From 63e304cc704f90519d6962def82abec0f03d6b2c Mon Sep 17 00:00:00 2001 From: giles Date: Wed, 8 Jun 2022 10:00:42 +0100 Subject: [PATCH] . --- .drone/build.sh | 7 +- .drone/deploy.sh | 2 +- .drone/drone-home.yml | 1117 ++++++++++++++++++++--------------- README.md | 4 +- docker-compose.yml | 18 +- drone-runner/Dockerfile | 17 + drone-runner/hosts.template | 2 + drone-runner/run.sh | 2 + drone/Dockerfile | 17 + drone/hosts.template | 2 + drone/run.sh | 2 + 11 files changed, 690 insertions(+), 500 deletions(-) create mode 100644 drone-runner/Dockerfile create mode 100644 drone-runner/hosts.template create mode 100644 drone-runner/run.sh create mode 100644 drone/Dockerfile create mode 100644 drone/hosts.template create mode 100644 drone/run.sh diff --git a/.drone/build.sh b/.drone/build.sh index e41d3f1..d543bfa 100644 --- a/.drone/build.sh +++ b/.drone/build.sh @@ -1 +1,6 @@ -echo 'nothing to build' +docker build drone -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/drone \ + --build-arg REGISTRY= \ +&& docker build drone-runner -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/drone-runner \ + --build-arg REGISTRY= \ + + \ No newline at end of file diff --git a/.drone/deploy.sh b/.drone/deploy.sh index e34ceab..6b8f61d 100644 --- a/.drone/deploy.sh +++ b/.drone/deploy.sh @@ -1,5 +1,5 @@ export LOCAL_DOCKER_REGISTRY=${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/ docker stack rm drone \ && echo 'sleeping...zzz' \ -&& sleep 60 \ +&& sleep 30 \ && docker stack deploy -c docker-compose.yml drone --with-registry-auth diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 907680b..5faba10 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -1,497 +1,634 @@ --- -kind: pipeline -type: docker -name: register - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -trigger: - event: - exclude: - - promote - +{ + "clone": { + "disable": true + }, + "kind": "pipeline", + "name": "register", + "trigger": { + "event": { + "exclude": [ + "promote" + ] + } + }, + "type": "docker" +} --- -kind: pipeline -type: docker -name: registry - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: drone/drone:2.4.0 - image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f - commands: - - set -e - - "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - - "n=0\nwhile :\ndo\n docker pull drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 \\\\\n && docker tag drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n" - environment: - REGISTRY_DOMAIN: - from_secret: registry-domain - REGISTRY_PASSWORD: - from_secret: registry-password - REGISTRY_PORT: - from_secret: registry-port - volumes: - - name: dockersock - path: /var/run - -- name: drone/drone-runner-docker:1.6.3 - image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f - commands: - - set -e - - "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - - "n=0\nwhile :\ndo\n docker pull drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c \\\\\n && docker tag drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n" - environment: - REGISTRY_DOMAIN: - from_secret: registry-domain - REGISTRY_PASSWORD: - from_secret: registry-password - REGISTRY_PORT: - from_secret: registry-port - volumes: - - name: dockersock - path: /var/run - -services: -- name: docker - image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f - privileged: true - volumes: - - name: dockersock - path: /var/run - - name: ca - path: /etc/docker/certs.d - - name: daemonjson - path: /etc/docker/daemon.json - -volumes: -- name: dockersock - temp: {} -- name: ca - host: - path: /etc/docker/certs.d -- name: daemonjson - host: - path: /etc/docker/daemon.json - -image_pull_secrets: -- dockerconfigjson - -trigger: - event: - - promote - target: - - registry - +{ + "clone": { + "disable": true + }, + "image_pull_secrets": [ + "dockerconfigjson" + ], + "kind": "pipeline", + "name": "registry", + "services": [ + { + "image": "docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f", + "name": "docker", + "privileged": true, + "volumes": [ + { + "name": "dockersock", + "path": "/var/run" + }, + { + "name": "ca", + "path": "/etc/docker/certs.d" + }, + { + "name": "daemonjson", + "path": "/etc/docker/daemon.json" + } + ] + } + ], + "steps": [ + { + "commands": [ + "set -e", + "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n", + "n=0\nwhile :\ndo\n docker pull drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 \\\\\n && docker tag drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n" + ], + "environment": { + "REGISTRY_DOMAIN": { + "from_secret": "registry-domain" + }, + "REGISTRY_PASSWORD": { + "from_secret": "registry-password" + }, + "REGISTRY_PORT": { + "from_secret": "registry-port" + } + }, + "image": "docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f", + "name": "drone/drone:2.4.0", + "volumes": [ + { + "name": "dockersock", + "path": "/var/run" + } + ] + }, + { + "commands": [ + "set -e", + "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n", + "n=0\nwhile :\ndo\n docker pull drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c \\\\\n && docker tag drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n" + ], + "environment": { + "REGISTRY_DOMAIN": { + "from_secret": "registry-domain" + }, + "REGISTRY_PASSWORD": { + "from_secret": "registry-password" + }, + "REGISTRY_PORT": { + "from_secret": "registry-port" + } + }, + "image": "docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f", + "name": "drone/drone-runner-docker:1.6.3", + "volumes": [ + { + "name": "dockersock", + "path": "/var/run" + } + ] + } + ], + "trigger": { + "event": [ + "promote" + ], + "target": [ + "registry" + ] + }, + "type": "docker", + "volumes": [ + { + "name": "dockersock", + "temp": { } + }, + { + "host": { + "path": "/etc/docker/certs.d" + }, + "name": "ca" + }, + { + "host": { + "path": "/etc/docker/daemon.json" + }, + "name": "daemonjson" + } + ] +} --- -kind: pipeline -type: docker -name: save - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: mkdir - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - script: - - mkdir -p /stack/.images/drone/built - - rm -f /stack/.images/drone/*.* - - rm -f /stack/.images/drone/built/*.* - -- name: drone/drone:2.4.0 - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - registry_domain - - registry_port - - registry_password - - destination_registry - script: - - "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - - docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 - - docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 -o /stack/.images/drone/drone_drone:2.4.0.tar - - echo "docker load < drone_drone:2.4.0.tar" >> /stack/.images/drone/load.sh - - echo "docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 $${DESTINATION_REGISTRY}/stack/drone/drone/drone:2.4.0" >> /stack/.images/drone/load.sh - -- name: drone/drone-runner-docker:1.6.3 - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - registry_domain - - registry_port - - registry_password - - destination_registry - script: - - "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - - docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 - - docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 -o /stack/.images/drone/drone_drone-runner-docker:1.6.3.tar - - echo "docker load < drone_drone-runner-docker:1.6.3.tar" >> /stack/.images/drone/load.sh - - echo "docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 $${DESTINATION_REGISTRY}/stack/drone/drone/drone-runner-docker:1.6.3" >> /stack/.images/drone/load.sh - -trigger: - event: - - promote - target: - - save - +{ + "clone": { + "disable": true + }, + "kind": "pipeline", + "name": "save", + "steps": [ + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "mkdir", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace" + ], + "script": [ + "mkdir -p /stack/.images/drone/built", + "rm -f /stack/.images/drone/*.*", + "rm -f /stack/.images/drone/built/*.