giles
/
stack
Archived
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'do' into remote
continuous-integration/drone/push Build was killed Details

This commit is contained in:
Giles Bradshaw 2020-04-27 13:03:10 +01:00
parent 4e9ed54b42 717044d82f
commit f35727461a
32 changed files with 423 additions and 535 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
.drone.do.yml
View File

@ -49,6 +49,26 @@ steps:
- echo LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY >> env - echo LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY >> env
- echo CERTBOT_EMAIL=$CERTBOT_EMAIL >> env - echo CERTBOT_EMAIL=$CERTBOT_EMAIL >> env
- echo GIT_DOMAIN=$GIT_DOMAIN >> env - echo GIT_DOMAIN=$GIT_DOMAIN >> env
- name: clear
when:
branch:
- do
image: appleboy/drone-ssh
settings:
host:
from_secret: ssh-host
username:
from_secret: ssh-user
password:
from_secret: ssh-password
#key:
# from_secret: ssh-key
#passphrase:
# from_secret: ssh-passphrase
port:
from_secret: ssh-port
script:
- rm -r -f /home/giles/stack-deploy
- name: wait - name: wait
when: when:
branch: branch:
@ -104,25 +124,22 @@ steps:
- cd guacamole-postgresql - cd guacamole-postgresql
- docker build . -t $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql - docker build . -t $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql
- docker push $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql - docker push $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql
- name: build-drone-starlark
- name: clear
when: when:
branch: branch:
- do - do
image: appleboy/drone-ssh image: docker:dind
settings: volumes:
host: - name: dockersock
from_secret: ssh-host path: /var/run
username: environment:
from_secret: ssh-user LOCAL_DOCKER_REGISTRY:
key: from_secret: local-docker-registry
from_secret: ssh-key commands:
passphrase: - cd drone-starlark
from_secret: ssh-passphrase - docker build . -t $${LOCAL_DOCKER_REGISTRY}drone-starlark
port: - docker push $${LOCAL_DOCKER_REGISTRY}drone-starlark
from_secret: ssh-port
script:
- rm -r -f ~/stack-deploy
- name: scp files - name: scp files
when: when:
branch: branch:
@ -133,6 +150,8 @@ steps:
from_secret: ssh-host from_secret: ssh-host
username: username:
from_secret: ssh-user from_secret: ssh-user
#password:
# from_secret: ssh-password
key: key:
from_secret: ssh-key from_secret: ssh-key
passphrase: passphrase:
@ -140,7 +159,7 @@ steps:
port: port:
from_secret: ssh-port from_secret: ssh-port
command_timeout: 2m command_timeout: 2m
target: ~/stack-deploy target: /home/giles/stack-deploy
source: source:
- . - .
- name: deploy - name: deploy
@ -155,6 +174,8 @@ steps:
from_secret: drone-gitea-client-id from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET: DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret from_secret: drone-gitea-client-secret
DRONE_CONVERT_SECRET:
from_secret: drone-convert-secret
LOCAL_DOCKER_REGISTRY: LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry from_secret: local-docker-registry
SSH_USER: SSH_USER:
@ -174,6 +195,7 @@ steps:
- drone_rpc_secret - drone_rpc_secret
- drone_gitea_client_id - drone_gitea_client_id
- drone_gitea_client_secret - drone_gitea_client_secret
- drone_convert_secret
- ssh_user - ssh_user
- local_docker_registry - local_docker_registry
- certbot_email - certbot_email
@ -185,10 +207,12 @@ steps:
from_secret: ssh-host from_secret: ssh-host
username: username:
from_secret: ssh-user from_secret: ssh-user
key: password:
from_secret: ssh-key from_secret: ssh-password
passphrase: #key:
from_secret: ssh-passphrase # from_secret: ssh-key
#passphrase:
# from_secret: ssh-passphrase
port: port:
from_secret: ssh-port from_secret: ssh-port
script: script:
@ -203,10 +227,12 @@ steps:
- export GUACAMOLE_POSTGRES_USER=$GUACAMOLE_POSTGRES_USER - export GUACAMOLE_POSTGRES_USER=$GUACAMOLE_POSTGRES_USER
- export GUACAMOLE_POSTGRES_DB=$GUACAMOLE_POSTGRES_DB - export GUACAMOLE_POSTGRES_DB=$GUACAMOLE_POSTGRES_DB
- export GUACAMOLE_POSTGRES_PASSWORD=$GUACAMOLE_POSTGRES_PASSWORD - export GUACAMOLE_POSTGRES_PASSWORD=$GUACAMOLE_POSTGRES_PASSWORD
- export DRONE_CONVERT_SECRET=$DRONE_CONVERT_SECRET
- docker network prune -f - docker network prune -f
- cd ~/stack-deploy - cd ~/stack-deploy
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-do - docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-do
- docker pull $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql - docker pull $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql
- docker pull $${LOCAL_DOCKER_REGISTRY}drone-starlark
- docker stack rm gitea - docker stack rm gitea
- sleep 60 - sleep 60
- docker stack deploy -c docker-compose-do.yml gitea - docker stack deploy -c docker-compose-do.yml gitea

