drone-starlark/repos/environment.star b/drone-starlark/repos/environment.star new file mode 100644 index 0000000..12a70b2 --- /dev/null +++ b/drone-starlark/repos/environment.star @@ -0,0 +1,5 @@ +load("@this//:from-secret.star", "fromSecret") +def environment(env): + return dict( + [(x.replace("-", "_").upper(), fromSecret(x)) for x in env] + ) diff --git a/drone-starlark/repos/export.star b/drone-starlark/repos/export.star new file mode 100644 index 0000000..7d47c10 --- /dev/null +++ b/drone-starlark/repos/export.star @@ -0,0 +1,6 @@ +load("@this//:secret-to-environment.star", "secretToEnvironment") + +def export(secret): + return "export {toCaps}=${toCaps}".format( + toCaps = secretToEnvironment(secret), #secret.replace("-", "_").upper(), + ) diff --git a/drone-starlark/repos/from-secret.star b/drone-starlark/repos/from-secret.star new file mode 100644 index 0000000..79140f9 --- /dev/null +++ b/drone-starlark/repos/from-secret.star @@ -0,0 +1,4 @@ +def fromSecret(name): + return { + "from_secret": name + } \ No newline at end of file diff --git a/drone-starlark/repos/map.star b/drone-starlark/repos/map.star new file mode 100644 index 0000000..d7828a0 --- /dev/null +++ b/drone-starlark/repos/map.star @@ -0,0 +1,2 @@ +def map(fn, l): + return [fn(x) for x in l] diff --git a/drone-starlark/repos/print-secrets.star b/drone-starlark/repos/print-secrets.star new file mode 100644 index 0000000..d7508bb --- /dev/null +++ b/drone-starlark/repos/print-secrets.star @@ -0,0 +1,24 @@ +load("@this//:map.star", "map") +load("@this//:from-secret.star", "fromSecret") +load("@this//:environment.star", "environment") +load("@this//:echo.star", "echo") +load("@this//:export.star", "export") +load("@this//:echo-secret.star", "echoSecret") + +def printSecrets(filename, env, secretEnv): + return { + "name": "print secrets", + "image": "appleboy/drone-ssh", + "environment": environment(env), + "settings": { + "envs": [x.replace("-", "_") for x in env ], + "host": fromSecret("ssh-host"), + "port": fromSecret("ssh-port"), + "username": fromSecret("ssh-user"), + "password": fromSecret("ssh-password"), + "script": [x.replace("***filename***", filename) for x in [ + "rm -f env-stack", + ] + map(echo, env) + + map(echoSecret, secretEnv)] + } + } diff --git a/drone-starlark/repos/public-secrets.star b/drone-starlark/repos/public-secrets.star new file mode 100644 index 0000000..dd081f0 --- /dev/null +++ b/drone-starlark/repos/public-secrets.star @@ -0,0 +1,12 @@ +publicSecrets = [ + "blog-domain", + "certbot-email", + "chat-domain", + "drone-domain", + "drone-gitea-client-id", + "drone-gitea-server", + "git-domain", + "local-docker-registry", + "remote-domain", + "ssh-user", +] \ No newline at end of file diff --git a/drone-starlark/repos/pull.star b/drone-starlark/repos/pull.star new file mode 100644 index 0000000..2b74bdb --- /dev/null +++ b/drone-starlark/repos/pull.star @@ -0,0 +1,26 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:export.star", "export") + +def pull( + images, +): + secrets = [ "local-docker-registry"] + return { + "name": "pull", + "image": "appleboy/drone-ssh", + "environment": environment(secrets), + "settings": { + "envs": [x.replace("-", "_") for x in secrets ], + "host": fromSecret("ssh-host"), + "port": fromSecret("ssh-port"), + "username": fromSecret("ssh-root-user"), + "password": fromSecret("ssh-root-password"), + "script": [ + "set -e" + ] + + map(export, secrets) + + ["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ] + } + } diff --git a/drone-starlark/repos/scp.star b/drone-starlark/repos/scp.star new file mode 100644 index 0000000..f0b4c6f --- /dev/null +++ b/drone-starlark/repos/scp.star @@ -0,0 +1,25 @@ +def scp(target): + return { + "name": "scp files", + "image": "appleboy/drone-scp", + "settings": { + "host": { + "from_secret": "ssh-host", + }, + "username": { + "from_secret": "ssh-user", + }, + "password": { + "from_secret": "ssh-password", + }, + "port": { + "from_secret": "ssh-port", + }, + "command_timeout": "2m", + "target": target, + "source": [ + ".", + ], + }, + } + \ No newline at end of file diff --git a/drone-starlark/repos/secret-secrets.star b/drone-starlark/repos/secret-secrets.star new file mode 100644 index 0000000..2e04f61 --- /dev/null +++ b/drone-starlark/repos/secret-secrets.star @@ -0,0 +1,5 @@ +secretSecrets = [ + "drone-convert-secret", + "drone-gitea-client-secret", + "drone-rpc-secret", +] \ No newline at end of file diff --git a/drone-starlark/repos/secret-to-environment.star b/drone-starlark/repos/secret-to-environment.star new file mode 100644 index 0000000..8dd501e --- /dev/null +++ b/drone-starlark/repos/secret-to-environment.star @@ -0,0 +1,2 @@ +def secretToEnvironment(secret): + return secret.replace("-", "_").upper() diff --git a/drone-starlark/repos/wait.star b/drone-starlark/repos/wait.star new file mode 100644 index 0000000..021bc8c --- /dev/null +++ b/drone-starlark/repos/wait.star @@ -0,0 +1,8 @@ +def wait(delay, name): + return { + "name": name, + "image": "alpine", + "commands": [ + "sleep {delay}".format(delay = delay), + ], + } diff --git a/guacamole-postgresql/Dockerfile b/guacamole-postgresql/Dockerfile index 180cf45..dfaaaee 100644 --- a/guacamole-postgresql/Dockerfile +++ b/guacamole-postgresql/Dockerfile @@ -1,3 +1,2 @@ FROM postgres:12 - COPY *.sql / \ No newline at end of file diff --git a/ngrok-build.sh b/ngrok-build.sh index eefa9df..3e827ae 100644 --- a/ngrok-build.sh +++ b/ngrok-build.sh @@ -1,2 +1,2 @@ -docker build ngrok2 -t ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea +docker build ngrok-gitea -t ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea docker push ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea \ No newline at end of file diff --git a/ngrok2/Dockerfile b/ngrok-gitea/Dockerfile similarity index 100% rename from ngrok2/Dockerfile rename to ngrok-gitea/Dockerfile diff --git a/ngrok2/ngrok._yml b/ngrok-gitea/ngrok._yml similarity index 100% rename from ngrok2/ngrok._yml rename to ngrok-gitea/ngrok._yml diff --git a/ngrok2/ngrok.m._yml b/ngrok-gitea/ngrok.m._yml similarity index 100% rename from ngrok2/ngrok.m._yml rename to ngrok-gitea/ngrok.m._yml diff --git a/ngrok2/run.sh b/ngrok-gitea/run.sh similarity index 100% rename from ngrok2/run.sh rename to ngrok-gitea/run.sh