*" + ] + } + }, + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "drone/drone:2.4.0", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "registry_domain", + "registry_port", + "registry_password", + "destination_registry" + ], + "script": [ + "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n", + "docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0", + "docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 -o /stack/.images/drone/drone_drone:2.4.0.tar", + "echo \"docker load < drone_drone:2.4.0.tar\" >> /stack/.images/drone/load.sh", + "echo \"docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 $${DESTINATION_REGISTRY}/stack/drone/drone/drone:2.4.0\" >> /stack/.images/drone/load.sh" + ] + } + }, + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "drone/drone-runner-docker:1.6.3", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "registry_domain", + "registry_port", + "registry_password", + "destination_registry" + ], + "script": [ + "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n", + "docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3", + "docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 -o /stack/.images/drone/drone_drone-runner-docker:1.6.3.tar", + "echo \"docker load < drone_drone-runner-docker:1.6.3.tar\" >> /stack/.images/drone/load.sh", + "echo \"docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 $${DESTINATION_REGISTRY}/stack/drone/drone/drone-runner-docker:1.6.3\" >> /stack/.images/drone/load.sh" + ] + } + } + ], + "trigger": { + "event": [ + "promote" + ], + "target": [ + "save" + ] + }, + "type": "docker" +} --- -kind: pipeline -type: docker -name: print - -platform: - os: linux - arch: amd64 - -steps: -- name: print env - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - scheme - - domain - - registry_domain - - registry_port - - drone_gitea_client_id - - drone_gitea_server - - drone_server_host - - ssh_host - - ssh_username - - ssh_port - - drone_gitea_client_secret - - drone_rpc_secret - - ssh_key - - registry_password - script: - - rm -f env-drone - - "echo \"export SCHEME='$${SCHEME}'\" >> env-drone # \"scheme\"" - - "echo \"export DOMAIN='$${DOMAIN}'\" >> env-drone # \"domain\"" - - "echo \"export REGISTRY_DOMAIN='$${REGISTRY_DOMAIN}'\" >> env-drone # \"registry-domain\"" - - "echo \"export REGISTRY_PORT='$${REGISTRY_PORT}'\" >> env-drone # \"registry-port\"" - - "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\"" - - "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\"" - - "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\"" - - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-drone # \"ssh-host\"" - - "echo \"export SSH_USERNAME='$${SSH_USERNAME}'\" >> env-drone # \"ssh-username\"" - - "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-drone # \"ssh-port\"" - - "echo \"export DRONE_GITEA_CLIENT_SECRET='$${DRONE_GITEA_CLIENT_SECRET}'\" >> env-drone # \"drone-gitea-client-secret\"" - - "echo \"export DRONE_RPC_SECRET='$${DRONE_RPC_SECRET}'\" >> env-drone # \"drone-rpc-secret\"" - - "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-drone # \"ssh-key\"" - - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\"" - environment: - DOMAIN: - from_secret: domain - DRONE_GITEA_CLIENT_ID: - from_secret: drone-gitea-client-id - DRONE_GITEA_CLIENT_SECRET: - from_secret: drone-gitea-client-secret - DRONE_GITEA_SERVER: - from_secret: drone-gitea-server - DRONE_RPC_SECRET: - from_secret: drone-rpc-secret - DRONE_SERVER_HOST: - from_secret: drone-server-host - REGISTRY_DOMAIN: - from_secret: registry-domain - REGISTRY_PASSWORD: - from_secret: registry-password - REGISTRY_PORT: - from_secret: registry-port - SCHEME: - from_secret: scheme - SSH_HOST: - from_secret: ssh-host - SSH_KEY: - from_secret: ssh-key - SSH_PORT: - from_secret: ssh-port - SSH_USERNAME: - from_secret: ssh-username - -trigger: - event: - - promote - target: - - print - +{ + "clone": { + "depth": 0, + "disable": false + }, + "kind": "pipeline", + "name": "print", + "steps": [ + { + "environment": { + "DOMAIN": { + "from_secret": "domain" + }, + "DRONE_GITEA_CLIENT_ID": { + "from_secret": "drone-gitea-client-id" + }, + "DRONE_GITEA_CLIENT_SECRET": { + "from_secret": "drone-gitea-client-secret" + }, + "DRONE_GITEA_SERVER": { + "from_secret": "drone-gitea-server" + }, + "DRONE_RPC_SECRET": { + "from_secret": "drone-rpc-secret" + }, + "DRONE_SERVER_HOST": { + "from_secret": "drone-server-host" + }, + "REGISTRY_DOMAIN": { + "from_secret": "registry-domain" + }, + "REGISTRY_PASSWORD": { + "from_secret": "registry-password" + }, + "REGISTRY_PORT": { + "from_secret": "registry-port" + }, + "SCHEME": { + "from_secret": "scheme" + }, + "SSH_HOST": { + "from_secret": "ssh-host" + }, + "SSH_KEY": { + "from_secret": "ssh-key" + }, + "SSH_PORT": { + "from_secret": "ssh-port" + }, + "SSH_USERNAME": { + "from_secret": "ssh-username" + } + }, + "image": "appleboy/drone-ssh:1.6.3", + "name": "print env", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "scheme", + "domain", + "registry_domain", + "registry_port", + "drone_gitea_client_id", + "drone_gitea_server", + "drone_server_host", + "ssh_host", + "ssh_username", + "ssh_port", + "drone_gitea_client_secret", + "drone_rpc_secret", + "ssh_key", + "registry_password" + ], + "script": [ + "rm -f env-drone", + "echo \"export SCHEME='$${SCHEME}'\" >> env-drone # \"scheme\"", + "echo \"export DOMAIN='$${DOMAIN}'\" >> env-drone # \"domain\"", + "echo \"export REGISTRY_DOMAIN='$${REGISTRY_DOMAIN}'\" >> env-drone # \"registry-domain\"", + "echo \"export REGISTRY_PORT='$${REGISTRY_PORT}'\" >> env-drone # \"registry-port\"", + "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\"", + "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\"", + "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\"", + "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-drone # \"ssh-host\"", + "echo \"export SSH_USERNAME='$${SSH_USERNAME}'\" >> env-drone # \"ssh-username\"", + "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-drone # \"ssh-port\"", + "echo \"export DRONE_GITEA_CLIENT_SECRET='$${DRONE_GITEA_CLIENT_SECRET}'\" >> env-drone # \"drone-gitea-client-secret\"", + "echo \"export DRONE_RPC_SECRET='$${DRONE_RPC_SECRET}'\" >> env-drone # \"drone-rpc-secret\"", + "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-drone # \"ssh-key\"", + "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\"" + ] + } + } + ], + "trigger": { + "event": [ + "promote" + ], + "target": [ + "print" + ] + }, + "type": "docker" +} --- -kind: pipeline -type: docker -name: build - -platform: - os: linux - arch: amd64 - -steps: -- name: "dockerbuild:" - image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f - commands: - - set -e - - export NAME=drone - - export ROOT=stack - - "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - - sh .drone/build.sh - - sh .drone/push.sh - volumes: - - name: dockersock - path: /var/run - -services: -- name: docker - image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f - privileged: true - volumes: - - name: dockersock - path: /var/run - - name: ca - path: /etc/docker/certs.d - - name: daemonjson - path: /etc/docker/daemon.json - -volumes: -- name: dockersock - temp: {} -- name: ca - host: - path: /etc/docker/certs.d -- name: daemonjson - host: - path: /etc/docker/daemon.json - -trigger: - event: - - promote - target: - - build - +{ + "clone": { + "depth": 0, + "disable": false + }, + "kind": "pipeline", + "name": "build", + "services": [ + { + "image": "docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f", + "name": "docker", + "privileged": true, + "volumes": [ + { + "name": "dockersock", + "path": "/var/run" + }, + { + "name": "ca", + "path": "/etc/docker/certs.d" + }, + { + "name": "daemonjson", + "path": "/etc/docker/daemon.json" + } + ] + } + ], + "steps": [ + { + "commands": [ + "set -e", + "export NAME=drone", + "export ROOT=stack", + "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n", + "sh .drone/build.sh", + "sh .drone/push.sh" + ], + "environment": { }, + "image": "docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f", + "name": "dockerbuild:", + "volumes": [ + { + "name": "dockersock", + "path": "/var/run" + } + ] + } + ], + "trigger": { + "event": [ + "promote" + ], + "target": [ + "build" + ] + }, + "type": "docker", + "volumes": [ + { + "name": "dockersock", + "temp": { } + }, + { + "host": { + "path": "/etc/docker/certs.d" + }, + "name": "ca" + }, + { + "host": { + "path": "/etc/docker/daemon.json" + }, + "name": "daemonjson" + } + ] +} --- -kind: pipeline -type: docker -name: drone-images - -platform: - os: linux - arch: amd64 - -clone: - disable: true - -steps: -- name: mkdir - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - script: - - mkdir -p /stack/.images/drone/drone-images - - rm -f /stack/.images/drone/drone-images/*.