def fromSecret(name): return { "from_secret": name } def environment(env): return dict( [(x.replace("-", "_").upper(), fromSecret(x)) for x in env] ) def map(fn, l): return [fn(x) for x in l] def echo(secret): return "echo {secret}=${environment} >> env-stack".format(secret = secret, environment = secret.replace("-", "_").upper()) def export(secret): return "echo {toCaps}=${toCaps} >> env-stack".format(toCaps = secret.replace("-", "_").upper()) def printSecrets(env): return { "name": "print secrets", "image": "appleboy/drone-ssh", "environment": environment(env), "settings": { "envs": [x.replace("-", "_") for x in env ], "host": fromSecret("ssh-host"), "port": fromSecret("ssh-port"), "username": fromSecret("ssh-user"), "password": fromSecret("ssh-password"), "script": [ "rm -f env.stack", ] + map(echo, env) } } def wait(delay, name): return { "name": name, "image": "alpine", "commands": [ "sleep {delay}".format(delay = delay), ], } def build(name): return { "name": "build-{name}".format(name=name), "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd {name}".format(name=name), "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), ], } def buildHome(): return { "name": "build-nginx-home", "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd letsencrypt-nginx", "sh build.home.sh $${{LOCAL_DOCKER_REGISTRY}}", ], } def buildNginx(name): return { "name": "build-nginx-{name}".format(name=name), "image": "docker:dind", "volumes": [ { "name": "dockersock", "path": "/var/run", }, ], "environment": environment([ "local-docker-registry", ]), "commands": [ "cd lestencrypt-nginx", "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), ], } def scp(target): return { "name": "scp files", "image": "appleboy/drone-scp", "settings": { "host": { "from_secret": "ssh-host", }, "username": { "from_secret": "ssh-user", }, "password": { "from_secret": "ssh-password", }, "port": { "from_secret": "ssh-port", }, }, "command_timeout": "2m", "target": target, "source": [ ".", ], } def deploy(): secrets = [ "drone-rpc-secret", "drone-gitea-client-id", "drone-gitea-client-secret", "drone-gitea-server", "drone-convert-secret", "ssh-user", "local-docker-registry", "certbot-email", "git-domain", "drone-domain", "chat-domain", "remote-domain", "blog-domain", ] return { "name": "deploy", "image": "appleboy/drone-ssh", "environment": environment(secrets), "settings": { "envs": [x.replace("-", "_") for x in secrets ], "host": fromSecret("ssh-host"), "port": fromSecret("ssh-port"), "username": fromSecret("ssh-root-user"), "password": fromSecret("ssh-root-password"), "script": [ "set -e" ] + map(export, secrets) + [ "docker pull $${{LOCAL_DOCKER_REGISTRY}}letsencrypt-git", "docker pull $${{LOCAL_DOCKER_REGISTRY}}nginx-home1", "docker pull $${{LOCAL_DOCKER_REGISTRY}}letsencrypt-chat", "docker pull $${{LOCAL_DOCKER_REGISTRY}}letsencrypt-remote", "docker pull $${{LOCAL_DOCKER_REGISTRY}}letsencrypt-blog", "docker pull $${{LOCAL_DOCKER_REGISTRY}}letsencrypt-drone", "docker network prune -f", "cd /home/$SSH_USER/gitea-drone-stack", "docker stack rm gitea", "sleep 60", "docker stack deploy -c docker-compose-home.yml gitea", ] } } def steps(name, dependsOn): return { "kind": "pipeline", "name": name, "depends_on": dependsOn, "steps": [ printSecrets([ "local-docker-registry", "ssh-host", "ssh-user", "ssh-port", ]), wait(15, "wait"), build("guacamole-postgresql"), build("ngrok-gitea"), build("letsencrypt-nginx"), buildHome(), buildNginx("blog"), buildNginx("drone"), buildNginx("git"), buildNginx("remote"), buildNginx("chat"), scp("~/gitea-drone-stack"), { "name": "build", "image": "alpine", "commands": [ "echo hello 'star lark'", ], }, deploy(), ], "services": [ { "name": "docker", "image": "docker:dind", "privileged": True, "volumes": [ { "name": "dockersock", "path": "/var/run", }, { "name": "ca", "path": "/etc/docker/certs.d", }, ], } ], "volumes": [ { "name": "dockersock", "temp": {}, }, { "name": "ca", "host": { "path": "/home/giles/gitea-drone-stack/.ca", }, }, ], } def main(ctx): return [ steps('first', []), ]