28
.drone.home.yml
View File

@ -49,17 +49,13 @@ steps:
when: when:
branch: branch:
- home-deploy - home-deploy
image: docker:dind image: alpine
volumes:
- name: dockersock
path: /var/run
commands: commands:
- sleep 60 - sleep 15
- name: build-postgres - name: build-postgres
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -74,7 +70,7 @@ steps:
- name: build-ngrok - name: build-ngrok
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -83,13 +79,13 @@ steps:
LOCAL_DOCKER_REGISTRY: LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry from_secret: local-docker-registry
commands: commands:
- cd ngrok2 - cd ngrok-gitea
- docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
- docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
- name: build-letsencrypt-nginx - name: build-letsencrypt-nginx
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -104,7 +100,7 @@ steps:
- name: build-nginx-home - name: build-nginx-home
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -118,7 +114,7 @@ steps:
- name: build-letsencrypt-blog - name: build-letsencrypt-blog
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -132,7 +128,7 @@ steps:
- name: build-letsencrypt-drone - name: build-letsencrypt-drone
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -146,7 +142,7 @@ steps:
- name: build-letsencrypt-git - name: build-letsencrypt-git
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -160,7 +156,7 @@ steps:
- name: build-letsencrypt-remote - name: build-letsencrypt-remote
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock
@ -174,7 +170,7 @@ steps:
- name: build-letsencrypt-chat - name: build-letsencrypt-chat
when: when:
branch: branch:
- home-deploy - home-deploy-skip
image: docker:dind image: docker:dind
volumes: volumes:
- name: dockersock - name: dockersock

238
.drone.m.yml
View File

@ -1,238 +0,0 @@
---
kind: pipeline
type: docker
name: default
when:
branch:
- remote
clone:
# skip_verify: true
steps:
steps:
- name: test-ssh
when:
branch:
- remote
image: appleboy/drone-ssh
environment:
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
SSH_USER:
from_secret: ssh-user
CERTBOT_EMAIL:
from_secret: certbot-email
GIT_DOMAIN:
from_secret: git-domain
DRONE_DOMAIN:
from_secret: drone-domain
REMOTE_DOMAIN:
from_secret: remote-domain
settings:
envs:
- drone_rpc_secret
- drone_gitea_client_id
- drone_gitea_client_secret
- ssh_user
- local_docker_registry
- certbot_email
- git_domain
- drone_domain
- remote_domain
host:
from_secret: ssh-host
username:
from_secret: ssh-root-user
password:
from_secret: ssh-root-password
port:
from_secret: ssh-port
script:
- echo 'ssh ok'
- name: wait
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
commands:
- sleep 60
- name: build-postgres
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd guacamole-postgresql
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- name: build-ngrok
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd ngrok2
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- name: build-letsencrypt-nginx
when:
branch:
- remote
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- name: build-letsencrypt-drone
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh drone $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-remote
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh remote $${LOCAL_DOCKER_REGISTRY}
- name: scp files
when:
branch:
- remote
image: appleboy/drone-scp
settings:
host:
from_secret: ssh-host
username:
from_secret: ssh-user
password:
from_secret: ssh-password
port:
from_secret: ssh-port
command_timeout: 2m
target: ~/gitea-drone-stack
source:
- .
- name: deploy
when:
branch:
- remote
image: appleboy/drone-ssh
environment:
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
SSH_USER:
from_secret: ssh-user
CERTBOT_EMAIL:
from_secret: certbot-email
GIT_DOMAIN:
from_secret: git-domain
DRONE_DOMAIN:
from_secret: drone-domain
REMOTE_DOMAIN:
from_secret: remote-domain
settings:
envs:
- drone_rpc_secret
- drone_gitea_client_id
- drone_gitea_client_secret
- ssh_user
- local_docker_registry
- certbot_email
- git_domain
- drone_domain
- remote_domain
host:
from_secret: ssh-host
username:
from_secret: ssh-root-user
password:
from_secret: ssh-root-password
port:
from_secret: ssh-port
script:
- set -e
- export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY
- export DRONE_RPC_SECRET=$DRONE_RPC_SECRET
- export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID
- export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET
- export SSH_USER=$SSH_USER
- export CERTBOT_EMAIL=$CERTBOT_EMAIL
- export GIT_DOMAIN=$GIT_DOMAIN
- export DRONE_DOMAIN=$DRONE_DOMAIN
- export REMOTE_DOMAIN=$REMOTE_DOMAIN
- docker network prune -f
- cd /home/$SSH_USER/gitea-drone-stack
- docker stack rm remote-drone
- sleep 60
- docker stack deploy -c docker-compose-drone.yml remote-drone
#- sleep 300
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /home/giles/gitea-drone-stack/.ca

