---

kind: pipeline
type: docker
name: default
when:
  branch:
  - remote

clone:
  # skip_verify: true

steps:
steps:
- name: test-ssh
  when:
    branch:
    - remote
  image: appleboy/drone-ssh
  environment:
    DRONE_RPC_SECRET:
      from_secret: drone-rpc-secret
    DRONE_GITEA_CLIENT_ID:
      from_secret: drone-gitea-client-id
    DRONE_GITEA_CLIENT_SECRET:
      from_secret: drone-gitea-client-secret
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
    SSH_USER:
      from_secret: ssh-user
    CERTBOT_EMAIL:
      from_secret: certbot-email
    GIT_DOMAIN:
      from_secret: git-domain
    DRONE_DOMAIN:
      from_secret: drone-domain
    REMOTE_DOMAIN:
      from_secret: remote-domain
  settings:
    envs:
      - drone_rpc_secret
      - drone_gitea_client_id
      - drone_gitea_client_secret
      - ssh_user
      - local_docker_registry
      - certbot_email
      - git_domain
      - drone_domain
      - remote_domain
    host:
      from_secret: ssh-host
    username:
      from_secret: ssh-root-user
    password:
      from_secret: ssh-root-password
    port:
      from_secret: ssh-port
    script:
      - echo 'ssh ok'
- name: wait
  when:
    branch:
    - remote
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run

  commands:
  - sleep 60
- name: build-postgres
  when:
    branch:
    - remote
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run
  environment:
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
  commands:
  - cd guacamole-postgresql
  - docker build . -t $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
  - docker push $${LOCAL_DOCKER_REGISTRY}/guacamole-postgresql
- name: build-ngrok
  when:
    branch:
    - remote
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run
  environment:
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
  commands:
  - cd ngrok2
  - docker build . -t $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
  - docker push $${LOCAL_DOCKER_REGISTRY}/ngrok-gitea
- name: build-letsencrypt-nginx
  when:
    branch:
    - remote
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run
  environment:
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
  commands:
  - cd letsencrypt-nginx
  - docker build . -t $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
  - docker push $${LOCAL_DOCKER_REGISTRY}/letsencrypt-nginx
- name: build-letsencrypt-drone
  when:
    branch:
    - master
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run
  environment:
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
  commands:
  - cd letsencrypt-nginx
  - sh build.sh drone $${LOCAL_DOCKER_REGISTRY}
- name: build-letsencrypt-remote
  when:
    branch:
    - master
  image: docker:dind
  volumes:
  - name: dockersock
    path: /var/run
  environment:
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
  commands:
  - cd letsencrypt-nginx
  - sh build.sh remote $${LOCAL_DOCKER_REGISTRY}
- name: scp files
  when:
    branch:
    - remote
  image: appleboy/drone-scp
  settings:
    host:
      from_secret: ssh-host
    username:
      from_secret: ssh-user
    password:
      from_secret: ssh-password
    port:
      from_secret: ssh-port
    command_timeout: 2m
    target: ~/gitea-drone-stack
    source:
      - .
- name: deploy
  when:
    branch:
    - remote
  image: appleboy/drone-ssh
  environment:
    DRONE_RPC_SECRET:
      from_secret: drone-rpc-secret
    DRONE_GITEA_CLIENT_ID:
      from_secret: drone-gitea-client-id
    DRONE_GITEA_CLIENT_SECRET:
      from_secret: drone-gitea-client-secret
    LOCAL_DOCKER_REGISTRY:
      from_secret: local-docker-registry
    SSH_USER:
      from_secret: ssh-user
    CERTBOT_EMAIL:
      from_secret: certbot-email
    GIT_DOMAIN:
      from_secret: git-domain
    DRONE_DOMAIN:
      from_secret: drone-domain
    REMOTE_DOMAIN:
      from_secret: remote-domain
  settings:
    envs:
      - drone_rpc_secret
      - drone_gitea_client_id
      - drone_gitea_client_secret
      - ssh_user
      - local_docker_registry
      - certbot_email
      - git_domain
      - drone_domain
      - remote_domain
    host:
      from_secret: ssh-host
    username:
      from_secret: ssh-root-user
    password:
      from_secret: ssh-root-password
    port:
      from_secret: ssh-port
    script:
      - set -e
      - export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY
      - export DRONE_RPC_SECRET=$DRONE_RPC_SECRET
      - export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID
      - export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET
      - export SSH_USER=$SSH_USER
      - export CERTBOT_EMAIL=$CERTBOT_EMAIL
      - export GIT_DOMAIN=$GIT_DOMAIN
      - export DRONE_DOMAIN=$DRONE_DOMAIN
      - export REMOTE_DOMAIN=$REMOTE_DOMAIN
      - docker network prune -f
      - cd /home/$SSH_USER/gitea-drone-stack
      - docker stack rm remote-drone
      - sleep 60
      - docker stack deploy -c docker-compose-drone.yml remote-drone
      #- sleep 300

services:
- name: docker
  image: docker:dind
  privileged: true
  volumes:
  - name: dockersock
    path: /var/run  
  - name: ca
    path: /etc/docker/certs.d
 
volumes:
- name: dockersock
  temp: {}
- name: ca
  host:
    path: /home/giles/gitea-drone-stack/.ca