diff --git a/.drone/build.sh b/.drone/build.sh index 2a63ff4..e41d3f1 100644 --- a/.drone/build.sh +++ b/.drone/build.sh @@ -1 +1 @@ -docker build drone-starlark -t ${LOCAL_DOCKER_REGISTRY}drone-starlark +echo 'nothing to build' diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index 6ae54e2..bcafcff 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -10,11 +10,13 @@ local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet'; 'drone', '/stack/', [ - 'LOCAL_DOCKER_REGISTRY', + 'REGISTRY_DOMAIN', + 'REGISTRY_PORT', 'REGISTRY_PASSWORD', ], publicSecrets, - secretSecrets + secretSecrets, + [], ) { trigger +: { event +: [ diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 3f7484c..cecb19b 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -26,7 +26,7 @@ platform: steps: - name: print env - image: appleboy/drone-ssh:1.6.2 + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea settings: envs: - drone_tag @@ -34,39 +34,42 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace - - local_docker_registry + - registry_domain + - registry_port - registry_password - - drone_domain + - domain - drone_gitea_client_id - drone_gitea_server - drone_server_host - - drone_convert_secret + - ssh_host + - ssh_user + - ssh_port - drone_gitea_client_secret - drone_rpc_secret - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + - ssh_key + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} script: - rm -f env-drone - - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-drone # \"local-docker-registry\"" + - "echo \"export REGISTRY_DOMAIN='$${REGISTRY_DOMAIN}'\" >> env-drone # \"registry-domain\"" + - "echo \"export REGISTRY_PORT='$${REGISTRY_PORT}'\" >> env-drone # \"registry-port\"" - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\"" - - "echo \"export DRONE_DOMAIN='$${DRONE_DOMAIN}'\" >> env-drone # \"drone-domain\"" + - "echo \"export DOMAIN='$${DOMAIN}'\" >> env-drone # \"domain\"" - "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\"" - "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\"" - "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\"" - - "echo \"export DRONE_CONVERT_SECRET='$${DRONE_CONVERT_SECRET}'\" >> env-drone # \"drone-convert-secret\"" + - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-drone # \"ssh-host\"" + - "echo \"export SSH_USER='$${SSH_USER}'\" >> env-drone # \"ssh-user\"" + - "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-drone # \"ssh-port\"" - "echo \"export DRONE_GITEA_CLIENT_SECRET='$${DRONE_GITEA_CLIENT_SECRET}'\" >> env-drone # \"drone-gitea-client-secret\"" - "echo \"export DRONE_RPC_SECRET='$${DRONE_RPC_SECRET}'\" >> env-drone # \"drone-rpc-secret\"" - username: - from_secret: ssh-user + - "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-drone # \"ssh-key\"" + username: ${SSH_USER} environment: - DRONE_CONVERT_SECRET: - from_secret: drone-convert-secret - DRONE_DOMAIN: - from_secret: drone-domain + DOMAIN: + from_secret: domain DRONE_GITEA_CLIENT_ID: from_secret: drone-gitea-client-id DRONE_GITEA_CLIENT_SECRET: @@ -77,34 +80,41 @@ steps: from_secret: drone-rpc-secret DRONE_SERVER_HOST: from_secret: drone-server-host - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry + REGISTRY_DOMAIN: + from_secret: registry-domain REGISTRY_PASSWORD: from_secret: registry-password + REGISTRY_PORT: + from_secret: registry-port + SSH_HOST: + from_secret: ssh-host + SSH_KEY: + from_secret: ssh-key + SSH_PORT: + from_secret: ssh-port + SSH_USER: + from_secret: ssh-user - name: scp - image: appleboy/drone-scp:1.6.2 + image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 settings: command_timeout: 2m - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} source: - . target: /stack/drone - username: - from_secret: ssh-user + username: ${SSH_USER} - name: wait - image: alpine + image: alpine:3.12.0@sha256:90baa0922fe90624b05cb5766fa5da4e337921656c2f8e2b13bd3c052a0baac1 commands: - sleep 15 - name: "dockerbuild:" - image: docker:dind + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f commands: - set -e - sh .drone/login.sh @@ -112,16 +122,18 @@ steps: - sh .drone/push.sh - sh .drone/logout.sh environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry + REGISTRY_DOMAIN: + from_secret: registry-domain REGISTRY_PASSWORD: from_secret: registry-password + REGISTRY_PORT: + from_secret: registry-port volumes: - name: dockersock path: /var/run - name: deploy - image: appleboy/drone-ssh:1.6.2 + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea settings: envs: - drone_tag @@ -129,43 +141,46 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace - - drone_domain + - domain - drone_gitea_client_id - drone_gitea_server - drone_server_host - - drone_convert_secret + - ssh_host + - ssh_user + - ssh_port - drone_gitea_client_secret - drone_rpc_secret - - local_docker_registry + - ssh_key + - registry_domain + - registry_port - registry_password - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} script: - - export DRONE_CONVERT_SECRET=$${DRONE_CONVERT_SECRET} - export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET} - export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET} - - export DRONE_DOMAIN=$${DRONE_DOMAIN} + - export SSH_KEY=$${SSH_KEY} + - export DOMAIN=$${DOMAIN} - export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID} - export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER} - export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST} - - export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY} + - export SSH_HOST=$${SSH_HOST} + - export SSH_USER=$${SSH_USER} + - export SSH_PORT=$${SSH_PORT} + - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} + - export REGISTRY_PORT=$${REGISTRY_PORT} - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - set -e - cd /stack/drone - sh .drone/login.sh - sh .drone/pull.sh - sh .drone/deploy.sh - username: - from_secret: ssh-user + username: ${SSH_USER} environment: - DRONE_CONVERT_SECRET: - from_secret: drone-convert-secret - DRONE_DOMAIN: - from_secret: drone-domain + DOMAIN: + from_secret: domain DRONE_GITEA_CLIENT_ID: from_secret: drone-gitea-client-id DRONE_GITEA_CLIENT_SECRET: @@ -176,14 +191,24 @@ steps: from_secret: drone-rpc-secret DRONE_SERVER_HOST: from_secret: drone-server-host - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry + REGISTRY_DOMAIN: + from_secret: registry-domain REGISTRY_PASSWORD: from_secret: registry-password + REGISTRY_PORT: + from_secret: registry-port + SSH_HOST: + from_secret: ssh-host + SSH_KEY: + from_secret: ssh-key + SSH_PORT: + from_secret: ssh-port + SSH_USER: + from_secret: ssh-user services: - name: docker - image: docker:dind + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f privileged: true volumes: - name: dockersock diff --git a/.drone/lib/public-secrets.libsonnet b/.drone/lib/public-secrets.libsonnet index cd205e0..60f7fea 100644 --- a/.drone/lib/public-secrets.libsonnet +++ b/.drone/lib/public-secrets.libsonnet @@ -1,6 +1,9 @@ [ - 'drone-domain', + 'domain', 'drone-gitea-client-id', 'drone-gitea-server', 'drone-server-host', + 'ssh-host', + 'ssh-user', + 