* - -- name: docker - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - registry_domain - - registry_port - - registry_password - script: - - docker pull docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f - - docker save docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f -o /stack/.images/drone/drone-images/docker.tar - - echo "docker load docker.tar" >> /stack/.images/drone/drone-images/load.sh - -- name: scp - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - registry_domain - - registry_port - - registry_password - script: - - docker pull appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 - - docker save appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 -o /stack/.images/drone/drone-images/scp.tar - - echo "docker load scp.tar" >> /stack/.images/drone/drone-images/load.sh - -- name: ssh - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - registry_domain - - registry_port - - registry_password - script: - - docker pull appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - - docker save appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea -o /stack/.images/drone/drone-images/ssh.tar - - echo "docker load ssh.tar" >> /stack/.images/drone/drone-images/load.sh - -trigger: - event: - - promote - target: - - drone-images - +{ + "clone": { + "disable": true + }, + "kind": "pipeline", + "name": "drone-images", + "steps": [ + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "mkdir", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace" + ], + "script": [ + "mkdir -p /stack/.images/drone/drone-images", + "rm -f /stack/.images/drone/drone-images/*.*" + ] + } + }, + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "docker", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "registry_domain", + "registry_port", + "registry_password" + ], + "script": [ + "docker pull docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f", + "docker save docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f -o /stack/.images/drone/drone-images/docker.tar", + "echo \"docker load docker.tar\" >> /stack/.images/drone/drone-images/load.sh" + ] + } + }, + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "scp", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "registry_domain", + "registry_port", + "registry_password" + ], + "script": [ + "docker pull appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47", + "docker save appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 -o /stack/.images/drone/drone-images/scp.tar", + "echo \"docker load scp.tar\" >> /stack/.images/drone/drone-images/load.sh" + ] + } + }, + { + "image": "appleboy/drone-ssh:1.6.3", + "name": "ssh", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "registry_domain", + "registry_port", + "registry_password" + ], + "script": [ + "docker pull appleboy/drone-ssh:1.6.3", + "docker save appleboy/drone-ssh:1.6.3 -o /stack/.images/drone/drone-images/ssh.tar", + "echo \"docker load ssh.tar\" >> /stack/.images/drone/drone-images/load.sh" + ] + } + } + ], + "trigger": { + "event": [ + "promote" + ], + "target": [ + "drone-images" + ] + }, + "type": "docker" +} --- -kind: pipeline -type: docker -name: deploy - -platform: - os: linux - arch: amd64 - -steps: -- name: scp - image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 - settings: - command_timeout: 2m - source: - - . - target: /stack/drone - -- name: deploy - image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea - settings: - envs: - - drone_tag - - drone_commit - - drone_build_number - - drone_repo_name - - drone_repo_namespace - - scheme - - domain - - registry_domain - - registry_port - - drone_gitea_client_id - - drone_gitea_server - - drone_server_host - - ssh_host - - ssh_username - - ssh_port - - drone_gitea_client_secret - - drone_rpc_secret - - ssh_key - - registry_password - - registry_domain - - registry_port - - registry_password - - scheme - script: - - export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET} - - export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET} - - export SSH_KEY=$${SSH_KEY} - - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - - export SCHEME=$${SCHEME} - - export DOMAIN=$${DOMAIN} - - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} - - export REGISTRY_PORT=$${REGISTRY_PORT} - - export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID} - - export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER} - - export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST} - - export