stack
/
drone
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

feat: http
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Giles Bradshaw 2020-10-23 10:10:47 +01:00
parent 79ad35c3a2
commit 9fae5c7e98
83 changed files with 30 additions and 1412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.drone/deploy.sh
View File

@ -2,4 +2,4 @@ export LOCAL_DOCKER_REGISTRY=${REGISTRY_DOMAIN}:${REGISTRY_PORT}/
docker stack rm drone \
&& echo 'sleeping...zzz' \
&& sleep 60 \
&& docker stack deploy -c docker-compose.yml drone
&& docker stack deploy -c docker-compose.yml drone --with-registry-auth

14
.drone/drone-home.yml
View File

@ -51,6 +51,8 @@ services:
path: /var/run
- name: ca
path: /etc/docker/certs.d
- name: daemonjson
path: /etc/docker/daemon.json
volumes:
- name: dockersock
@ -58,6 +60,9 @@ volumes:
- name: ca
host:
path: /etc/docker/certs.d
- name: daemonjson
host:
path: /etc/docker/daemon.json
image_pull_secrets:
- dockerconfigjson
@ -91,6 +96,7 @@ steps:
- registry_port
- registry_password
- scheme
- scheme
- domain
- drone_gitea_client_id
- drone_gitea_server
@ -107,6 +113,7 @@ steps:
- "echo \"export REGISTRY_PORT='$${REGISTRY_PORT}'\" >> env-drone # \"registry-port\""
- "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\""
- "echo \"export SCHEME='$${SCHEME}'\" >> env-drone # \"scheme\""
- "echo \"export SCHEME='$${SCHEME}'\" >> env-drone # \"scheme\""
- "echo \"export DOMAIN='$${DOMAIN}'\" >> env-drone # \"domain\""
- "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\""
- "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\""
@ -190,6 +197,7 @@ steps:
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- scheme
- domain
- drone_gitea_client_id
- drone_gitea_server
@ -208,6 +216,7 @@ steps:
- export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET}
- export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET}
- export SSH_KEY=$${SSH_KEY}
- export SCHEME=$${SCHEME}
- export DOMAIN=$${DOMAIN}
- export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID}
- export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER}
@ -263,6 +272,8 @@ services:
path: /var/run
- name: ca
path: /etc/docker/certs.d
- name: daemonjson
path: /etc/docker/daemon.json
volumes:
- name: dockersock
@ -270,6 +281,9 @@ volumes:
- name: ca
host:
path: /etc/docker/certs.d
- name: daemonjson
host:
path: /etc/docker/daemon.json
trigger:
event:

1
.drone/lib/public-secrets.libsonnet
View File

@ -1,4 +1,5 @@
[
'scheme',
'domain',
'drone-gitea-client-id',
'drone-gitea-server',

2
.drone/package.json
View File

@ -4,6 +4,6 @@
"build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream"
},
"dependencies": {
"@sigyl/jsonnet-drone": "^0.4.0"
"@sigyl/jsonnet-drone": "0.4.1"
}
}

4
.drone/scripts/initialise-images.sh
View File

@ -1,3 +1,3 @@
sh $(dirname $0)/login.sh $1 "$2" \
&& sh $(dirname $0)/initialise-image.sh $1 drone/drone:1.9.0 \
&& sh $(dirname $0)/initialise-image.sh $1 drone/drone-runner-docker:1.5.0
&& sh $(dirname $0)/initialise-image.sh $1 drone/drone:1.9.1 \
&& sh $(dirname $0)/initialise-image.sh $1 drone/drone-runner-docker:1.5.3

8
.drone/yarn.lock
View File

@ -12,10 +12,10 @@
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff"
integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw==
"@sigyl/jsonnet-drone@^0.4.0":
version "0.4.0"
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.4.0.tgz#ebf7bc5e076d7252195fee7be2d1eafd24ee0435"
integrity sha512-96Adxqgo4SIU7skhiD0oPRproK4hy+Gvulym0p0bcSod5bv6b94BcYSfMyJye+sy6oRD0gosJY2uet1rgoB8UA==
"@sigyl/jsonnet-drone@0.4.1":
version "0.4.1"
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.4.1.tgz#3527edb00f8bb860de1658f4c9fa6f81f932d3b7"
integrity sha512-+TOx51KJG1RxrPRZ2lPpia7a6Ms5UvkyLIuXuumPtenyxJ/pivY1TdcLvSAvFgVZHMjh9CxBCuOu8vNT1fPy2A==
dependencies:
"@sigyl/jsonnet-compose" "^0.0.2"
"@sigyl/jsonnet-drone-environment" "0.0.5"

