--- kind: pipeline type: docker name: default when: branch: - remote clone: # skip_verify: true steps: - name: printenv image: appleboy/drone-ssh environment: CERTBOT_EMAIL: from_secret: certbot-email DRONE_DOMAIN: from_secret: drone-domain DRONE_GITEA_CLIENT_ID: from_secret: drone-gitea-client-id GIT_DOMAIN: from_secret: git-domain REMOTE_DOMAIN: from_secret: remote-domain SSH_HOST: from_secret: ssh-host SSH_PORT: from_secret: ssh-port SSH_USER: from_secret: ssh-user SSH_ROOT_USER: from_secret: ssh-root-user LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry settings: envs: - certbot_email - drone_domain - drone_gitea_client_id - git_domain - remote_domain - ssh_host - ssh_port - ssh_root_user - ssh_user - local_docker_registry host: from_secret: ssh-host port: from_secret: ssh-port username: from_secret: ssh-user password: from_secret: ssh-password script: - echo certbot-email=$CERTBOT_EMAIL > env-stack - echo drone-domain=$DRONE_DOMAIN >> env-stack - echo drone-gitea-client-id=$DRONE_GITEA_CLIENT_ID >> env-stack - echo git-domain=$GIT_DOMAIN >> env-stack - echo remote-domain=$REMOTE_DOMAIN >> env-stack - echo ssh-host=$SSH_HOST >> env-stack - echo ss-port=$SSH_PORT >> env-stack - echo ssh-root-user=$SSH_ROOT_USER >> env-stack - echo ssh-user=$SSH_USER >> env-stack - echo local_docker_registry=$LOCAL_DOCKER_REGISTRY >> env-stack - name: test-ssh when: branch: - remote image: appleboy/drone-ssh environment: DRONE_RPC_SECRET: from_secret: drone-rpc-secret DRONE_GITEA_CLIENT_ID: from_secret: drone-gitea-client-id DRONE_GITEA_CLIENT_SECRET: from_secret: drone-gitea-client-secret LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry SSH_USER: from_secret: ssh-user CERTBOT_EMAIL: from_secret: certbot-email GIT_DOMAIN: from_secret: git-domain DRONE_DOMAIN: from_secret: drone-domain REMOTE_DOMAIN: from_secret: remote-domain settings: envs: - drone_rpc_secret - drone_gitea_client_id - drone_gitea_client_secret - ssh_user - local_docker_registry - certbot_email - git_domain - drone_domain - remote_domain host: from_secret: ssh-host username: from_secret: ssh-root-user password: from_secret: ssh-root-password port: from_secret: ssh-port script: - echo 'ssh ok' - name: wait when: branch: - remote image: docker:dind volumes: - name: dockersock path: /var/run commands: - sleep 60 - name: build-postgres when: branch: - remote image: docker:dind volumes: - name: dockersock path: /var/run environment: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - cd guacamole-postgresql - docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql - docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql - name: build-ngrok when: branch: - remote image: docker:dind volumes: - name: dockersock path: /var/run environment: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - cd ngrok2 - docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea - docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea - name: build-letsencrypt-nginx when: branch: - remote image: docker:dind volumes: - name: dockersock path: /var/run environment: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - cd letsencrypt-nginx - docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx - docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx - name: build-letsencrypt-drone when: branch: - remote image: docker:dind volumes: - name: dockersock path: /var/run environment: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - cd letsencrypt-nginx - sh build.sh drone $${LOCAL_DOCKER_REGISTRY} - name: build-letsencrypt-remote when: branch: - remote image: docker:dind volumes: - name: dockersock path: /var/run environment: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry commands: - cd letsencrypt-nginx - sh build.sh remote $${LOCAL_DOCKER_REGISTRY} - name: scp files when: branch: - remote image: appleboy/drone-scp settings: host: from_secret: ssh-host username: from_secret: ssh-user password: from_secret: ssh-password port: from_secret: ssh-port command_timeout: 2m target: ~/gitea-drone-stack source: - . - name: deploy when: branch: - remote image: appleboy/drone-ssh environment: DRONE_RPC_SECRET: from_secret: drone-rpc-secret DRONE_GITEA_CLIENT_ID: from_secret: drone-gitea-client-id DRONE_GITEA_CLIENT_SECRET: from_secret: drone-gitea-client-secret LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry SSH_USER: from_secret: ssh-user CERTBOT_EMAIL: from_secret: certbot-email GIT_DOMAIN: from_secret: git-domain DRONE_DOMAIN: from_secret: drone-domain REMOTE_DOMAIN: from_secret: remote-domain settings: envs: - drone_rpc_secret - drone_gitea_client_id - drone_gitea_client_secret - ssh_user - local_docker_registry - certbot_email - git_domain - drone_domain - remote_domain host: from_secret: ssh-host username: from_secret: ssh-root-user password: from_secret: ssh-root-password port: from_secret: ssh-port script: - set -e - export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY - export DRONE_RPC_SECRET=$DRONE_RPC_SECRET - export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID - export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET - export SSH_USER=$SSH_USER - export CERTBOT_EMAIL=$CERTBOT_EMAIL - export GIT_DOMAIN=$GIT_DOMAIN - export DRONE_DOMAIN=$DRONE_DOMAIN - export REMOTE_DOMAIN=$REMOTE_DOMAIN - docker network prune -f - cd /home/$SSH_USER/gitea-drone-stack - docker stack rm remote-drone - sleep 60 - docker stack deploy -c docker-compose-remote.yml remote-drone #- sleep 300 services: - name: docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: ca path: /etc/docker/certs.d volumes: - name: dockersock temp: {} - name: ca host: path: /home/giles/gitea-drone-stack/.ca