diff --git a/docker-compose.yml b/docker-compose.yml index 4b671d7..52b0ab1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,6 +25,7 @@ services: - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_USER_CREATE=username:giles,admin:true - DRONE_AGENTS_ENABLED=true + - DRONE_JSONNET_ENABLED=true - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} networks: diff --git a/drone-starlark/repos/chat/drone.star b/drone-starlark/repos/chat/drone.star index da07c76..297d452 100644 --- a/drone-starlark/repos/chat/drone.star +++ b/drone-starlark/repos/chat/drone.star @@ -30,13 +30,13 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-chat", publicSecrets, secretSecrets, ), - scp(base), deploy( "docker-compose.yml", name, diff --git a/drone-starlark/repos/chat/public-secrets.star b/drone-starlark/repos/chat/public-secrets.star index f3c1145..a56f68c 100644 --- a/drone-starlark/repos/chat/public-secrets.star +++ b/drone-starlark/repos/chat/public-secrets.star @@ -1,6 +1,5 @@ publicSecrets = [ "git-domain", - "local-docker-registry", "chat-admin-name", "chat-admin-email", ] \ No newline at end of file diff --git a/drone-starlark/repos/chat/secret-secrets.star b/drone-starlark/repos/chat/secret-secrets.star index 509b22a..2d1fba3 100644 --- a/drone-starlark/repos/chat/secret-secrets.star +++ b/drone-starlark/repos/chat/secret-secrets.star @@ -1,4 +1,3 @@ secretSecrets = [ "chat-admin-password", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/commento/drone.star b/drone-starlark/repos/commento/drone.star index 985259f..18f5328 100644 --- a/drone-starlark/repos/commento/drone.star +++ b/drone-starlark/repos/commento/drone.star @@ -30,13 +30,13 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-commento", publicSecrets, secretSecrets, ), - scp(base), deploy( "docker-compose.yml", name, diff --git a/drone-starlark/repos/commento/public-secrets.star b/drone-starlark/repos/commento/public-secrets.star index 9daf73d..876adda 100644 --- a/drone-starlark/repos/commento/public-secrets.star +++ b/drone-starlark/repos/commento/public-secrets.star @@ -7,5 +7,5 @@ publicSecrets = [ "commento-forbid-new-owners", "commento-postgres-db", "commento-postgres-user", - "commento-github-key", + "commento-github-key", ] \ No newline at end of file diff --git a/drone-starlark/repos/commento/secret-secrets.star b/drone-starlark/repos/commento/secret-secrets.star index 964aa36..89a50fb 100644 --- a/drone-starlark/repos/commento/secret-secrets.star +++ b/drone-starlark/repos/commento/secret-secrets.star @@ -3,5 +3,4 @@ secretSecrets = [ "commento-askimet-key", "commento-postgres-password", "commento-github-secret", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/deploy-from-registry.star b/drone-starlark/repos/deploy-from-registry.star new file mode 100644 index 0000000..9e59892 --- /dev/null +++ b/drone-starlark/repos/deploy-from-registry.star @@ -0,0 +1,39 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:export.star", "export") + +def deploy( + filename, + name, + folder, + secrets, + commands, + ctx +): + return { + "name": "deploy {name}".format(name = name), + "image": "appleboy/drone-ssh", + "environment": environment(secrets), + "settings": { + "envs": [x.replace("-", "_") for x in secrets ], + "host": fromSecret("ssh-host"), + "port": fromSecret("ssh-port"), + "username": fromSecret("ssh-root-user"), + "password": fromSecret("ssh-root-password"), + "script": [ + "set -e" + ] + + map(export, secrets) + + [ + "export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace), + "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), + "docker network prune -f", + "cd {folder}".format(folder=folder), + 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', + "docker stack rm {name}".format(name = name), + "sleep 30", + "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), + ] + commands + } + } diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index 9e59892..0f9dda1 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -30,7 +30,6 @@ def deploy( "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "docker network prune -f", "cd {folder}".format(folder=folder), - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', "docker stack rm {name}".format(name = name), "sleep 30", "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), diff --git a/drone-starlark/repos/drone/drone.star b/drone-starlark/repos/drone/drone.star index 3212a0f..56290c8 100644 --- a/drone-starlark/repos/drone/drone.star +++ b/drone-starlark/repos/drone/drone.star @@ -13,7 +13,7 @@ load("@this//drone:public-secrets.star", "publicSecrets") load("@this//drone:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") @@ -30,6 +30,7 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), build("drone-starlark"), printSecrets( @@ -37,7 +38,6 @@ def drone( publicSecrets, secretSecrets, ), - scp(base), pull( "pull images", [ diff --git a/drone-starlark/repos/ghost/drone.star b/drone-starlark/repos/ghost/drone.star index 73f159e..15fda2b 100644 --- a/drone-starlark/repos/ghost/drone.star +++ b/drone-starlark/repos/ghost/drone.star @@ -13,7 +13,7 @@ load("@this//ghost:public-secrets.star", "publicSecrets") load("@this//ghost:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") @@ -30,6 +30,7 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-ghost", @@ -37,7 +38,6 @@ def drone( secretSecrets, ), build("ghost"), - scp(base), pull( "pull images", [ diff --git a/drone-starlark/repos/gitea/drone.star b/drone-starlark/repos/gitea/drone.star index 00b2200..c6b8244 100644 --- a/drone-starlark/repos/gitea/drone.star +++ b/drone-starlark/repos/gitea/drone.star @@ -13,7 +13,7 @@ load("@this//gitea:public-secrets.star", "publicSecrets") load("@this//gitea:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") @@ -30,6 +30,7 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-gitea", @@ -37,7 +38,6 @@ def drone( secretSecrets, ), build("gitea"), - scp(base), pull( "pull images", [ diff --git a/drone-starlark/repos/guacamole/drone.star b/drone-starlark/repos/guacamole/drone.star index 8145f0b..0205155 100644 --- a/drone-starlark/repos/guacamole/drone.star +++ b/drone-starlark/repos/guacamole/drone.star @@ -13,7 +13,7 @@ load("@this//guacamole:public-secrets.star", "publicSecrets") load("@this//guacamole:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") @@ -30,6 +30,7 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-guacamole", @@ -37,7 +38,6 @@ def drone( secretSecrets, ), build("guacamole-postgresql"), - scp(base), pull( "pull images", [ diff --git a/drone-starlark/repos/huginn/drone.star b/drone-starlark/repos/huginn/drone.star new file mode 100644 index 0000000..df825ad --- /dev/null +++ b/drone-starlark/repos/huginn/drone.star @@ -0,0 +1,74 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:print-secrets.star", "printSecrets") + +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:echo.star", "echo") +load("@this//:export.star", "export") +load("@this//:echo-secret.star", "echoSecret") +load("@this//:wait.star", "wait") +load("@this//:build.star", "build") +load("@this//:scp.star", "scp") +load("@this//huginn:public-secrets.star", "publicSecrets") +load("@this//huginn:secret-secrets.star", "secretSecrets") +load("@this//:rescale.star", "rescale") +load("@this//:pull.star", "pull") +load("@this//:deploy.star", "deploy") +load("@this//:build-folder.star", "buildFolder") +load("@this//:build-docker-folder.star", "buildDockerFolder") +load("@this//:pipeline.star", "pipeline") + +def drone( + ctx, + branch, + base, + name, + commands, +): + if ctx.build.branch == branch: + return [ + pipeline( + branch, + [ + scp(base), + wait(15, "wait"), + printSecrets( + "env-huginn", + publicSecrets, + secretSecrets, + ), + deploy( + "docker-compose.yml", + name, + base, + publicSecrets + secretSecrets, + commands, + ctx + ), + ], + [], + [ + { + "name": "ca", + "host": { + "path": "/etc/docker/certs.d", + }, + } + ], + [ + { + "name": "ca", + "path": "/etc/docker/certs.d", + }, + ] + ), + ] + else: + return pipeline( + ctx.build.branch, + [], + [], + [], + [], + ) + \ No newline at end of file diff --git a/drone-starlark/repos/huginn/public-secrets.star b/drone-starlark/repos/huginn/public-secrets.star new file mode 100644 index 0000000..f2f23bc --- /dev/null +++ b/drone-starlark/repos/huginn/public-secrets.star @@ -0,0 +1,7 @@ +publicSecrets = [ + "smtp-domain", + "smtp-user-name", + "smtp-server", + "email-from-address", + "smtp-port", +] \ No newline at end of file diff --git a/drone-starlark/repos/huginn/secret-secrets.star b/drone-starlark/repos/huginn/secret-secrets.star new file mode 100644 index 0000000..2233f55 --- /dev/null +++ b/drone-starlark/repos/huginn/secret-secrets.star @@ -0,0 +1,5 @@ +secretSecrets = [ + "smtp-password", + "invitation-code", + "database-password", +] \ No newline at end of file diff --git a/drone-starlark/repos/huginn/stack-name._star b/drone-starlark/repos/huginn/stack-name._star new file mode 100644 index 0000000..ff2c406 --- /dev/null +++ b/drone-starlark/repos/huginn/stack-name._star @@ -0,0 +1 @@ +stackName='huginn' \ No newline at end of file diff --git a/drone-starlark/repos/huginn/stack-root._star b/drone-starlark/repos/huginn/stack-root._star new file mode 100644 index 0000000..e4fbb05 --- /dev/null +++ b/drone-starlark/repos/huginn/stack-root._star @@ -0,0 +1 @@ +stackRoot='/stack/huginn' \ No newline at end of file diff --git a/drone-starlark/repos/matomo/drone.star b/drone-starlark/repos/matomo/drone.star index a8c2d6a..8bfa3ce 100644 --- a/drone-starlark/repos/matomo/drone.star +++ b/drone-starlark/repos/matomo/drone.star @@ -30,13 +30,13 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-matomo", publicSecrets, secretSecrets, ), - scp(base), deploy( "docker-compose.yml", name, diff --git a/drone-starlark/repos/matomo/secret-secrets.star b/drone-starlark/repos/matomo/secret-secrets.star index 5c049ef..373c06d 100644 --- a/drone-starlark/repos/matomo/secret-secrets.star +++ b/drone-starlark/repos/matomo/secret-secrets.star @@ -1,5 +1,4 @@ secretSecrets = [ "matomo-mysql-root-password", "matomo-mysql-password", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/portainer/drone.star b/drone-starlark/repos/portainer/drone.star index 692ff67..cb2e040 100644 --- a/drone-starlark/repos/portainer/drone.star +++ b/drone-starlark/repos/portainer/drone.star @@ -30,13 +30,13 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-portainer", publicSecrets, secretSecrets, ), - scp(base), deploy( "docker-compose.yml", name, diff --git a/drone-starlark/repos/portainer/secret-secrets.star b/drone-starlark/repos/portainer/secret-secrets.star index d58bfd8..301110f 100644 --- a/drone-starlark/repos/portainer/secret-secrets.star +++ b/drone-starlark/repos/portainer/secret-secrets.star @@ -1,3 +1 @@ -secretSecrets = [ - "registry-password", -] +secretSecrets = [] diff --git a/drone-starlark/repos/proxy/drone.star b/drone-starlark/repos/proxy/drone.star index 6094734..821be5c 100644 --- a/drone-starlark/repos/proxy/drone.star +++ b/drone-starlark/repos/proxy/drone.star @@ -13,7 +13,7 @@ load("@this//proxy:public-secrets.star", "publicSecrets") load("@this//proxy:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") @@ -30,6 +30,7 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-proxy", @@ -46,6 +47,13 @@ def drone( "letsencrypt-nginx", "git", ), + buildDockerFolder( + "Dockerfile.huginn", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", + "$${LOCAL_DOCKER_REGISTRY}letsencrypt-huginn", + "letsencrypt-nginx", + "huginn", + ), buildDockerFolder( "Dockerfile.drone", "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", @@ -53,7 +61,6 @@ def drone( "letsencrypt-nginx", "drone", ), - scp(base), pull( "pull images", [ @@ -61,6 +68,7 @@ def drone( "registry", "letsencrypt-git", "letsencrypt-drone", + "letsencrypt-huginn", ], ), deploy( diff --git a/drone-starlark/repos/proxy/public-secrets.star b/drone-starlark/repos/proxy/public-secrets.star index 4867439..8af7771 100644 --- a/drone-starlark/repos/proxy/public-secrets.star +++ b/drone-starlark/repos/proxy/public-secrets.star @@ -1,6 +1,7 @@ publicSecrets = [ "certbot-email", "drone-domain", + "huginn-domain", "git-domain", "local-docker-registry", ] \ No newline at end of file diff --git a/drone-starlark/repos/zabbix/drone.star b/drone-starlark/repos/zabbix/drone.star index 59296e9..86dda91 100644 --- a/drone-starlark/repos/zabbix/drone.star +++ b/drone-starlark/repos/zabbix/drone.star @@ -30,13 +30,13 @@ def drone( pipeline( branch, [ + scp(base), wait(15, "wait"), printSecrets( "env-zabbix", publicSecrets, secretSecrets, ), - scp(base), deploy( "docker-compose.yml", name, diff --git a/drone-starlark/repos/zabbix/public-secrets.star b/drone-starlark/repos/zabbix/public-secrets.star index 19b8978..a3939ad 100644 --- a/drone-starlark/repos/zabbix/public-secrets.star +++ b/drone-starlark/repos/zabbix/public-secrets.star @@ -1,3 +1 @@ -publicSecrets = [ - "local-docker-registry", -] \ No newline at end of file +publicSecrets = [] \ No newline at end of file diff --git a/drone-starlark/repos/zabbix/secret-secrets.star b/drone-starlark/repos/zabbix/secret-secrets.star index 01d7873..621d7da 100644 --- a/drone-starlark/repos/zabbix/secret-secrets.star +++ b/drone-starlark/repos/zabbix/secret-secrets.star @@ -1,5 +1,4 @@ secretSecrets = [ "zabbix-mysql-root-password", "zabbix-mysql-password", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/run.sh b/drone-starlark/run.sh index fe84c69..fff70cc 100644 --- a/drone-starlark/run.sh +++ b/drone-starlark/run.sh @@ -19,6 +19,9 @@ envsubst < /repos/guacamole/stack-root._star > /repos/guacamole/stack-root.star envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star +envsubst < /repos/huginn/stack-name._star > /repos/huginn/stack-name.star +envsubst < /repos/huginn/stack-root._star > /repos/huginn/stack-root.star + envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star