From 5ebeb67915eb9bd6ff2e9380a28d824d92e5b629 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 28 Aug 2020 14:07:09 +0100 Subject: [PATCH] jsdonnet-drone@0.1.0 --- .drone/drone-home.jsonnet | 25 ++- .drone/drone-home.yml | 305 ++++++++++++++-------------- .drone/lib/public-secrets.libsonnet | 18 +- .drone/lib/secret-secrets.libsonnet | 8 +- .drone/login.sh | 2 +- .drone/logout.sh | 2 +- .drone/package.json | 2 +- .drone/yarn.lock | 8 +- README.md | 18 +- docker-compose.yml | 26 +-- 10 files changed, 213 insertions(+), 201 deletions(-) diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index b750782..8d98a55 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -3,15 +3,28 @@ local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; +local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet'; [ + register, deploy( 'commento', '/stack/', - [ - 'LOCAL_DOCKER_REGISTRY', - 'REGISTRY_PASSWORD', - ], + [], publicSecrets, - secretSecrets - ), + secretSecrets, + [ + 'REGISTRY_DOMAIN', + 'REGISTRY_PORT', + 'REGISTRY_PASSWORD', + ] + ) { + trigger +: { + event +: [ + 'promote', + ], + target +: [ + 'production', + ], + }, + }, ] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index d8d66aa..fc6b105 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -1,3 +1,20 @@ +--- +kind: pipeline +type: docker +name: register + +platform: + os: linux + arch: amd64 + +clone: + disable: true + +trigger: + event: + exclude: + - promote + --- kind: pipeline type: docker @@ -9,7 +26,7 @@ platform: steps: - name: print env - image: appleboy/drone-ssh:1.6.2 + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea settings: envs: - drone_tag @@ -17,118 +34,99 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace - - local_docker_registry - - registry_password - - commento_origin - - commento_smtp_host - - commento_smtp_port - - commento_smtp_username - - commento_smtp_from_address - - commento_forbid_new_owners - - commento_postgres_db - - commento_postgres_user - - commento_github_key - - commento_smtp_password - - commento_askimet_key - - commento_postgres_password - - commento_github_secret - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + - origin + - smtp_host + - smtp_port + - smtp_username + - smtp_from_address + - forbid_new_owners + - postgres_db + - postgres_user + - github_key + - smtp_password + - askimet_key + - postgres_password + - github_secret + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} script: - rm -f env-commento - - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-commento # \"local-docker-registry\"" - - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-commento # \"registry-password\"" - - "echo \"export COMMENTO_ORIGIN='$${COMMENTO_ORIGIN}'\" >> env-commento # \"commento-origin\"" - - "echo \"export COMMENTO_SMTP_HOST='$${COMMENTO_SMTP_HOST}'\" >> env-commento # \"commento-smtp-host\"" - - "echo \"export COMMENTO_SMTP_PORT='$${COMMENTO_SMTP_PORT}'\" >> env-commento # \"commento-smtp-port\"" - - "echo \"export COMMENTO_SMTP_USERNAME='$${COMMENTO_SMTP_USERNAME}'\" >> env-commento # \"commento-smtp-username\"" - - "echo \"export COMMENTO_SMTP_FROM_ADDRESS='$${COMMENTO_SMTP_FROM_ADDRESS}'\" >> env-commento # \"commento-smtp-from-address\"" - - "echo \"export COMMENTO_FORBID_NEW_OWNERS='$${COMMENTO_FORBID_NEW_OWNERS}'\" >> env-commento # \"commento-forbid-new-owners\"" - - "echo \"export