14
docker-compose.yml
View File

@ -8,14 +8,14 @@ services:
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone/drone:1.9.0
image: ${LOCAL_DOCKER_REGISTRY}drone/drone:1.9.1
volumes:
- drone:/var/lib/drone
- drone-data:/data
- drone-5:/var/lib/drone
- drone-data-5:/data
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_PRETTY=true
- DRONE_GITEA_SERVER=${SCHEME}://${DRONE_GITEA_SERVER}
- DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
- DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
@ -37,7 +37,7 @@ services:
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone/drone-runner-docker:1.5.0
image: ${LOCAL_DOCKER_REGISTRY}drone/drone-runner-docker:1.5.3
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
@ -50,8 +50,8 @@ services:
networks:
- appnet
volumes:
drone:
drone-data:
drone-5:
drone-data-5:
networks:
appnet:

8
drone-starlark/Dockerfile
View File

@ -1,8 +0,0 @@
FROM drone/drone-convert-starlark:1.1.0-beta.1
COPY repos /repos
COPY run.sh /
USER root
RUN apk update
RUN apk add gettext # enables envsubst
ENTRYPOINT []
CMD sh /run.sh

33
drone-starlark/repos/build-docker-folder.star
View File

@ -1,33 +0,0 @@
load("@this//:environment.star", "environment")
def buildDockerFolder(
dockerFile,
image,
tag,
folder,
name,
):
return {
"name": "build-{name}".format(
name = name,
),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password",
]),
"commands": [
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"sh build-docker-folder.sh {dockerFile} {image} {tag}".format(
image = image,
dockerFile = dockerFile,
tag = tag,
),
],
}

24
drone-starlark/repos/build-folder.star
View File

@ -1,24 +0,0 @@
load("@this//:environment.star", "environment")
def buildFolder(name, folder):
return {
"name": "build-{folder} {name}".format(
folder=folder,
name=name,
),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password",
]),
"commands": [
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
],
}

23
drone-starlark/repos/build.star
View File

@ -1,23 +0,0 @@
load("@this//:environment.star", "environment")
def build(name):
return {
"name": "build-{name}".format(name=name),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password"
]),
"commands": [
"cd {name}".format(name=name),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
"docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
],
}

74
drone-starlark/repos/chat/drone.star
View File

@ -1,74 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//chat:public-secrets.star", "publicSecrets")
load("@this//chat:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-chat",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

5
drone-starlark/repos/chat/public-secrets.star
View File

@ -1,5 +0,0 @@
publicSecrets = [
"git-domain",
"chat-admin-name",
"chat-admin-email",
]

3
drone-starlark/repos/chat/secret-secrets.star
View File

@ -1,3 +0,0 @@
secretSecrets = [
"chat-admin-password",
]

1
drone-starlark/repos/chat/stack-name._star
View File

@ -1 +0,0 @@
stackName='chat'

1
drone-starlark/repos/chat/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/chat'

16
drone-starlark/repos/clear.star
View File

@ -1,16 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
def clear(folder):
return {
"name": "clear",
"image": "appleboy/drone-ssh",
"settings": {
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [
"rm -r -f {folder}".format(folder = folder),
]
}
}

74
drone-starlark/repos/commento/drone.star
View File

@ -1,74 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//commento:public-secrets.star", "publicSecrets")
load("@this//commento:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-commento",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

11
drone-starlark/repos/commento/public-secrets.star
View File

@ -1,11 +0,0 @@
publicSecrets = [
"commento-origin",
"commento-smtp-host",
"commento-smtp-port",
"commento-smtp-username",
"commento-smtp-from-address",
"commento-forbid-new-owners",
"commento-postgres-db",
"commento-postgres-user",
"commento-github-key",
]

6
drone-starlark/repos/commento/secret-secrets.star
View File

@ -1,6 +0,0 @@
secretSecrets = [
"commento-smtp-password",
"commento-askimet-key",
"commento-postgres-password",
"commento-github-secret",
]

