From 5f0e7083d1df05541ccbbcb620a9e07266852a68 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Fri, 28 Aug 2020 21:49:27 +0100 Subject: [PATCH] ci: jsonnet-drone@0.1.0 --- .drone/build.sh | 1 + deploy.sh => .drone/deploy.sh | 0 .drone/drone-home.jsonnet | 30 ++++ .drone/drone-home.yml | 231 ++++++++++++++++++++++++++++ .drone/lib/public-secrets.libsonnet | 11 ++ .drone/lib/secret-secrets.libsonnet | 6 + .drone/login.sh | 1 + .drone/logout.sh | 1 + .drone/package.json | 9 ++ .drone/pull.sh | 1 + .drone/push.sh | 1 + .drone/yarn.lock | 21 +++ .versionrc copy | 3 + CHANGELOG.md | 8 + README.md | 18 +-- docker-compose.yml | 24 +-- git-hooks/pre-commit | 3 + package.json | 2 +- 18 files changed, 349 insertions(+), 22 deletions(-) create mode 100644 .drone/build.sh rename deploy.sh => .drone/deploy.sh (100%) create mode 100644 .drone/drone-home.jsonnet create mode 100644 .drone/drone-home.yml create mode 100644 .drone/lib/public-secrets.libsonnet create mode 100644 .drone/lib/secret-secrets.libsonnet create mode 100644 .drone/login.sh create mode 100644 .drone/logout.sh create mode 100644 .drone/package.json create mode 100644 .drone/pull.sh create mode 100644 .drone/push.sh create mode 100644 .drone/yarn.lock create mode 100644 .versionrc copy create mode 100755 git-hooks/pre-commit diff --git a/.drone/build.sh b/.drone/build.sh new file mode 100644 index 0000000..e41d3f1 --- /dev/null +++ b/.drone/build.sh @@ -0,0 +1 @@ +echo 'nothing to build' diff --git a/deploy.sh b/.drone/deploy.sh similarity index 100% rename from deploy.sh rename to .drone/deploy.sh diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet new file mode 100644 index 0000000..8d98a55 --- /dev/null +++ b/.drone/drone-home.jsonnet @@ -0,0 +1,30 @@ + +local secretSecrets = import 'lib/secret-secrets.libsonnet'; +local publicSecrets = import 'lib/public-secrets.libsonnet'; + +local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; +local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet'; +[ + register, + deploy( + 'commento', + '/stack/', + [], + publicSecrets, + secretSecrets, + [ + 'REGISTRY_DOMAIN', + 'REGISTRY_PORT', + 'REGISTRY_PASSWORD', + ] + ) { + trigger +: { + event +: [ + 'promote', + ], + target +: [ + 'production', + ], + }, + }, +] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml new file mode 100644 index 0000000..fc6b105 --- /dev/null +++ b/.drone/drone-home.yml @@ -0,0 +1,231 @@ +--- +kind: pipeline +type: docker +name: register + +platform: + os: linux + arch: amd64 + +clone: + disable: true + +trigger: + event: + exclude: + - promote + +--- +kind: pipeline +type: docker +name: deploy + +platform: + os: linux + arch: amd64 + +steps: +- name: print env + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea + settings: + envs: + - drone_tag + - drone_commit + - drone_build_number + - drone_repo_name + - drone_repo_namespace + - origin + - smtp_host + - smtp_port + - smtp_username + - smtp_from_address + - forbid_new_owners + - postgres_db + - postgres_user + - github_key + - smtp_password + - askimet_key + - postgres_password + - github_secret + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} + script: + - rm -f env-commento + - "echo \"export ORIGIN='$${ORIGIN}'\" >> env-commento # \"origin\"" + - "echo \"export SMTP_HOST='$${SMTP_HOST}'\" >> env-commento # \"smtp-host\"" + - "echo \"export SMTP_PORT='$${SMTP_PORT}'\" >> env-commento # \"smtp-port\"" + - "echo \"export SMTP_USERNAME='$${SMTP_USERNAME}'\" >> env-commento # \"smtp-username\"" + - "echo \"export