COMMENTO_POSTGRES_DB='$${COMMENTO_POSTGRES_DB}'\" >> env-commento # \"commento-postgres-db\"" - - "echo \"export COMMENTO_POSTGRES_USER='$${COMMENTO_POSTGRES_USER}'\" >> env-commento # \"commento-postgres-user\"" - - "echo \"export COMMENTO_GITHUB_KEY='$${COMMENTO_GITHUB_KEY}'\" >> env-commento # \"commento-github-key\"" - - "echo \"export COMMENTO_SMTP_PASSWORD='$${COMMENTO_SMTP_PASSWORD}'\" >> env-commento # \"commento-smtp-password\"" - - "echo \"export COMMENTO_ASKIMET_KEY='$${COMMENTO_ASKIMET_KEY}'\" >> env-commento # \"commento-askimet-key\"" - - "echo \"export COMMENTO_POSTGRES_PASSWORD='$${COMMENTO_POSTGRES_PASSWORD}'\" >> env-commento # \"commento-postgres-password\"" - - "echo \"export COMMENTO_GITHUB_SECRET='$${COMMENTO_GITHUB_SECRET}'\" >> env-commento # \"commento-github-secret\"" - username: - from_secret: ssh-user + - "echo \"export ORIGIN='$${ORIGIN}'\" >> env-commento # \"origin\"" + - "echo \"export SMTP_HOST='$${SMTP_HOST}'\" >> env-commento # \"smtp-host\"" + - "echo \"export SMTP_PORT='$${SMTP_PORT}'\" >> env-commento # \"smtp-port\"" + - "echo \"export SMTP_USERNAME='$${SMTP_USERNAME}'\" >> env-commento # \"smtp-username\"" + - "echo \"export SMTP_FROM_ADDRESS='$${SMTP_FROM_ADDRESS}'\" >> env-commento # \"smtp-from-address\"" + - "echo \"export FORBID_NEW_OWNERS='$${FORBID_NEW_OWNERS}'\" >> env-commento # \"forbid-new-owners\"" + - "echo \"export POSTGRES_DB='$${POSTGRES_DB}'\" >> env-commento # \"postgres-db\"" + - "echo \"export POSTGRES_USER='$${POSTGRES_USER}'\" >> env-commento # \"postgres-user\"" + - "echo \"export GITHUB_KEY='$${GITHUB_KEY}'\" >> env-commento # \"github-key\"" + - "echo \"export SMTP_PASSWORD='$${SMTP_PASSWORD}'\" >> env-commento # \"smtp-password\"" + - "echo \"export ASKIMET_KEY='$${ASKIMET_KEY}'\" >> env-commento # \"askimet-key\"" + - "echo \"export POSTGRES_PASSWORD='$${POSTGRES_PASSWORD}'\" >> env-commento # \"postgres-password\"" + - "echo \"export GITHUB_SECRET='$${GITHUB_SECRET}'\" >> env-commento # \"github-secret\"" + username: ${SSH_USER} environment: - COMMENTO_ASKIMET_KEY: - from_secret: commento-askimet-key - COMMENTO_FORBID_NEW_OWNERS: - from_secret: commento-forbid-new-owners - COMMENTO_GITHUB_KEY: - from_secret: commento-github-key - COMMENTO_GITHUB_SECRET: - from_secret: commento-github-secret - COMMENTO_ORIGIN: - from_secret: commento-origin - COMMENTO_POSTGRES_DB: - from_secret: commento-postgres-db - COMMENTO_POSTGRES_PASSWORD: - from_secret: commento-postgres-password - COMMENTO_POSTGRES_USER: - from_secret: commento-postgres-user - COMMENTO_SMTP_FROM_ADDRESS: - from_secret: commento-smtp-from-address - COMMENTO_SMTP_HOST: - from_secret: commento-smtp-host - COMMENTO_SMTP_PASSWORD: - from_secret: commento-smtp-password - COMMENTO_SMTP_PORT: - from_secret: commento-smtp-port - COMMENTO_SMTP_USERNAME: - from_secret: commento-smtp-username - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - REGISTRY_PASSWORD: - from_secret: registry-password + ASKIMET_KEY: + from_secret: askimet-key + FORBID_NEW_OWNERS: + from_secret: forbid-new-owners + GITHUB_KEY: + from_secret: github-key + GITHUB_SECRET: + from_secret: github-secret + ORIGIN: + from_secret: origin + POSTGRES_DB: + from_secret: postgres-db + POSTGRES_PASSWORD: + from_secret: postgres-password + POSTGRES_USER: + from_secret: postgres-user + SMTP_FROM_ADDRESS: + from_secret: smtp-from-address + SMTP_HOST: + from_secret: smtp-host + SMTP_PASSWORD: + from_secret: smtp-password + SMTP_PORT: + from_secret: smtp-port + SMTP_USERNAME: + from_secret: smtp-username - name: scp - image: appleboy/drone-scp:1.6.2 + image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 settings: command_timeout: 2m - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} source: - . target: /stack/commento - username: - from_secret: ssh-user + username: ${SSH_USER} - name: wait - image: alpine + image: alpine:3.12.0@sha256:90baa0922fe90624b05cb5766fa5da4e337921656c2f8e2b13bd3c052a0baac1 commands: - sleep 15 - name: "dockerbuild:" - image: docker:dind + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f commands: - set -e - sh .drone/login.sh - sh .drone/build.sh - sh .drone/push.sh - sh .drone/logout.sh - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - REGISTRY_PASSWORD: - from_secret: registry-password volumes: - name: dockersock path: /var/run - name: deploy - image: appleboy/drone-ssh:1.6.2 + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea settings: envs: - drone_tag @@ -136,85 +134,80 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace - - commento_origin - - commento_smtp_host - - commento_smtp_port - - commento_smtp_username - - commento_smtp_from_address - - commento_forbid_new_owners - - commento_postgres_db - - commento_postgres_user - - commento_github_key - - commento_smtp_password - - commento_askimet_key - - commento_postgres_password - - commento_github_secret - - local_docker_registry + - registry_domain + - registry_port - registry_password - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + - origin + - smtp_host + - smtp_port + - smtp_username + - smtp_from_address + - forbid_new_owners + - postgres_db + - postgres_user + - github_key + - smtp_password + - askimet_key + - postgres_password + - github_secret + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} script: - - export COMMENTO_SMTP_PASSWORD=$${COMMENTO_SMTP_PASSWORD} - - export COMMENTO_ASKIMET_KEY=$${COMMENTO_ASKIMET_KEY} - - export COMMENTO_POSTGRES_PASSWORD=$${COMMENTO_POSTGRES_PASSWORD} - - export COMMENTO_GITHUB_SECRET=$${COMMENTO_GITHUB_SECRET} - - export COMMENTO_ORIGIN=$${COMMENTO_ORIGIN} - - export COMMENTO_SMTP_HOST=$${COMMENTO_SMTP_HOST} - - export COMMENTO_SMTP_PORT=$${COMMENTO_SMTP_PORT} - - export COMMENTO_SMTP_USERNAME=$${COMMENTO_SMTP_USERNAME} - - export COMMENTO_SMTP_FROM_ADDRESS=$${COMMENTO_SMTP_FROM_ADDRESS} - - export COMMENTO_FORBID_NEW_OWNERS=$${COMMENTO_FORBID_NEW_OWNERS} - - export COMMENTO_POSTGRES_DB=$${COMMENTO_POSTGRES_DB} - - export COMMENTO_POSTGRES_USER=$${COMMENTO_POSTGRES_USER} - - export COMMENTO_GITHUB_KEY=$${COMMENTO_GITHUB_KEY} - - export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY} + - export SMTP_PASSWORD=$${SMTP_PASSWORD} + - export ASKIMET_KEY=$${ASKIMET_KEY} + - export POSTGRES_PASSWORD=$${POSTGRES_PASSWORD} + - export GITHUB_SECRET=$${GITHUB_SECRET} + - export ORIGIN=$${ORIGIN} + - export SMTP_HOST=$${SMTP_HOST} + - export SMTP_PORT=$${SMTP_PORT} + - export SMTP_USERNAME=$${SMTP_USERNAME} + - export SMTP_FROM_ADDRESS=$${SMTP_FROM_ADDRESS} + - export FORBID_NEW_OWNERS=$${FORBID_NEW_OWNERS} + - export POSTGRES_DB=$${POSTGRES_DB} + - export POSTGRES_USER=$${POSTGRES_USER} + - export GITHUB_KEY=$${GITHUB_KEY} + - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} + - export