1
drone-starlark/repos/commento/stack-name._star
View File

@ -1 +0,0 @@
stackName='commento'

1
drone-starlark/repos/commento/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/commento'

39
drone-starlark/repos/deploy-from-registry.star
View File

@ -1,39 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

38
drone-starlark/repos/deploy.star
View File

@ -1,38 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

81
drone-starlark/repos/drone/drone.star
View File

@ -1,81 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//drone:public-secrets.star", "publicSecrets")
load("@this//drone:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
build("drone-starlark"),
printSecrets(
"env-drone",
publicSecrets,
secretSecrets,
),
pull(
"pull images",
[
"drone-starlark",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/drone/public-secrets.star
View File

@ -1,7 +0,0 @@
publicSecrets = [
"drone-domain",
"drone-gitea-client-id",
"drone-gitea-server",
"drone-server-host",
"local-docker-registry",
]

6
drone-starlark/repos/drone/secret-secrets.star
View File

@ -1,6 +0,0 @@
secretSecrets = [
"drone-convert-secret",
"drone-gitea-client-secret",
"drone-rpc-secret",
"registry-password",
]

1
drone-starlark/repos/drone/stack-name._star
View File

@ -1 +0,0 @@
stackName='drone'

1
drone-starlark/repos/drone/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/drone'

7
drone-starlark/repos/echo-secret.star
View File

@ -1,7 +0,0 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echoSecret(secret):
return 'echo "export {environment}=???? ${environment}" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

7
drone-starlark/repos/echo.star
View File

@ -1,7 +0,0 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echo(secret):
return 'echo "export {environment}=\'${environment}\'" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

5
drone-starlark/repos/environment.star
View File

@ -1,5 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
def environment(env):
return dict(
[(x.replace("-", "_").upper(), fromSecret(x)) for x in env]
)

6
drone-starlark/repos/export.star
View File

@ -1,6 +0,0 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def export(secret):
return "export {toCaps}=${toCaps}".format(
toCaps = secretToEnvironment(secret),
)

4
drone-starlark/repos/from-secret.star
View File

@ -1,4 +0,0 @@
def fromSecret(name):
return {
"from_secret": name
}

81
drone-starlark/repos/ghost/drone.star
View File

@ -1,81 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//ghost:public-secrets.star", "publicSecrets")
load("@this//ghost:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-ghost",
publicSecrets,
secretSecrets,
),
build("ghost"),
pull(
"pull images",
[
"ghost",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/ghost/public-secrets.star
View File

@ -1,7 +0,0 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"ghost-mail-service",
"ghost-mail-user",
"commento-origin",
]

4
drone-starlark/repos/ghost/secret-secrets.star
View File

@ -1,4 +0,0 @@
secretSecrets = [
"ghost-mysql-root-password",
"registry-password",
]

1
drone-starlark/repos/ghost/stack-name._star
View File

@ -1 +0,0 @@
stackName='ghost'

1
drone-starlark/repos/ghost/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/ghost'

81
drone-starlark/repos/gitea/drone.star
View File

@ -1,81 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//gitea:public-secrets.star", "publicSecrets")
load("@this//gitea:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-gitea",
publicSecrets,
secretSecrets,
),
build("gitea"),
pull(
"pull images",
[
"gitea",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

8
drone-starlark/repos/gitea/public-secrets.star
View File

@ -1,8 +0,0 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"gitea-mailer-host",
"gitea-mailer-from",
"gitea-mailer-user",
"gitea-app-name",
]

8
drone-starlark/repos/gitea/secret-secrets.star
View File

@ -1,8 +0,0 @@
secretSecrets = [
"gitea-server-lfs-jwt-secret",
"gitea-security-secret-key",
"gitea-security-internal-token",
"gitea-oauth2-jwt-secret",
"gitea-mailer-passwd",
"registry-password",
]

1
drone-starlark/repos/gitea/stack-name._star
View File

@ -1 +0,0 @@
stackName='gitea'

1
drone-starlark/repos/gitea/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/gitea'

81
drone-starlark/repos/guacamole/drone.star
View File

@ -1,81 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//guacamole:public-secrets.star", "publicSecrets")
load("@this//guacamole:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-guacamole",
publicSecrets,
secretSecrets,
),
build("guacamole-postgresql"),
pull(
"pull images",
[
"guacamole-postgresql",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