2
.drone.remote.yml
View File

@ -149,7 +149,7 @@ steps:
LOCAL_DOCKER_REGISTRY: LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry from_secret: local-docker-registry
commands: commands:
- cd ngrok2 - cd ngrok-gitea
- docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
- docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea - docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
- name: build-letsencrypt-nginx - name: build-letsencrypt-nginx

151
.drone.star Normal file
View File

@ -0,0 +1,151 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//:public-secrets.star", "publicSecrets")
load("@this//:secret-secrets.star", "secretSecrets")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
def buildHome():
return {
"name": "build-nginx-home",
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
]),
"commands": [
"cd letsencrypt-nginx",
"sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}".format(),
],
}
def buildNginx(name):
return {
"name": "build-nginx-{name}".format(name=name),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
]),
"commands": [
"cd letsencrypt-nginx",
"sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
],
}
def pipeline(name, steps, dependsOn):
return {
"kind": "pipeline",
"name": name,
"depends_on": dependsOn,
"steps": [
printSecrets(
"env-stack",
publicSecrets,
secretSecrets,
),
wait(15, "wait"),
] + steps,
"services": [
{
"name": "docker",
"image": "docker:dind",
"privileged": True,
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
],
}
],
"volumes": [
{
"name": "dockersock",
"temp": {},
},
{
"name": "ca",
"host": {
"path": "/home/giles/gitea-drone-stack/.ca",
},
},
],
}
def main(ctx):
if ctx.build.branch == 'home-deploy':
return [
pipeline(
'home-deploy',
[
#build("guacamole-postgresql"),
#build("ngrok-gitea"),
#build("letsencrypt-nginx"),
build("drone-starlark"),
#buildHome(),
#buildNginx("blog"),
#buildNginx("drone"),
#buildNginx("git"),
#buildNginx("remote"),
#buildNginx("chat"),
scp("~/gitea-drone-stack"),
pull([
"letsencrypt-git",
"letsencrypt-chat",
"letsencrypt-drone",
"letsencrypt-remote",
"letsencrypt-blog",
"nginx-home1",
"drone-starlark",
]),
deploy(
"docker-compose-home.yml",
"/home/giles/gitea-drone-stack",
),
],
[],
),
]
if ctx.build.branch == 'do':
return [
pipeline(
'do-deploy',
[
build("guacamole-postgresql"),
build("letsencrypt-nginx"),
buildHome(),
buildNginx("blog"),
buildNginx("drone"),
buildNginx("git"),
buildNginx("remote"),
buildNginx("chat"),
scp("~/stack-deploy"),
#deploy("docker-compose-do.yml", "~/stack-deploy"),
],
[],
),
]

