301 lines
7.1 KiB
YAML
301 lines
7.1 KiB
YAML
---
|
|
|
|
kind: pipeline
|
|
type: docker
|
|
name: default
|
|
when:
|
|
branch:
|
|
- remote
|
|
|
|
clone:
|
|
# skip_verify: true
|
|
|
|
steps:
|
|
- name: printenv
|
|
image: appleboy/drone-ssh
|
|
environment:
|
|
CERTBOT_EMAIL:
|
|
from_secret: certbot-email
|
|
DRONE_DOMAIN:
|
|
from_secret: drone-domain
|
|
DRONE_GITEA_CLIENT_ID:
|
|
from_secret: drone-gitea-client-id
|
|
GIT_DOMAIN:
|
|
from_secret: git-domain
|
|
REMOTE_DOMAIN:
|
|
from_secret: remote-domain
|
|
SSH_HOST:
|
|
from_secret: ssh-host
|
|
SSH_PORT:
|
|
from_secret: ssh-port
|
|
SSH_USER:
|
|
from_secret: ssh-user
|
|
SSH_ROOT_USER:
|
|
from_secret: ssh-root-user
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
settings:
|
|
envs:
|
|
- certbot_email
|
|
- drone_domain
|
|
- drone_gitea_client_id
|
|
- git_domain
|
|
- remote_domain
|
|
- ssh_host
|
|
- ssh_port
|
|
- ssh_root_user
|
|
- ssh_user
|
|
- local_docker_registry
|
|
host:
|
|
from_secret: ssh-host
|
|
port:
|
|
from_secret: ssh-port
|
|
username:
|
|
from_secret: ssh-user
|
|
password:
|
|
from_secret: ssh-password
|
|
script:
|
|
- echo certbot-email=$CERTBOT_EMAIL > env-stack
|
|
- echo drone-domain=$DRONE_DOMAIN >> env-stack
|
|
- echo drone-gitea-client-id=$DRONE_GITEA_CLIENT_ID >> env-stack
|
|
- echo git-domain=$GIT_DOMAIN >> env-stack
|
|
- echo remote-domain=$REMOTE_DOMAIN >> env-stack
|
|
- echo ssh-host=$SSH_HOST >> env-stack
|
|
- echo ssh-port=$SSH_PORT >> env-stack
|
|
- echo ssh-root-user=$SSH_ROOT_USER >> env-stack
|
|
- echo ssh-user=$SSH_USER >> env-stack
|
|
- echo local-docker-registry=$LOCAL_DOCKER_REGISTRY >> env-stack
|
|
|
|
- name: test-ssh
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: appleboy/drone-ssh
|
|
environment:
|
|
DRONE_RPC_SECRET:
|
|
from_secret: drone-rpc-secret
|
|
DRONE_GITEA_CLIENT_ID:
|
|
from_secret: drone-gitea-client-id
|
|
DRONE_GITEA_CLIENT_SECRET:
|
|
from_secret: drone-gitea-client-secret
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
SSH_USER:
|
|
from_secret: ssh-user
|
|
CERTBOT_EMAIL:
|
|
from_secret: certbot-email
|
|
GIT_DOMAIN:
|
|
from_secret: git-domain
|
|
DRONE_DOMAIN:
|
|
from_secret: drone-domain
|
|
REMOTE_DOMAIN:
|
|
from_secret: remote-domain
|
|
settings:
|
|
envs:
|
|
- drone_rpc_secret
|
|
- drone_gitea_client_id
|
|
- drone_gitea_client_secret
|
|
- ssh_user
|
|
- local_docker_registry
|
|
- certbot_email
|
|
- git_domain
|
|
- drone_domain
|
|
- remote_domain
|
|
host:
|
|
from_secret: ssh-host
|
|
username:
|
|
from_secret: ssh-root-user
|
|
password:
|
|
from_secret: ssh-root-password
|
|
port:
|
|
from_secret: ssh-port
|
|
script:
|
|
- echo 'ssh ok'
|
|
- name: wait
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
commands:
|
|
- sleep 60
|
|
- name: build-postgres
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
environment:
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
commands:
|
|
- cd guacamole-postgresql
|
|
- docker build . -t $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql
|
|
- docker push $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql
|
|
- name: build-ngrok
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
environment:
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
commands:
|
|
- cd ngrok-gitea
|
|
- docker build . -t $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
|
|
- docker push $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
|
|
- name: build-letsencrypt-nginx
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
environment:
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
commands:
|
|
- cd letsencrypt-nginx
|
|
- docker build . -t $${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx
|
|
- docker push $${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx
|
|
- name: build-letsencrypt-drone
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
environment:
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
commands:
|
|
- cd letsencrypt-nginx
|
|
- sh build.sh drone $${LOCAL_DOCKER_REGISTRY}
|
|
- name: build-letsencrypt-remote
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
environment:
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
commands:
|
|
- cd letsencrypt-nginx
|
|
- sh build.sh remote $${LOCAL_DOCKER_REGISTRY}
|
|
- name: scp files
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: appleboy/drone-scp
|
|
settings:
|
|
host:
|
|
from_secret: ssh-host
|
|
username:
|
|
from_secret: ssh-user
|
|
password:
|
|
from_secret: ssh-password
|
|
port:
|
|
from_secret: ssh-port
|
|
command_timeout: 2m
|
|
target: ~/gitea-drone-stack
|
|
source:
|
|
- .