SMTP_FROM_ADDRESS='$${SMTP_FROM_ADDRESS}'\" >> env-commento # \"smtp-from-address\"" + - "echo \"export FORBID_NEW_OWNERS='$${FORBID_NEW_OWNERS}'\" >> env-commento # \"forbid-new-owners\"" + - "echo \"export POSTGRES_DB='$${POSTGRES_DB}'\" >> env-commento # \"postgres-db\"" + - "echo \"export POSTGRES_USER='$${POSTGRES_USER}'\" >> env-commento # \"postgres-user\"" + - "echo \"export GITHUB_KEY='$${GITHUB_KEY}'\" >> env-commento # \"github-key\"" + - "echo \"export SMTP_PASSWORD='$${SMTP_PASSWORD}'\" >> env-commento # \"smtp-password\"" + - "echo \"export ASKIMET_KEY='$${ASKIMET_KEY}'\" >> env-commento # \"askimet-key\"" + - "echo \"export POSTGRES_PASSWORD='$${POSTGRES_PASSWORD}'\" >> env-commento # \"postgres-password\"" + - "echo \"export GITHUB_SECRET='$${GITHUB_SECRET}'\" >> env-commento # \"github-secret\"" + username: ${SSH_USER} + environment: + ASKIMET_KEY: + from_secret: askimet-key + FORBID_NEW_OWNERS: + from_secret: forbid-new-owners + GITHUB_KEY: + from_secret: github-key + GITHUB_SECRET: + from_secret: github-secret + ORIGIN: + from_secret: origin + POSTGRES_DB: + from_secret: postgres-db + POSTGRES_PASSWORD: + from_secret: postgres-password + POSTGRES_USER: + from_secret: postgres-user + SMTP_FROM_ADDRESS: + from_secret: smtp-from-address + SMTP_HOST: + from_secret: smtp-host + SMTP_PASSWORD: + from_secret: smtp-password + SMTP_PORT: + from_secret: smtp-port + SMTP_USERNAME: + from_secret: smtp-username + +- name: scp + image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 + settings: + command_timeout: 2m + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} + source: + - . + target: /stack/commento + username: ${SSH_USER} + +- name: wait + image: alpine:3.12.0@sha256:90baa0922fe90624b05cb5766fa5da4e337921656c2f8e2b13bd3c052a0baac1 + commands: + - sleep 15 + +- name: "dockerbuild:" + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f + commands: + - set -e + - sh .drone/login.sh + - sh .drone/build.sh + - sh .drone/push.sh + - sh .drone/logout.sh + volumes: + - name: dockersock + path: /var/run + +- name: deploy + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea + settings: + envs: + - drone_tag + - drone_commit + - drone_build_number + - drone_repo_name + - drone_repo_namespace + - registry_domain + - registry_port + - registry_password + - origin + - smtp_host + - smtp_port + - smtp_username + - smtp_from_address + - forbid_new_owners + - postgres_db + - postgres_user + - github_key + - smtp_password + - askimet_key + - postgres_password + - github_secret + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} + script: + - export SMTP_PASSWORD=$${SMTP_PASSWORD} + - export ASKIMET_KEY=$${ASKIMET_KEY} + - export POSTGRES_PASSWORD=$${POSTGRES_PASSWORD} + - export GITHUB_SECRET=$${GITHUB_SECRET} + - export ORIGIN=$${ORIGIN} + - export SMTP_HOST=$${SMTP_HOST} + - export SMTP_PORT=$${SMTP_PORT} + - export SMTP_USERNAME=$${SMTP_USERNAME} + - export SMTP_FROM_ADDRESS=$${SMTP_FROM_ADDRESS} + - export FORBID_NEW_OWNERS=$${FORBID_NEW_OWNERS} + - export POSTGRES_DB=$${POSTGRES_DB} + - export POSTGRES_USER=$${POSTGRES_USER} + - export GITHUB_KEY=$${GITHUB_KEY} + - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} + - export REGISTRY_PORT=$${REGISTRY_PORT} + - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} + - set -e + - cd /stack/commento + - sh .drone/login.sh + - sh .drone/pull.sh + - sh .drone/deploy.sh + username: ${SSH_USER} + environment: + ASKIMET_KEY: + from_secret: askimet-key + FORBID_NEW_OWNERS: + from_secret: forbid-new-owners + GITHUB_KEY: + from_secret: github-key + GITHUB_SECRET: + from_secret: github-secret + ORIGIN: + from_secret: origin + POSTGRES_DB: + from_secret: postgres-db + POSTGRES_PASSWORD: + from_secret: postgres-password + POSTGRES_USER: + from_secret: postgres-user + SMTP_FROM_ADDRESS: + from_secret: smtp-from-address + SMTP_HOST: + from_secret: smtp-host + SMTP_PASSWORD: + from_secret: smtp-password + SMTP_PORT: + from_secret: smtp-port + SMTP_USERNAME: + from_secret: smtp-username + +services: +- name: docker + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f + privileged: true + volumes: + - name: dockersock + path: /var/run + - name: ca + path: /etc/docker/certs.d + +volumes: +- name: dockersock + temp: {} +- name: ca + host: + path: /etc/docker/certs.d + +trigger: + event: + - promote + target: + - production + +... diff --git a/.drone/lib/public-secrets.libsonnet b/.drone/lib/public-secrets.libsonnet new file mode 100644 index 0000000..044ae37 --- /dev/null +++ b/.drone/lib/public-secrets.libsonnet @@ -0,0 +1,11 @@ +[ + 'origin', + 'smtp-host', + 'smtp-port', + 'smtp-username', + 'smtp-from-address', + 'forbid-new-owners', + 'postgres-db', + 'postgres-user', + 'github-key', +] diff --git a/.drone/lib/secret-secrets.libsonnet b/.drone/lib/secret-secrets.libsonnet new file mode 100644 index 0000000..273b1dd --- /dev/null +++ b/.drone/lib/secret-secrets.libsonnet @@ -0,0 +1,6 @@ +[ + 'smtp-password', + 'askimet-key', + 'postgres-password', + 'github-secret', +] diff --git a/.drone/login.sh b/.drone/login.sh new file mode 100644 index 0000000..982ed2d --- /dev/null +++ b/.drone/login.sh @@ -0,0 +1 @@ +docker login ${REGISTRY_DOMAIN}:${REGISTRY_PORT} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file diff --git a/.drone/logout.sh b/.drone/logout.sh new file mode 100644 index 0000000..2337c7c --- /dev/null +++ b/.drone/logout.sh @@ -0,0 +1 @@ +docker logout ${REGISTRY_DOMAIN}:${REGISTRY_PORT} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json new file mode 100644 index 0000000..22cfdd2 --- /dev/null +++ b/.drone/package.json @@ -0,0 +1,9 @@ +{ + "private": true, + "scripts": { + "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" + }, + "dependencies": { + "@sigyl/jsonnet-drone": "^0.1.0" + } +} diff --git a/.drone/pull.sh b/.drone/pull.sh new file mode 100644 index 0000000..a3c2118 --- /dev/null +++ b/.drone/pull.sh @@ -0,0 +1 @@ +echo 'nothing to pull' diff --git a/.drone/push.sh b/.drone/push.sh new file mode 100644 index 0000000..8aa5b36 --- /dev/null +++ b/.drone/push.sh @@ -0,0 +1 @@ +echo 'nothing to push' diff --git a/.drone/yarn.lock b/.drone/yarn.lock new file mode 100644 index 0000000..44ab354 --- /dev/null +++ b/.drone/yarn.lock @@ -0,0 +1,21 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@sigyl/jsonnet-compose@^0.0.2": + version "0.0.2" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-compose/-/jsonnet-compose-0.0.2.tgz#8900a21e8cd8109929b6042703f8645aacb9bcda" + integrity sha512-wWS3CgPeNi/o1pcS6n/4pafxlMD0KC9/RKMZr/ySmzeGNRW++sPuKuxajYse2TNd47uNDdeUSnk4aEeEIKL0zA== + +"@sigyl/jsonnet-drone-environment@0.0.5": + version "0.0.5" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" + integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== + +"@sigyl/jsonnet-drone@^0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.1.0.tgz#feda1797e8e9ef799cad72e65f7163ca26a9e3a5" + integrity sha512-QY/ngucxFOtLfL8Mt0f2bxN4fQDUOGOFtaRpSH2cNyg84xADkzehT0ORZtbLitr+AwhyF5KN/zAGvzkyNAoqPw== + dependencies: + "@sigyl/jsonnet-compose" "^0.0.2" + "@sigyl/jsonnet-drone-environment" "0.0.5" diff --git a/.versionrc copy b/.versionrc copy new file mode 100644 index 0000000..37b4bcc --- /dev/null +++ b/.versionrc copy @@ -0,0 +1,3 @@ +{ + "tagMessageInChangeLog": true +} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 361d7ca..8c5edf4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,4 +2,12 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +### [0.0.5](https://sigyl.com///compare/v0.0.4...v0.0.5) "chore(release): 0.0.5" (2020-08-19) + +### [0.0.4](https://sigyl.com///compare/v0.0.3...v0.0.4) "chore(release): 0.0.4" (2020-08-19) + +### [0.0.3](https://sigyl.com///compare/v0.0.2...v0.0.3) "chore(release): 0.0.3" (2020-08-19) + +### [0.0.2](https://sigyl.com///compare/v0.0.1...v0.0.2) "chore(release): 0.0.2" (2020-08-19) + ### 0.0.1 "initial release" (2020-08-11) diff --git a/README.md b/README.md index dd7ecda..4c63c42 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # commento ## secrets -* commento-github-key -* commento-github-secret -* commento-origin -* commento-postgres-password -* commento-smtp-from-address -* commento-smtp-host -* commento-smtp-port -* commento-smtp-username -* registry-password \ No newline at end of file + +* github-key +* github-secret +* origin +* postgres-password +* smtp-from-address +* smtp-host +* smtp-port +* smtp-username diff --git a/docker-compose.yml b/docker-compose.yml index fa1a0a7..a67f61b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,18 +9,18 @@ services: condition: any image: registry.gitlab.com/commento/commento:latest environment: - COMMENTO_ORIGIN: $COMMENTO_ORIGIN - COMMENTO_SMTP_PASSWORD: $COMMENTO_SMTP_PASSWORD - COMMENTO_ASKIMET_KEY: $COMMENTO_ASKIMET_KEY - COMMENTO_SMTP_HOST: $COMMENTO_SMTP_HOST - COMMENTO_SMTP_PORT: $COMMENTO_SMTP_PORT - COMMENTO_SMTP_USERNAME: $COMMENTO_SMTP_USERNAME - COMMENTO_SMTP_FROM_ADDRESS: $COMMENTO_SMTP_FROM_ADDRESS - COMMENTO_GITHUB_KEY: $COMMENTO_GITHUB_KEY - COMMENTO_GITHUB_SECRET: $COMMENTO_GITHUB_SECRET - COMMENTO_FORBID_NEW_OWNERS: $COMMENTO_FORBID_NEW_OWNERS + COMMENTO_ORIGIN: $ORIGIN + COMMENTO_SMTP_PASSWORD: $SMTP_PASSWORD + COMMENTO_ASKIMET_KEY: $ASKIMET_KEY + COMMENTO_SMTP_HOST: $SMTP_HOST + COMMENTO_SMTP_PORT: $SMTP_PORT + COMMENTO_SMTP_USERNAME: $SMTP_USERNAME + COMMENTO_SMTP_FROM_ADDRESS: $SMTP_FROM_ADDRESS + COMMENTO_GITHUB_KEY: $GITHUB_KEY + COMMENTO_GITHUB_SECRET: $GITHUB_SECRET + COMMENTO_FORBID_NEW_OWNERS: $FORBID_NEW_OWNERS COMMENTO_PORT: 8080 - COMMENTO_POSTGRES: postgres://commento:${COMMENTO_POSTGRES_PASSWORD}@commento-postgres:5432/commento?sslmode=disable + COMMENTO_POSTGRES: postgres://commento:${POSTGRES_PASSWORD}@commento-postgres:5432/commento?sslmode=disable networks: - appnet - externalnet @@ -35,7 +35,7 @@ services: environment: POSTGRES_DB: commento POSTGRES_USER: commento - POSTGRES_PASSWORD: ${COMMENTO_POSTGRES_PASSWORD} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} networks: - appnet volumes: diff --git a/git-hooks/pre-commit b/git-hooks/pre-commit new file mode 100755 index 0000000..7161ae2 --- /dev/null +++ b/git-hooks/pre-commit @@ -0,0 +1,3 @@ +drone jsonnet --source .drone/drone-home.jsonnet --target .drone/drone-home.yml --stream \ +&& git add .drone/drone-home.yml \ +&& echo "jsonnet built" \ No newline at end of file diff --git a/package.json b/package.json index 5b1a477..9b6a327 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "private": true, "name": "commento", - "version": "0.0.1", + "version": "0.0.5", "description": "commento", "scripts": { "deploy": "sh deploy.sh",