SSH_HOST=$${SSH_HOST} - - export SSH_USERNAME=$${SSH_USERNAME} - - export SSH_PORT=$${SSH_PORT} - - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} - - export REGISTRY_PORT=$${REGISTRY_PORT} - - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - - export SCHEME=$${SCHEME} - - set -e - - export NAME=drone - - export ROOT=stack - - cd /stack/drone - - "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - - sh .drone/pull.sh - - sh .drone/deploy.sh - environment: - DOMAIN: - from_secret: domain - DRONE_GITEA_CLIENT_ID: - from_secret: drone-gitea-client-id - DRONE_GITEA_CLIENT_SECRET: - from_secret: drone-gitea-client-secret - DRONE_GITEA_SERVER: - from_secret: drone-gitea-server - DRONE_RPC_SECRET: - from_secret: drone-rpc-secret - DRONE_SERVER_HOST: - from_secret: drone-server-host - REGISTRY_DOMAIN: - from_secret: registry-domain - REGISTRY_PASSWORD: - from_secret: registry-password - REGISTRY_PORT: - from_secret: registry-port - SCHEME: - from_secret: scheme - SSH_HOST: - from_secret: ssh-host - SSH_KEY: - from_secret: ssh-key - SSH_PORT: - from_secret: ssh-port - SSH_USERNAME: - from_secret: ssh-username - -trigger: - event: - - promote - - promote - target: - - deploy - - production - -... +{ + "clone": { + "depth": 0, + "disable": false + }, + "kind": "pipeline", + "name": "deploy", + "steps": [ + { + "image": "appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47", + "name": "scp", + "settings": { + "command_timeout": "2m", + "source": [ + "." + ], + "target": "/stack/drone" + } + }, + { + "environment": { + "DOMAIN": { + "from_secret": "domain" + }, + "DRONE_GITEA_CLIENT_ID": { + "from_secret": "drone-gitea-client-id" + }, + "DRONE_GITEA_CLIENT_SECRET": { + "from_secret": "drone-gitea-client-secret" + }, + "DRONE_GITEA_SERVER": { + "from_secret": "drone-gitea-server" + }, + "DRONE_RPC_SECRET": { + "from_secret": "drone-rpc-secret" + }, + "DRONE_SERVER_HOST": { + "from_secret": "drone-server-host" + }, + "REGISTRY_DOMAIN": { + "from_secret": "registry-domain" + }, + "REGISTRY_PASSWORD": { + "from_secret": "registry-password" + }, + "REGISTRY_PORT": { + "from_secret": "registry-port" + }, + "SCHEME": { + "from_secret": "scheme" + }, + "SSH_HOST": { + "from_secret": "ssh-host" + }, + "SSH_KEY": { + "from_secret": "ssh-key" + }, + "SSH_PORT": { + "from_secret": "ssh-port" + }, + "SSH_USERNAME": { + "from_secret": "ssh-username" + } + }, + "image": "appleboy/drone-ssh:1.6.3", + "name": "deploy", + "settings": { + "envs": [ + "drone_tag", + "drone_commit", + "drone_build_number", + "drone_repo_name", + "drone_repo_namespace", + "scheme", + "domain", + "registry_domain", + "registry_port", + "drone_gitea_client_id", + "drone_gitea_server", + "drone_server_host", + "ssh_host", + "ssh_username", + "ssh_port", + "drone_gitea_client_secret", + "drone_rpc_secret", + "ssh_key", + "registry_password", + "registry_domain", + "registry_port", + "registry_password", + "scheme" + ], + "script": [ + "export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET}", + "export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET}", + "export SSH_KEY=$${SSH_KEY}", + "export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}", + "export SCHEME=$${SCHEME}", + "export DOMAIN=$${DOMAIN}", + "export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}", + "export REGISTRY_PORT=$${REGISTRY_PORT}", + "export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID}", + "export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER}", + "export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST}", + "export SSH_HOST=$${SSH_HOST}", + "export SSH_USERNAME=$${SSH_USERNAME}", + "export SSH_PORT=$${SSH_PORT}", + "export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}", + "export REGISTRY_PORT=$${REGISTRY_PORT}", + "export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}", + "export SCHEME=$${SCHEME}", + "set -e", + "export NAME=drone", + "export ROOT=stack", + "cd /stack/drone", + "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n", + "sh .drone/pull.sh", + "sh .drone/deploy.sh" + ] + } + } + ], + "trigger": { + "event": [ + "promote", + "promote" + ], + "target": [ + "deploy", + "production" + ] + }, + "type": "docker" +} diff --git a/README.md b/README.md index 71cf4ac..01860e2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # drone + ## secrets -* drone-convert-secret + * drone-gitea-client-id * drone-gitea-client-secret * drone-gitea-server @@ -8,5 +9,6 @@ * drone-server-host * local-docker-registry * registry-password +* local-ip diff --git a/docker-compose.yml b/docker-compose.yml index 39a2d5a..04cf2f8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,11 +4,11 @@ services: # drone server application deploy: placement: - constraints: [node.labels.com.sigyl.git-stack == yes] + constraints: [node.labels.com.sigyl.drone == yes] replicas: 1 restart_policy: condition: any - image: ${LOCAL_DOCKER_REGISTRY}drone/drone:2.4.0 + image: ${LOCAL_DOCKER_REGISTRY}drone volumes: - drone-5:/var/lib/drone - drone-data-5:/data @@ -26,18 +26,20 @@ services: - DRONE_USER_CREATE=username:giles,admin:true - DRONE_AGENTS_ENABLED=true - DRONE_JSONNET_ENABLED=true + ports: + - 81:8080 networks: - appnet - externalnet - drone-docker-runner: + drone-runner: # drone runner performs builds deploy: placement: - constraints: [node.labels.com.sigyl.git-stack == yes] + constraints: [node.labels.com.sigyl.drone-runner == yes] replicas: 1 restart_policy: condition: any - image: ${LOCAL_DOCKER_REGISTRY}drone/drone-runner-docker:1.6.3 + image: ${LOCAL_DOCKER_REGISTRY}drone-runner volumes: - /var/run/docker.sock:/var/run/docker.sock environment: @@ -46,7 +48,7 @@ services: - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_NAME="docker-runner" - - DRONE_RUNNER_ENVIRON=SCHEME:$SCHEME,DOMAIN:$DOMAIN,REGISTRY_DOMAIN:$REGISTRY_DOMAIN,REGISTRY_PORT:$REGISTRY_PORT,REGISTRY_PASSWORD:$REGISTRY_PASSWORD,SSH_HOST:$SSH_HOST,SSH_PORT:$SSH_PORT,SSH_USERNAME:$SSH_USERNAME,SSH_KEY:$SSH_KEY + - DRONE_RUNNER_ENVIRON=SCHEME:$SCHEME,DOMAIN:$DOMAIN,REGISTRY_DOMAIN:$REGISTRY_DOMAIN,REGISTRY_PORT:$REGISTRY_PORT,REGISTRY_PASSWORD:$REGISTRY_PASSWORD,SSH_HOST:$SSH_HOST,SSH_PORT:$SSH_PORT,SSH_USERNAME:$SSH_USERNAME,SSH_KEY:$SSH_KEY,SSH_PASSWORD:$SSH_PASSWORD networks: - appnet volumes: @@ -56,7 +58,9 @@ volumes: networks: appnet: driver: overlay + attachable: true #external: true externalnet: driver: overlay - external: true \ No newline at end of file + external: true + name: externalnet \ No newline at end of file diff --git a/drone-runner/Dockerfile b/drone-runner/Dockerfile new file mode 100644 index 0000000..527157e --- /dev/null +++ b/drone-runner/Dockerfile @@ -0,0 +1,17 @@ +FROM ${REGISTRY}drone/drone-runner-docker:1.6.3 +# USER root + +#RUN apk update +#RUN apk add gettext + +#COPY hosts.template /etc/hosts.template +#COPY run.sh / +#ENTRYPOINT sh /run.sh +#CMD ["sh", "/run.sh"] + + +#COPY config.production.json.template /var/lib/ghost/ +#COPY --from=git /themes/ /var/lib/ghost/content/themes/ +#COPY post.hbs /hbs/ +#COPY run.sh / +#CMD ["sh", "/run.sh"] diff --git a/drone-runner/hosts.template b/drone-runner/hosts.template new file mode 100644 index 0000000..9c04860 --- /dev/null +++ b/drone-runner/hosts.template @@ -0,0 +1,2 @@ + +${GIT_IP} ${GIT_DOMAIN} diff --git a/drone-runner/run.sh b/drone-runner/run.sh new file mode 100644 index 0000000..f307b9c --- /dev/null +++ b/drone-runner/run.sh @@ -0,0 +1,2 @@ +envsubst < /etc/hosts.template >> /etc/hosts +/bin/drone-runner-docker diff --git a/drone/Dockerfile b/drone/Dockerfile new file mode 100644 index 0000000..e007253 --- /dev/null +++ b/drone/Dockerfile @@ -0,0 +1,17 @@ +FROM ${REGISTRY}drone/drone:2.12.0 +# USER root + +#RUN apk update +#RUN apk add gettext + +#COPY hosts.template /etc/hosts.template +#COPY run.sh / +#ENTRYPOINT sh /run.sh +#CMD ["sh", "/run.sh"] + + +#COPY config.production.json.template /var/lib/ghost/ +#COPY --from=git /themes/ /var/lib/ghost/content/themes/ +#COPY post.hbs /hbs/ +#COPY run.sh / +#CMD ["sh", "/run.sh"] diff --git a/drone/hosts.template b/drone/hosts.template new file mode 100644 index 0000000..9c04860 --- /dev/null +++ b/drone/hosts.template @@ -0,0 +1,2 @@ + +${GIT_IP} ${GIT_DOMAIN} diff --git a/drone/run.sh b/drone/run.sh new file mode 100644 index 0000000..1dbe156 --- /dev/null +++ b/drone/run.sh @@ -0,0 +1,2 @@ +envsubst < /etc/hosts.template >> /etc/hosts +drone-server