REGISTRY_PORT=$${REGISTRY_PORT} - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - set -e - cd /stack/commento - sh .drone/login.sh - sh .drone/pull.sh - sh .drone/deploy.sh - username: - from_secret: ssh-user + username: ${SSH_USER} environment: - COMMENTO_ASKIMET_KEY: - from_secret: commento-askimet-key - COMMENTO_FORBID_NEW_OWNERS: - from_secret: commento-forbid-new-owners - COMMENTO_GITHUB_KEY: - from_secret: commento-github-key - COMMENTO_GITHUB_SECRET: - from_secret: commento-github-secret - COMMENTO_ORIGIN: - from_secret: commento-origin - COMMENTO_POSTGRES_DB: - from_secret: commento-postgres-db - COMMENTO_POSTGRES_PASSWORD: - from_secret: commento-postgres-password - COMMENTO_POSTGRES_USER: - from_secret: commento-postgres-user - COMMENTO_SMTP_FROM_ADDRESS: - from_secret: commento-smtp-from-address - COMMENTO_SMTP_HOST: - from_secret: commento-smtp-host - COMMENTO_SMTP_PASSWORD: - from_secret: commento-smtp-password - COMMENTO_SMTP_PORT: - from_secret: commento-smtp-port - COMMENTO_SMTP_USERNAME: - from_secret: commento-smtp-username - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - REGISTRY_PASSWORD: - from_secret: registry-password + ASKIMET_KEY: + from_secret: askimet-key + FORBID_NEW_OWNERS: + from_secret: forbid-new-owners + GITHUB_KEY: + from_secret: github-key + GITHUB_SECRET: + from_secret: github-secret + ORIGIN: + from_secret: origin + POSTGRES_DB: + from_secret: postgres-db + POSTGRES_PASSWORD: + from_secret: postgres-password + POSTGRES_USER: + from_secret: postgres-user + SMTP_FROM_ADDRESS: + from_secret: smtp-from-address + SMTP_HOST: + from_secret: smtp-host + SMTP_PASSWORD: + from_secret: smtp-password + SMTP_PORT: + from_secret: smtp-port + SMTP_USERNAME: + from_secret: smtp-username services: - name: docker - image: docker:dind + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f privileged: true volumes: - name: dockersock @@ -229,4 +222,10 @@ volumes: host: path: /etc/docker/certs.d +trigger: + event: + - promote + target: + - production + ... diff --git a/.drone/lib/public-secrets.libsonnet b/.drone/lib/public-secrets.libsonnet index 07b9349..044ae37 100644 --- a/.drone/lib/public-secrets.libsonnet +++ b/.drone/lib/public-secrets.libsonnet @@ -1,11 +1,11 @@ [ - 'commento-origin', - 'commento-smtp-host', - 'commento-smtp-port', - 'commento-smtp-username', - 'commento-smtp-from-address', - 'commento-forbid-new-owners', - 'commento-postgres-db', - 'commento-postgres-user', - 'commento-github-key', + 'origin', + 'smtp-host', + 'smtp-port', + 'smtp-username', + 'smtp-from-address', + 'forbid-new-owners', + 'postgres-db', + 'postgres-user', + 'github-key', ] diff --git a/.drone/lib/secret-secrets.libsonnet b/.drone/lib/secret-secrets.libsonnet index 13f6a4d..273b1dd 100644 --- a/.drone/lib/secret-secrets.libsonnet +++ b/.drone/lib/secret-secrets.libsonnet @@ -1,6 +1,6 @@ [ - 'commento-smtp-password', - 'commento-askimet-key', - 'commento-postgres-password', - 'commento-github-secret', + 'smtp-password', + 'askimet-key', + 'postgres-password', + 'github-secret', ] diff --git a/.drone/login.sh b/.drone/login.sh index c8ffffc..982ed2d 100644 --- a/.drone/login.sh +++ b/.drone/login.sh @@ -1 +1 @@ -docker login ${LOCAL_DOCKER_REGISTRY} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file +docker login ${REGISTRY_DOMAIN}:${REGISTRY_PORT} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file diff --git a/.drone/logout.sh b/.drone/logout.sh index 4bcacf0..2337c7c 100644 --- a/.drone/logout.sh +++ b/.drone/logout.sh @@ -1 +1 @@ -docker logout ${LOCAL_DOCKER_REGISTRY} \ No newline at end of file +docker logout ${REGISTRY_DOMAIN}:${REGISTRY_PORT} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json index 45387ae..22cfdd2 100644 --- a/.drone/package.json +++ b/.drone/package.json @@ -4,6 +4,6 @@ "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-drone": "^0.0.7" + "@sigyl/jsonnet-drone": "^0.1.0" } } diff --git a/.drone/yarn.lock b/.drone/yarn.lock index b97ecd6..44ab354 100644 --- a/.drone/yarn.lock +++ b/.drone/yarn.lock @@ -12,10 +12,10 @@ resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== -"@sigyl/jsonnet-drone@^0.0.7": - version "0.0.7" - resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.7.tgz#0f92ef15096b0c5497741ff56bfbd249de9edd66" - integrity sha512-353n/zExNnKPPZ235eLX3/DFXJVNIX8fdAeG3RvY+55538eGzDIk0/3HJd8jXsD6y0zxm+LexW5HghvXBMBOEA== +"@sigyl/jsonnet-drone@^0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.1.0.tgz#feda1797e8e9ef799cad72e65f7163ca26a9e3a5" + integrity sha512-QY/ngucxFOtLfL8Mt0f2bxN4fQDUOGOFtaRpSH2cNyg84xADkzehT0ORZtbLitr+AwhyF5KN/zAGvzkyNAoqPw== dependencies: "@sigyl/jsonnet-compose" "^0.0.2" "@sigyl/jsonnet-drone-environment" "0.0.5" diff --git a/README.md b/README.md index dd7ecda..4c63c42 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # commento ## secrets -* commento-github-key -* commento-github-secret -* commento-origin -* commento-postgres-password -* commento-smtp-from-address -* commento-smtp-host -* commento-smtp-port -* commento-smtp-username -* registry-password \ No newline at end of file + +* github-key +* github-secret +* origin +* postgres-password +* smtp-from-address +* smtp-host +* smtp-port +* smtp-username diff --git a/docker-compose.yml b/docker-compose.yml index fa1a0a7..571deb8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,18 +9,18 @@ services: condition: any image: registry.gitlab.com/commento/commento:latest environment: - COMMENTO_ORIGIN: $COMMENTO_ORIGIN - COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD - COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY - COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST - COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT - COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME - COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS - COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY - COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET - COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS - COMMENTO_PORT: 8080 - COMMENTO_POSTGRES: postgres://commento:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/commento?sslmode=disable + ORIGIN: $ORIGIN + SMTP_PASSWORD: $SMTP_PASSWORD + ASKIMET_KEY: $ASKIMET_KEY + SMTP_HOST: $SMTP_HOST + SMTP_PORT: $SMTP_PORT + SMTP_USERNAME: $SMTP_USERNAME + SMTP_FROM_ADDRESS: $SMTP_FROM_ADDRESS + GITHUB_KEY: $GITHUB_KEY + GITHUB_SECRET: $GITHUB_SECRET + FORBID_NEW_OWNERS: $FORBID_NEW_OWNERS + PORT: 8080 + POSTGRES: postgres://commento:${POSTGRES_PASSWORD}@commento-postgres:5432/commento?sslmode=disable networks: - appnet - externalnet @@ -35,7 +35,7 @@ services: environment: POSTGRES_DB: commento POSTGRES_USER: commento - POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} networks: - appnet volumes: