load("@this//:from-secret.star", "fromSecret") load("@this//:print-secrets.star", "printSecrets") load("@this//:map.star", "map") load("@this//:environment.star", "environment") load("@this//:echo.star", "echo") load("@this//:export.star", "export") load("@this//:echo-secret.star", "echoSecret") load("@this//:wait.star", "wait") load("@this//:build.star", "build") load("@this//:scp.star", "scp") load("@this//:public-secrets.star", "publicSecrets") load("@this//:secret-secrets.star", "secretSecrets") def buildHome(): return { "name": "build-nginx-home", "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd letsencrypt-nginx", "sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}".format(), ], } def buildNginx(name): return { "name": "build-nginx-{name}".format(name=name), "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd letsencrypt-nginx", "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), ], } def deploy( filename, folder, ): images = [ "letsencrypt-git", "letsencrypt-chat", "letsencrypt-drone", "letsencrypt-remote", "letsencrypt-blog", "nginx-home1", "drone-starlark", ] return { "name": "deploy", "image": "appleboy/drone-ssh", "environment": environment(publicSecrets + secretSecrets), "settings": { "envs": [x.replace("-", "_") for x in publicSecrets + secretSecrets ], "host": fromSecret("ssh-host"), "port": fromSecret("ssh-port"), "username": fromSecret("ssh-root-user"), "password": fromSecret("ssh-root-password"), "script": [ "set -e" ] + map(export, publicSecrets + secretSecrets) + ["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ] + [ "docker network prune -f", "cd {folder}".format(folder=folder), "docker stack rm gitea", "sleep 30", "docker stack deploy -c {filename} gitea".format(filename = filename), ] } } def pipeline(name, steps, dependsOn): return { "kind": "pipeline", "name": name, "depends_on": dependsOn, "steps": [ printSecrets( "env-stack", publicSecrets, secretSecrets, ), wait(15, "wait"), ] + steps, "services": [ { "name": "docker", "image": "docker:dind", "privileged": True, "volumes": [ { "name": "dockersock", "path": "/var/run", }, { "name": "ca", "path": "/etc/docker/certs.d", }, ], } ], "volumes": [ { "name": "dockersock", "temp": {}, }, { "name": "ca", "host": { "path": "/home/giles/gitea-drone-stack/.ca", }, }, ], } def main(ctx): if ctx.build.branch == 'home-deploy': return [ pipeline( 'home-deploy', [ #build("guacamole-postgresql"), #build("ngrok-gitea"), #build("letsencrypt-nginx"), build("drone-starlark"), #buildHome(), #buildNginx("blog"), #buildNginx("drone"), #buildNginx("git"), #buildNginx("remote"), #buildNginx("chat"), scp("~/gitea-drone-stack"), deploy( "docker-compose-home.yml", "/home/giles/gitea-drone-stack", ), ], [], ), ] if ctx.build.branch == 'do': return [ pipeline( 'do-deploy', [ build("guacamole-postgresql"), build("letsencrypt-nginx"), buildHome(), buildNginx("blog"), buildNginx("drone"), buildNginx("git"), buildNginx("remote"), buildNginx("chat"), scp("~/stack-deploy"), #deploy("docker-compose-do.yml", "~/stack-deploy"), ], [], ), ]