'ssh-port' ] diff --git a/.drone/lib/secret-secrets.libsonnet b/.drone/lib/secret-secrets.libsonnet index 90b84ad..2fe21bd 100644 --- a/.drone/lib/secret-secrets.libsonnet +++ b/.drone/lib/secret-secrets.libsonnet @@ -1,5 +1,5 @@ [ - 'drone-convert-secret', 'drone-gitea-client-secret', 'drone-rpc-secret', + 'ssh-key' ] diff --git a/.drone/login.sh b/.drone/login.sh index c8ffffc..982ed2d 100644 --- a/.drone/login.sh +++ b/.drone/login.sh @@ -1 +1 @@ -docker login ${LOCAL_DOCKER_REGISTRY} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file +docker login ${REGISTRY_DOMAIN}:${REGISTRY_PORT} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file diff --git a/.drone/logout.sh b/.drone/logout.sh index 4bcacf0..2337c7c 100644 --- a/.drone/logout.sh +++ b/.drone/logout.sh @@ -1 +1 @@ -docker logout ${LOCAL_DOCKER_REGISTRY} \ No newline at end of file +docker logout ${REGISTRY_DOMAIN}:${REGISTRY_PORT} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json index 2609cd8..22cfdd2 100644 --- a/.drone/package.json +++ b/.drone/package.json @@ -4,6 +4,6 @@ "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-drone": "^0.0.8" + "@sigyl/jsonnet-drone": "^0.1.0" } } diff --git a/.drone/pull.sh b/.drone/pull.sh index 2a63ff4..a3c2118 100644 --- a/.drone/pull.sh +++ b/.drone/pull.sh @@ -1 +1 @@ -docker build drone-starlark -t ${LOCAL_DOCKER_REGISTRY}drone-starlark +echo 'nothing to pull' diff --git a/.drone/push.sh b/.drone/push.sh index a8b625c..8aa5b36 100644 --- a/.drone/push.sh +++ b/.drone/push.sh @@ -1 +1 @@ -docker push ${LOCAL_DOCKER_REGISTRY}drone-starlark +echo 'nothing to push' diff --git a/.drone/yarn.lock b/.drone/yarn.lock index d1aa19a..44ab354 100644 --- a/.drone/yarn.lock +++ b/.drone/yarn.lock @@ -12,10 +12,10 @@ resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== -"@sigyl/jsonnet-drone@^0.0.8": - version "0.0.8" - resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.8.tgz#f928e6784bccf1abb82afed3cab6e435c62d2e93" - integrity sha512-BuFVawb7z3aUYqHCBqykgALjF07crnN2H7+WLo8crH3vT7FPMLbYdoTv7N98P8OhZBKv6KvBQep6uZK3Reho5g== +"@sigyl/jsonnet-drone@^0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.1.0.tgz#feda1797e8e9ef799cad72e65f7163ca26a9e3a5" + integrity sha512-QY/ngucxFOtLfL8Mt0f2bxN4fQDUOGOFtaRpSH2cNyg84xADkzehT0ORZtbLitr+AwhyF5KN/zAGvzkyNAoqPw== dependencies: "@sigyl/jsonnet-compose" "^0.0.2" "@sigyl/jsonnet-drone-environment" "0.0.5" diff --git a/docker-compose.yml b/docker-compose.yml index b70ddac..3d4d08e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,8 +26,6 @@ services: - DRONE_USER_CREATE=username:giles,admin:true - DRONE_AGENTS_ENABLED=true - DRONE_JSONNET_ENABLED=true - - DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000 - - DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET} networks: - appnet - externalnet @@ -48,23 +46,7 @@ services: - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_NAME="docker-runner" - networks: - - appnet - drone-starlark: - # drone starlark server converts starlark to yaml - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}drone-starlark - environment: - - DRONE_DEBUG=true - - DRONE_SECRET=${DRONE_CONVERT_SECRET} - - DRONE_STARLARK_REPO_PATHS=this:/repos - - SIGYL_STACK_NAME=$SIGYL_STACK_NAME - - SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT + - DRONE_RUNNER_ENVIRON=DOMAIN:$DOMAIN,REGISTRY_DOMAIN:$REGISTRY_DOMAIN,REGISTRY_PORT:$REGISTRY_PORT,REGISTRY_PASSWORD:$REGISTRY_PASSWORD,SSH_HOST:$SSH_HOST,SSH_PORT:$SSH_PORT,SSH_USER:$SSH_USER,SSH_KEY:$SSH_KEY networks: - appnet volumes: