stack
/
drone
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Merge branch 'home-deploy'

This commit is contained in:
Giles Bradshaw 2020-08-10 15:52:01 +01:00
parent 3ee0f227ea b4a444178c
commit 14182f6256
28 changed files with 158 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@ -25,6 +25,7 @@ services:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:giles,admin:true - DRONE_USER_CREATE=username:giles,admin:true
- DRONE_AGENTS_ENABLED=true - DRONE_AGENTS_ENABLED=true
- DRONE_JSONNET_ENABLED=true
- DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
- DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
networks: networks:

2
drone-starlark/repos/chat/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-chat", "env-chat",
publicSecrets, publicSecrets,
secretSecrets, secretSecrets,
), ),
scp(base),
deploy( deploy(
"docker-compose.yml", "docker-compose.yml",
name, name,

1
drone-starlark/repos/chat/public-secrets.star
View File

@ -1,6 +1,5 @@
publicSecrets = [ publicSecrets = [
"git-domain", "git-domain",
"local-docker-registry",
"chat-admin-name", "chat-admin-name",
"chat-admin-email", "chat-admin-email",
] ]

1
drone-starlark/repos/chat/secret-secrets.star
View File

@ -1,4 +1,3 @@
secretSecrets = [ secretSecrets = [
"chat-admin-password", "chat-admin-password",
"registry-password",
] ]

2
drone-starlark/repos/commento/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-commento", "env-commento",
publicSecrets, publicSecrets,
secretSecrets, secretSecrets,
), ),
scp(base),
deploy( deploy(
"docker-compose.yml", "docker-compose.yml",
name, name,

2
drone-starlark/repos/commento/public-secrets.star
View File

@ -7,5 +7,5 @@ publicSecrets = [
"commento-forbid-new-owners", "commento-forbid-new-owners",
"commento-postgres-db", "commento-postgres-db",
"commento-postgres-user", "commento-postgres-user",
"commento-github-key", "commento-github-key",
] ]

1
drone-starlark/repos/commento/secret-secrets.star
View File

@ -3,5 +3,4 @@ secretSecrets = [
"commento-askimet-key", "commento-askimet-key",
"commento-postgres-password", "commento-postgres-password",
"commento-github-secret", "commento-github-secret",
"registry-password",
] ]

39
drone-starlark/repos/deploy-from-registry.star Normal file
View File

@ -0,0 +1,39 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

1
drone-starlark/repos/deploy.star
View File

@ -30,7 +30,6 @@ def deploy(
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f", "docker network prune -f",
"cd {folder}".format(folder=folder), "cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name), "docker stack rm {name}".format(name = name),
"sleep 30", "sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename), "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),

4
drone-starlark/repos/drone/drone.star
View File

@ -13,7 +13,7 @@ load("@this//drone:public-secrets.star", "publicSecrets")
load("@this//drone:secret-secrets.star", "secretSecrets") load("@this//drone:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale") load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull") load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy") load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder") load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline") load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
build("drone-starlark"), build("drone-starlark"),
printSecrets( printSecrets(
@ -37,7 +38,6 @@ def drone(
publicSecrets, publicSecrets,
secretSecrets, secretSecrets,
), ),
scp(base),
pull( pull(
"pull images", "pull images",
[ [

4
drone-starlark/repos/ghost/drone.star
View File

@ -13,7 +13,7 @@ load("@this//ghost:public-secrets.star", "publicSecrets")
load("@this//ghost:secret-secrets.star", "secretSecrets") load("@this//ghost:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale") load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull") load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy") load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder") load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline") load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-ghost", "env-ghost",
@ -37,7 +38,6 @@ def drone(
secretSecrets, secretSecrets,
), ),
build("ghost"), build("ghost"),
scp(base),
pull( pull(
"pull images", "pull images",
[ [

4
drone-starlark/repos/gitea/drone.star
View File

@ -13,7 +13,7 @@ load("@this//gitea:public-secrets.star", "publicSecrets")
load("@this//gitea:secret-secrets.star", "secretSecrets") load("@this//gitea:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale") load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull") load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy") load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder") load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline") load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-gitea", "env-gitea",
@ -37,7 +38,6 @@ def drone(
secretSecrets, secretSecrets,
), ),
build("gitea"), build("gitea"),
scp(base),
pull( pull(
"pull images", "pull images",
[ [

4
drone-starlark/repos/guacamole/drone.star
View File

@ -13,7 +13,7 @@ load("@this//guacamole:public-secrets.star", "publicSecrets")
load("@this//guacamole:secret-secrets.star", "secretSecrets") load("@this//guacamole:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale") load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull") load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy") load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder") load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline") load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-guacamole", "env-guacamole",
@ -37,7 +38,6 @@ def drone(
secretSecrets, secretSecrets,
), ),
build("guacamole-postgresql"), build("guacamole-postgresql"),
scp(base),
pull( pull(
"pull images", "pull images",
[ [