248
.drone.yml
View File

@ -1,248 +0,0 @@
---
kind: pipeline
type: docker
name: default
when:
branch:
- master
clone:
# skip_verify: true
steps:
steps:
- name: wait
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
commands:
- sleep 60
- name: build-postgres
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd guacamole-postgresql
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- name: build-ngrok
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd ngrok2
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- name: build-letsencrypt-nginx
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- name: build-letsencrypt-blog
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh blog $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-drone
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh drone $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-git
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh git $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-remote
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh remote $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-chat
when:
branch:
- master
image: docker:dind
volumes:
- name: dockersock
path: /var/run
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
commands:
- cd letsencrypt-nginx
- sh build.sh chat $${LOCAL_DOCKER_REGISTRY}
- name: scp files
when:
branch:
- master
image: appleboy/drone-scp
settings:
host:
from_secret: ssh-host
username:
from_secret: ssh-user
password:
from_secret: ssh-password
port:
from_secret: ssh-port
command_timeout: 2m
target: ~/gitea-drone-stack
source:
- .
- name: deploy
when:
branch:
- master
image: appleboy/drone-ssh
environment:
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
SSH_USER:
from_secret: ssh-user
CERTBOT_EMAIL:
from_secret: certbot-email
GIT_DOMAIN:
from_secret: git-domain
DRONE_DOMAIN:
from_secret: drone-domain
CHAT_DOMAIN:
from_secret: chat-domain
REMOTE_DOMAIN:
from_secret: remote-domain
BLOG_DOMAIN:
from_secret: blog-domain
settings:
envs:
- drone_rpc_secret
- drone_gitea_client_id
- drone_gitea_client_secret
- ssh_user
- local_docker_registry
- certbot_email
- git_domain
- drone_domain
- chat_domain
- remote_domain
- blog_domain
host:
from_secret: ssh-host
username:
from_secret: ssh-root-user
password:
from_secret: ssh-root-password
port:
from_secret: ssh-port
script:
- set -e
- export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY
- export DRONE_RPC_SECRET=$DRONE_RPC_SECRET
- export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID
- export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET
- export SSH_USER=$SSH_USER
- export CERTBOT_EMAIL=$CERTBOT_EMAIL
- export GIT_DOMAIN=$GIT_DOMAIN
- export DRONE_DOMAIN=$DRONE_DOMAIN
- export CHAT_DOMAIN=$CHAT_DOMAIN
- export REMOTE_DOMAIN=$REMOTE_DOMAIN
- export BLOG_DOMAIN=$BLOG_DOMAIN
- docker network prune -f
- cd /home/$SSH_USER/gitea-drone-stack
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-git
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-chat
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-remote
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-blog
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
- docker stack rm gitea
- sleep 60
- docker stack deploy -c docker-compose.yml gitea
#- sleep 300
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /home/giles/gitea-drone-stack/.ca

16
docker-compose-do.yml
View File

@ -125,6 +125,8 @@ services:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:giles,admin:true - DRONE_USER_CREATE=username:giles,admin:true
- DRONE_AGENTS_ENABLED=true - DRONE_AGENTS_ENABLED=true
- DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
- DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
#- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888
#- DRONE_ENV_PLUGIN_TOKEN=anything #- DRONE_ENV_PLUGIN_TOKEN=anything
networks: networks:
@ -149,6 +151,20 @@ services:
- DRONE_RUNNER_NAME="docker-runner" - DRONE_RUNNER_NAME="docker-runner"
#- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888 #- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888
#- DRONE_ENV_PLUGIN_TOKEN=anything #- DRONE_ENV_PLUGIN_TOKEN=anything
drone-starlark:
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
environment:
- DRONE_DEBUG=true
- DRONE_SECRET=${DRONE_CONVERT_SECRET}
- DRONE_STARLARK_REPO_PATHS=this:/repos
networks:
- appnet
registry: registry:
deploy: deploy:
placement: placement:

2
docker-compose-drone.yml
View File

@ -47,7 +47,7 @@ services:
ports: ports:
- "4040:4040" - "4040:4040"
volumes: volumes:
- ./ngrok2/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro
environment: environment:
- GIT_DOMAIN=${GIT_DOMAIN} - GIT_DOMAIN=${GIT_DOMAIN}
- DRONE_DOMAIN=${DRONE_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN}

