stack
/
drone
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Merge branch 'home-deploy'

This commit is contained in:
Giles Bradshaw 2020-08-10 15:52:01 +01:00
parent 3ee0f227ea b4a444178c
commit 14182f6256
28 changed files with 158 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@ -25,6 +25,7 @@ services:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:giles,admin:true
- DRONE_AGENTS_ENABLED=true
- DRONE_JSONNET_ENABLED=true
- DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
- DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
networks:

2
drone-starlark/repos/chat/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-chat",
publicSecrets,
secretSecrets,
),
scp(base),
deploy(
"docker-compose.yml",
name,

1
drone-starlark/repos/chat/public-secrets.star
View File

@ -1,6 +1,5 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"chat-admin-name",
"chat-admin-email",
]

1
drone-starlark/repos/chat/secret-secrets.star
View File

@ -1,4 +1,3 @@
secretSecrets = [
"chat-admin-password",
"registry-password",
]

2
drone-starlark/repos/commento/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-commento",
publicSecrets,
secretSecrets,
),
scp(base),
deploy(
"docker-compose.yml",
name,

2
drone-starlark/repos/commento/public-secrets.star
View File

@ -7,5 +7,5 @@ publicSecrets = [
"commento-forbid-new-owners",
"commento-postgres-db",
"commento-postgres-user",
"commento-github-key",
"commento-github-key",
]

1
drone-starlark/repos/commento/secret-secrets.star
View File

@ -3,5 +3,4 @@ secretSecrets = [
"commento-askimet-key",
"commento-postgres-password",
"commento-github-secret",
"registry-password",
]

39
drone-starlark/repos/deploy-from-registry.star Normal file
View File

@ -0,0 +1,39 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

1
drone-starlark/repos/deploy.star
View File

@ -30,7 +30,6 @@ def deploy(
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),

4
drone-starlark/repos/drone/drone.star
View File

@ -13,7 +13,7 @@ load("@this//drone:public-secrets.star", "publicSecrets")
load("@this//drone:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
build("drone-starlark"),
printSecrets(
@ -37,7 +38,6 @@ def drone(
publicSecrets,
secretSecrets,
),
scp(base),
pull(
"pull images",
[

4
drone-starlark/repos/ghost/drone.star
View File

@ -13,7 +13,7 @@ load("@this//ghost:public-secrets.star", "publicSecrets")
load("@this//ghost:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-ghost",
@ -37,7 +38,6 @@ def drone(
secretSecrets,
),
build("ghost"),
scp(base),
pull(
"pull images",
[

4
drone-starlark/repos/gitea/drone.star
View File

@ -13,7 +13,7 @@ load("@this//gitea:public-secrets.star", "publicSecrets")
load("@this//gitea:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-gitea",
@ -37,7 +38,6 @@ def drone(
secretSecrets,
),
build("gitea"),
scp(base),
pull(
"pull images",
[

4
drone-starlark/repos/guacamole/drone.star
View File

@ -13,7 +13,7 @@ load("@this//guacamole:public-secrets.star", "publicSecrets")
load("@this//guacamole:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-guacamole",
@ -37,7 +38,6 @@ def drone(
secretSecrets,
),
build("guacamole-postgresql"),
scp(base),
pull(
"pull images",
[

74
drone-starlark/repos/huginn/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//huginn:public-secrets.star", "publicSecrets")
load("@this//huginn:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-huginn",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/huginn/public-secrets.star Normal file
View File

@ -0,0 +1,7 @@
publicSecrets = [
"smtp-domain",
"smtp-user-name",
"smtp-server",
"email-from-address",
"smtp-port",
]

5
drone-starlark/repos/huginn/secret-secrets.star Normal file
View File

@ -0,0 +1,5 @@
secretSecrets = [
"smtp-password",
"invitation-code",
"database-password",
]

1
drone-starlark/repos/huginn/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='huginn'

1
drone-starlark/repos/huginn/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/huginn'

2
drone-starlark/repos/matomo/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-matomo",
publicSecrets,
secretSecrets,
),
scp(base),
deploy(
"docker-compose.yml",
name,

1
drone-starlark/repos/matomo/secret-secrets.star
View File

@ -1,5 +1,4 @@
secretSecrets = [
"matomo-mysql-root-password",
"matomo-mysql-password",
"registry-password",
]

2
drone-starlark/repos/portainer/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-portainer",
publicSecrets,
secretSecrets,
),
scp(base),
deploy(
"docker-compose.yml",
name,

4
drone-starlark/repos/portainer/secret-secrets.star
View File

@ -1,3 +1 @@
secretSecrets = [
"registry-password",
]
secretSecrets = []

12
drone-starlark/repos/proxy/drone.star
View File

@ -13,7 +13,7 @@ load("@this//proxy:public-secrets.star", "publicSecrets")
load("@this//proxy:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-proxy",
@ -46,6 +47,13 @@ def drone(
"letsencrypt-nginx",
"git",
),
buildDockerFolder(
"Dockerfile.huginn",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-huginn",
"letsencrypt-nginx",
"huginn",
),
buildDockerFolder(
"Dockerfile.drone",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
@ -53,7 +61,6 @@ def drone(
"letsencrypt-nginx",
"drone",
),
scp(base),
pull(
"pull images",
[
@ -61,6 +68,7 @@ def drone(
"registry",
"letsencrypt-git",
"letsencrypt-drone",
"letsencrypt-huginn",
],
),
deploy(

1
drone-starlark/repos/proxy/public-secrets.star
View File

@ -1,6 +1,7 @@
publicSecrets = [
"certbot-email",
"drone-domain",
"huginn-domain",
"git-domain",
"local-docker-registry",
]

2
drone-starlark/repos/zabbix/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-zabbix",
publicSecrets,
secretSecrets,
),
scp(base),
deploy(
"docker-compose.yml",
name,

4
drone-starlark/repos/zabbix/public-secrets.star
View File

@ -1,3 +1 @@
publicSecrets = [
"local-docker-registry",
]
publicSecrets = []

1
drone-starlark/repos/zabbix/secret-secrets.star
View File

@ -1,5 +1,4 @@
secretSecrets = [
"zabbix-mysql-root-password",
"zabbix-mysql-password",
"registry-password",
]

3
drone-starlark/run.sh
View File

@ -19,6 +19,9 @@ envsubst < /repos/guacamole/stack-root._star > /repos/guacamole/stack-root.star
envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star
envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star
envsubst < /repos/huginn/stack-name._star > /repos/huginn/stack-name.star
envsubst < /repos/huginn/stack-root._star > /repos/huginn/stack-root.star
envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star
envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star