74
drone-starlark/repos/huginn/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//huginn:public-secrets.star", "publicSecrets")
load("@this//huginn:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-huginn",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/huginn/public-secrets.star Normal file
View File

@ -0,0 +1,7 @@
publicSecrets = [
"smtp-domain",
"smtp-user-name",
"smtp-server",
"email-from-address",
"smtp-port",
]

5
drone-starlark/repos/huginn/secret-secrets.star Normal file
View File

@ -0,0 +1,5 @@
secretSecrets = [
"smtp-password",
"invitation-code",
"database-password",
]

1
drone-starlark/repos/huginn/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='huginn'

1
drone-starlark/repos/huginn/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/huginn'

2
drone-starlark/repos/matomo/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-matomo", "env-matomo",
publicSecrets, publicSecrets,
secretSecrets, secretSecrets,
), ),
scp(base),
deploy( deploy(
"docker-compose.yml", "docker-compose.yml",
name, name,

1
drone-starlark/repos/matomo/secret-secrets.star
View File

@ -1,5 +1,4 @@
secretSecrets = [ secretSecrets = [
"matomo-mysql-root-password", "matomo-mysql-root-password",
"matomo-mysql-password", "matomo-mysql-password",
"registry-password",
] ]

2
drone-starlark/repos/portainer/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-portainer", "env-portainer",
publicSecrets, publicSecrets,
secretSecrets, secretSecrets,
), ),
scp(base),
deploy( deploy(
"docker-compose.yml", "docker-compose.yml",
name, name,

4
drone-starlark/repos/portainer/secret-secrets.star
View File

@ -1,3 +1 @@
secretSecrets = [ secretSecrets = []
"registry-password",
]

12
drone-starlark/repos/proxy/drone.star
View File

@ -13,7 +13,7 @@ load("@this//proxy:public-secrets.star", "publicSecrets")
load("@this//proxy:secret-secrets.star", "secretSecrets") load("@this//proxy:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale") load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull") load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy") load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder") load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline") load("@this//:pipeline.star", "pipeline")
@ -30,6 +30,7 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-proxy", "env-proxy",
@ -46,6 +47,13 @@ def drone(
"letsencrypt-nginx", "letsencrypt-nginx",
"git", "git",
), ),
buildDockerFolder(
"Dockerfile.huginn",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-huginn",
"letsencrypt-nginx",
"huginn",
),
buildDockerFolder( buildDockerFolder(
"Dockerfile.drone", "Dockerfile.drone",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx", "$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
@ -53,7 +61,6 @@ def drone(
"letsencrypt-nginx", "letsencrypt-nginx",
"drone", "drone",
), ),
scp(base),
pull( pull(
"pull images", "pull images",
[ [
@ -61,6 +68,7 @@ def drone(
"registry", "registry",
"letsencrypt-git", "letsencrypt-git",
"letsencrypt-drone", "letsencrypt-drone",
"letsencrypt-huginn",
], ],
), ),
deploy( deploy(

1
drone-starlark/repos/proxy/public-secrets.star
View File

@ -1,6 +1,7 @@
publicSecrets = [ publicSecrets = [
"certbot-email", "certbot-email",
"drone-domain", "drone-domain",
"huginn-domain",
"git-domain", "git-domain",
"local-docker-registry", "local-docker-registry",
] ]

2
drone-starlark/repos/zabbix/drone.star
View File

@ -30,13 +30,13 @@ def drone(
pipeline( pipeline(
branch, branch,
[ [
scp(base),
wait(15, "wait"), wait(15, "wait"),
printSecrets( printSecrets(
"env-zabbix", "env-zabbix",
publicSecrets, publicSecrets,
secretSecrets, secretSecrets,
), ),
scp(base),
deploy( deploy(
"docker-compose.yml", "docker-compose.yml",
name, name,

4
drone-starlark/repos/zabbix/public-secrets.star
View File

@ -1,3 +1 @@
publicSecrets = [ publicSecrets = []
"local-docker-registry",
]

1
drone-starlark/repos/zabbix/secret-secrets.star
View File

@ -1,5 +1,4 @@
secretSecrets = [ secretSecrets = [
"zabbix-mysql-root-password", "zabbix-mysql-root-password",
"zabbix-mysql-password", "zabbix-mysql-password",
"registry-password",
] ]

3
drone-starlark/run.sh
View File

@ -19,6 +19,9 @@ envsubst < /repos/guacamole/stack-root._star > /repos/guacamole/stack-root.star
envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star
envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star
envsubst < /repos/huginn/stack-name._star > /repos/huginn/stack-name.star
envsubst < /repos/huginn/stack-root._star > /repos/huginn/stack-root.star
envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star
envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star