10
docker-compose-home.yml
View File

@ -101,14 +101,13 @@ services:
ports: ports:
- "4040:4040" - "4040:4040"
volumes: volumes:
- ./ngrok2/ngrok._yml:/home/ngrok/.ngrok2/ngrok._yml:ro - ./ngrok-gitea/ngrok._yml:/home/ngrok/.ngrok2/ngrok._yml:ro
environment: environment:
- GIT_DOMAIN=${GIT_DOMAIN} - GIT_DOMAIN=${GIT_DOMAIN}
- DRONE_DOMAIN=${DRONE_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN}
- REMOTE_DOMAIN=${REMOTE_DOMAIN} - REMOTE_DOMAIN=${REMOTE_DOMAIN}
- BLOG_DOMAIN=${BLOG_DOMAIN} - BLOG_DOMAIN=${BLOG_DOMAIN}
- CHAT_DOMAIN=${CHAT_DOMAIN} - CHAT_DOMAIN=${CHAT_DOMAIN}
#command: /bin/sh -c " cat /run/secrets/ngrok-auth-token /home/ngrok/.ngrok2/ngrok._yml > /home/ngrok/.ngrok2/ngrok.yml && ngrok start --all"
depends_on: depends_on:
- gitea - gitea
networks: networks:
@ -143,8 +142,6 @@ services:
- DRONE_AGENTS_ENABLED=true - DRONE_AGENTS_ENABLED=true
- DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
- DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
#- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888
#- DRONE_ENV_PLUGIN_TOKEN=anything
networks: networks:
- appnet - appnet
drone-docker-runner: drone-docker-runner:
@ -165,8 +162,6 @@ services:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_CAPACITY=8
- DRONE_RUNNER_NAME="docker-runner" - DRONE_RUNNER_NAME="docker-runner"
#- DRONE_ENV_PLUGIN_ENDPOINT=http://git.local-domain:8888
#- DRONE_ENV_PLUGIN_TOKEN=anything
drone-starlark: drone-starlark:
deploy: deploy:
placement: placement:
@ -174,10 +169,11 @@ services:
replicas: 1 replicas: 1
restart_policy: restart_policy:
condition: any condition: any
image: drone/drone-convert-starlark image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
environment: environment:
- DRONE_DEBUG=true - DRONE_DEBUG=true
- DRONE_SECRET=${DRONE_CONVERT_SECRET} - DRONE_SECRET=${DRONE_CONVERT_SECRET}
- DRONE_STARLARK_REPO_PATHS=this:/repos
networks: networks:
- appnet - appnet

2
docker-compose-remote.yml
View File

@ -47,7 +47,7 @@ services:
ports: ports:
- "4040:4040" - "4040:4040"
volumes: volumes:
- ./ngrok2/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro - ./ngrok-gitea/ngrok.m._yml:/home/ngrok/.ngrok2/ngrok._yml:ro
environment: environment:
- GIT_DOMAIN=${GIT_DOMAIN} - GIT_DOMAIN=${GIT_DOMAIN}
- DRONE_DOMAIN=${DRONE_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN}

2
drone-starlark/Dockerfile Normal file
View File

@ -0,0 +1,2 @@
FROM drone/drone-convert-starlark
COPY repos /repos

21
drone-starlark/repos/build.star Normal file
View File

@ -0,0 +1,21 @@
load("@this//:environment.star", "environment")
def build(name):
return {
"name": "build-{name}".format(name=name),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
]),
"commands": [
"cd {name}".format(name=name),
"docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
"docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
],
}

34
drone-starlark/repos/deploy.star Normal file
View File

@ -0,0 +1,34 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
load("@this//:public-secrets.star", "publicSecrets")
load("@this//:secret-secrets.star", "secretSecrets")
def deploy(
filename,
folder,
):
return {
"name": "deploy",
"image": "appleboy/drone-ssh",
"environment": environment(publicSecrets + secretSecrets),
"settings": {
"envs": [x.replace("-", "_") for x in publicSecrets + secretSecrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, publicSecrets + secretSecrets) +
[
"docker network prune -f",
"cd {folder}".format(folder=folder),
"docker stack rm gitea",
"sleep 30",
"docker stack deploy -c {filename} gitea".format(filename = filename),
]
}
}

7
drone-starlark/repos/echo-secret.star Normal file
View File

@ -0,0 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echoSecret(secret):
return 'echo "export {environment}=???" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret), # .replace("-", "_").upper()
)

7
drone-starlark/repos/echo.star Normal file
View File

@ -0,0 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echo(secret):
return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret), #secret.replace("-", "_").upper(),
)

5
drone-starlark/repos/environment.star Normal file
View File

@ -0,0 +1,5 @@
load("@this//:from-secret.star", "fromSecret")
def environment(env):
return dict(
[(x.replace("-", "_").upper(), fromSecret(x)) for x in env]
)

6
drone-starlark/repos/export.star Normal file
View File

@ -0,0 +1,6 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def export(secret):
return "export {toCaps}=${toCaps}".format(
toCaps = secretToEnvironment(secret), #secret.replace("-", "_").upper(),
)

4
drone-starlark/repos/from-secret.star Normal file
View File

@ -0,0 +1,4 @@
def fromSecret(name):
return {
"from_secret": name
}

2
drone-starlark/repos/map.star Normal file
View File

@ -0,0 +1,2 @@
def map(fn, l):
return [fn(x) for x in l]

24
drone-starlark/repos/print-secrets.star Normal file
View File

@ -0,0 +1,24 @@
load("@this//:map.star", "map")
load("@this//:from-secret.star", "fromSecret")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
def printSecrets(filename, env, secretEnv):
return {
"name": "print secrets",
"image": "appleboy/drone-ssh",
"environment": environment(env),
"settings": {
"envs": [x.replace("-", "_") for x in env ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [x.replace("***filename***", filename) for x in [
"rm -f env-stack",
] + map(echo, env)
+ map(echoSecret, secretEnv)]
}
}

12
drone-starlark/repos/public-secrets.star Normal file
View File

@ -0,0 +1,12 @@
publicSecrets = [
"blog-domain",
"certbot-email",
"chat-domain",
"drone-domain",
"drone-gitea-client-id",
"drone-gitea-server",
"git-domain",
"local-docker-registry",
"remote-domain",
"ssh-user",
]

26
drone-starlark/repos/pull.star Normal file
View File

@ -0,0 +1,26 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def pull(
images,
):
secrets = [ "local-docker-registry"]
return {
"name": "pull",
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ]
}
}

25
drone-starlark/repos/scp.star Normal file
View File

@ -0,0 +1,25 @@
def scp(target):
return {
"name": "scp files",
"image": "appleboy/drone-scp",
"settings": {
"host": {
"from_secret": "ssh-host",
},
"username": {
"from_secret": "ssh-user",
},
"password": {
"from_secret": "ssh-password",
},
"port": {
"from_secret": "ssh-port",
},
"command_timeout": "2m",
"target": target,
"source": [
".",
],
},
}

5
drone-starlark/repos/secret-secrets.star Normal file
View File

@ -0,0 +1,5 @@
secretSecrets = [
"drone-convert-secret",
"drone-gitea-client-secret",
"drone-rpc-secret",
]

2
drone-starlark/repos/secret-to-environment.star Normal file
View File

@ -0,0 +1,2 @@
def secretToEnvironment(secret):
return secret.replace("-", "_").upper()

8
drone-starlark/repos/wait.star Normal file
View File

@ -0,0 +1,8 @@
def wait(delay, name):
return {
"name": name,
"image": "alpine",
"commands": [
"sleep {delay}".format(delay = delay),
],
}

1
guacamole-postgresql/Dockerfile
View File

@ -1,3 +1,2 @@
FROM postgres:12 FROM postgres:12
COPY *.sql / COPY *.sql /

2
ngrok-build.sh
View File

@ -1,2 +1,2 @@
docker build ngrok2 -t ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea docker build ngrok-gitea -t ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
docker push ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea docker push ${LOCAL_DOCKER_REGISTRY}/ngrok-gitea

0
ngrok2/Dockerfile → ngrok-gitea/Dockerfile
View File

0
ngrok2/ngrok._yml → ngrok-gitea/ngrok._yml
View File

0
ngrok2/ngrok.m._yml → ngrok-gitea/ngrok.m._yml
View File

0
ngrok2/run.sh → ngrok-gitea/run.sh
View File