|
|
- name: deploy
|
|
when:
|
|
branch:
|
|
- remote
|
|
image: appleboy/drone-ssh
|
|
environment:
|
|
DRONE_RPC_SECRET:
|
|
from_secret: drone-rpc-secret
|
|
DRONE_GITEA_CLIENT_ID:
|
|
from_secret: drone-gitea-client-id
|
|
DRONE_GITEA_CLIENT_SECRET:
|
|
from_secret: drone-gitea-client-secret
|
|
LOCAL_DOCKER_REGISTRY:
|
|
from_secret: local-docker-registry
|
|
SSH_USER:
|
|
from_secret: ssh-user
|
|
CERTBOT_EMAIL:
|
|
from_secret: certbot-email
|
|
GIT_DOMAIN:
|
|
from_secret: git-domain
|
|
DRONE_DOMAIN:
|
|
from_secret: drone-domain
|
|
REMOTE_DOMAIN:
|
|
from_secret: remote-domain
|
|
settings:
|
|
envs:
|
|
- drone_rpc_secret
|
|
- drone_gitea_client_id
|
|
- drone_gitea_client_secret
|
|
- ssh_user
|
|
- local_docker_registry
|
|
- certbot_email
|
|
- git_domain
|
|
- drone_domain
|
|
- remote_domain
|
|
host:
|
|
from_secret: ssh-host
|
|
username:
|
|
from_secret: ssh-root-user
|
|
password:
|
|
from_secret: ssh-root-password
|
|
port:
|
|
from_secret: ssh-port
|
|
script:
|
|
- set -e
|
|
- export LOCAL_DOCKER_REGISTRY=$LOCAL_DOCKER_REGISTRY
|
|
- export DRONE_RPC_SECRET=$DRONE_RPC_SECRET
|
|
- export DRONE_GITEA_CLIENT_ID=$DRONE_GITEA_CLIENT_ID
|
|
- export DRONE_GITEA_CLIENT_SECRET=$DRONE_GITEA_CLIENT_SECRET
|
|
- export SSH_USER=$SSH_USER
|
|
- export CERTBOT_EMAIL=$CERTBOT_EMAIL
|
|
- export GIT_DOMAIN=$GIT_DOMAIN
|
|
- export DRONE_DOMAIN=$DRONE_DOMAIN
|
|
- export REMOTE_DOMAIN=$REMOTE_DOMAIN
|
|
- docker network prune -f
|
|
- cd /home/$SSH_USER/gitea-drone-stack
|
|
- docker pull $${LOCAL_DOCKER_REGISTRY}guacamole-postgresql
|
|
- docker pull $${LOCAL_DOCKER_REGISTRY}ngrok-gitea
|
|
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx
|
|
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
|
|
- docker pull $${LOCAL_DOCKER_REGISTRY}letsencrypt-remote
|
|
|
|
- docker network prune -f
|
|
|
|
- docker stack rm remote-drone
|
|
- sleep 60
|
|
- docker stack deploy -c docker-compose-remote.yml remote-drone
|
|
#- sleep 300
|
|
|
|
services:
|
|
- name: docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: ca
|
|
path: /etc/docker/certs.d
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: ca
|
|
host:
|
|
path: /home/giles/gitea-drone-stack/.ca
|