def fromSecret(name): return { "from_secret": name } def environment(env): return dict( [(x.replace("-", "_").upper(), fromSecret(x)) for x in env] ) def map(fn, l): return [fn(x) for x in l] def secretToEnvironment(secret): return secret.replace("-", "_").upper() def echo(secret): return 'echo "export {environment}=${environment}" >> ***filename*** # {secret}'.format( secret = secret, environment = secret.replace("-", "_").upper(), ) def echoSecret(secret): return 'echo "export {environment}=???" >> ***filename*** # {secret}'.format( secret = secret, environment = secret.replace("-", "_").upper() ) def export(secret): return "export {toCaps}=${toCaps}".format( toCaps = secretToEnvironment(secret), ) def printSecrets(filename, env, secretEnv): return { "name": "print secrets", "image": "appleboy/drone-ssh", "environment": environment(env), "settings": { "envs": [x.replace("-", "_") for x in env ], "host": fromSecret("ssh-host"), "port": fromSecret("ssh-port"), "username": fromSecret("ssh-user"), "password": fromSecret("ssh-password"), "script": [x.replace("***filename***", filename) for x in [ "rm -f env-stack", ] + map(echo, env) + map(echoSecret, secretEnv)] } } def wait(delay, name): return { "name": name, "image": "alpine", "commands": [ "sleep {delay}".format(delay = delay), ], } def build(name): return { "name": "build-{name}".format(name=name), "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd {name}".format(name=name), "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), ], } def buildHome(): return { "name": "build-nginx-home", "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd letsencrypt-nginx", "sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}".format(), ], } def buildNginx(name): return { "name": "build-nginx-{name}".format(name=name), "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd letsencrypt-nginx", "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), ], } def scp(target): return { "name": "scp files", "image": "appleboy/drone-scp", "settings": { "host": { "from_secret": "ssh-host", }, "username": { "from_secret": "ssh-user", }, "password": { "from_secret": "ssh-password", }, "port": { "from_secret": "ssh-port", }, "command_timeout": "2m", "target": target, "source": [ ".", ], }, } def deploy( filename, folder, ): secrets = [ "drone-rpc-secret", "drone-gitea-client-id", "drone-gitea-client-secret", "drone-gitea-server", "drone-convert-secret", "ssh-user", "local-docker-registry", "certbot-email", "git-domain", "drone-domain", "chat-domain", "remote-domain", "blog-domain", ] return { "name": "deploy", "image": "appleboy/drone-ssh", "environment": environment(secrets), "settings": { "envs": [x.replace("-", "_") for x in secrets ], "host": fromSecret("ssh-host"), "port": fromSecret("ssh-port"), "username": fromSecret("ssh-root-user"), "password": fromSecret("ssh-root-password"), "script": [ "set -e" ] + map(export, secrets) + [ "echo {folder}".format(folder=folder), "cd {folder}".format(folder=folder), "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-git", "docker pull $${LOCAL_DOCKER_REGISTRY}nginx-home1", "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-chat", "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-remote", "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-blog", "docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-drone", "docker network prune -f", "cd {folder}".format(folder=folder), "docker stack rm gitea", "sleep 60", "docker stack deploy -c {filename} gitea".format(filename = filename), ] } } def pipeline(name, steps, dependsOn): return { "kind": "pipeline", "name": name, "depends_on": dependsOn, "steps": [ printSecrets( "env-stack", [ "blog-domain", "certbot-email", "chat-domain", "drone-domain", "drone-gitea-client-id", "drone-gitea-server", "git-domain", "local-docker-registry", "remote-domain", "ssh-user", ], [ "drone-convert-secret", "drone-gitea-client-secret", "drone-rpc-secret", ], ), wait(15, "wait"), ] + steps, "services": [ { "name": "docker", "image": "docker:dind", "privileged": True, "volumes": [ { "name": "dockersock", "path": "/var/run", }, { "name": "ca", "path": "/etc/docker/certs.d", }, ], } ], "volumes": [ { "name": "dockersock", "temp": {}, }, { "name": "ca", "host": { "path": "/home/giles/gitea-drone-stack/.ca", }, }, ], } def main(ctx): if ctx.build.branch == 'home-deploy': return [ pipeline( 'home-deploy', [ #build("guacamole-postgresql"), #build("ngrok-gitea"), #build("letsencrypt-nginx"), #buildHome(), build("drone-starlark"), #buildNginx("blog"), #buildNginx("drone"), #buildNginx("git"), #buildNginx("remote"), #buildNginx("chat"), scp("/home/giles/gitea-drone-stack"), deploy( "docker-compose-home.yml", "/home/giles/gitea-drone-stack", ), ], [], ), ] if ctx.build.branch == 'do': return [ pipeline( 'do-deploy', [ build("guacamole-postgresql"), build("letsencrypt-nginx"), buildHome(), buildNginx("blog"), buildNginx("drone"), buildNginx("git"), buildNginx("remote"), buildNginx("chat"), scp("~/stack-deploy"), #deploy("docker-compose-do.yml", "~/stack-deploy"), ], [], ), ]