5
drone-starlark/repos/guacamole/public-secrets.star
View File

@ -1,5 +0,0 @@
publicSecrets = [
"local-docker-registry",
"guacamole-postgres-db",
"guacamole-postgres-user",
]

4
drone-starlark/repos/guacamole/secret-secrets.star
View File

@ -1,4 +0,0 @@
secretSecrets = [
"guacamole-postgres-password",
"registry-password",
]

1
drone-starlark/repos/guacamole/stack-name._star
View File

@ -1 +0,0 @@
stackName='guacamole'

1
drone-starlark/repos/guacamole/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/guacamole'

74
drone-starlark/repos/huginn/drone.star
View File

@ -1,74 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//huginn:public-secrets.star", "publicSecrets")
load("@this//huginn:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-huginn",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/huginn/public-secrets.star
View File

@ -1,7 +0,0 @@
publicSecrets = [
"smtp-domain",
"smtp-user-name",
"smtp-server",
"email-from-address",
"smtp-port",
]

5
drone-starlark/repos/huginn/secret-secrets.star
View File

@ -1,5 +0,0 @@
secretSecrets = [
"smtp-password",
"invitation-code",
"database-password",
]

1
drone-starlark/repos/huginn/stack-name._star
View File

@ -1 +0,0 @@
stackName='huginn'

1
drone-starlark/repos/huginn/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/huginn'

2
drone-starlark/repos/map.star
View File

@ -1,2 +0,0 @@
def map(fn, l):
return [fn(x) for x in l]

74
drone-starlark/repos/matomo/drone.star
View File

@ -1,74 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//matomo:public-secrets.star", "publicSecrets")
load("@this//matomo:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-matomo",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

1
drone-starlark/repos/matomo/public-secrets.star
View File

@ -1 +0,0 @@
publicSecrets = []

4
drone-starlark/repos/matomo/secret-secrets.star
View File

@ -1,4 +0,0 @@
secretSecrets = [
"matomo-mysql-root-password",
"matomo-mysql-password",
]

1
drone-starlark/repos/matomo/stack-name._star
View File

@ -1 +0,0 @@
stackName='matomo'

1
drone-starlark/repos/matomo/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/matomo'

32
drone-starlark/repos/pipeline.star
View File

@ -1,32 +0,0 @@
def pipeline(
name,
steps,
dependsOn,
volumes,
dockerVolumes
):
return {
"kind": "pipeline",
"name": name,
"depends_on": dependsOn,
"steps": steps,
"services": [
{
"name": "docker",
"image": "docker:dind",
"privileged": True,
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
] + dockerVolumes,
}
],
"volumes": [
{
"name": "dockersock",
"temp": {},
},
] + volumes,
}

74
drone-starlark/repos/portainer/drone.star
View File

@ -1,74 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//portainer:public-secrets.star", "publicSecrets")
load("@this//portainer:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-portainer",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

1
drone-starlark/repos/portainer/public-secrets.star
View File

@ -1 +0,0 @@
publicSecrets = []

1
drone-starlark/repos/portainer/secret-secrets.star
View File

@ -1 +0,0 @@
secretSecrets = []

1
drone-starlark/repos/portainer/stack-name._star
View File

@ -1 +0,0 @@
stackName='portainer'

1
drone-starlark/repos/portainer/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/portainer'

24
drone-starlark/repos/print-secrets.star
View File

@ -1,24 +0,0 @@
load("@this//:map.star", "map")
load("@this//:from-secret.star", "fromSecret")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
def printSecrets(filename, env, secretEnv):
return {
"name": "print secrets",
"image": "appleboy/drone-ssh",
"environment": environment(env + secretEnv),
"settings": {
"envs": [x.replace("-", "_") for x in env + secretEnv ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [x.replace("***filename***", filename) for x in [
"rm -f ***filename***",
] + map(echo, env)
+ map(echo, secretEnv)]
}
}

108
drone-starlark/repos/proxy/drone.star
View File

@ -1,108 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//proxy:public-secrets.star", "publicSecrets")
load("@this//proxy:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-proxy",
publicSecrets,
secretSecrets,
),
build("ngrok-gitea"),
build("registry"),
build("letsencrypt-nginx"),
buildDockerFolder(
"Dockerfile.git",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-git",
"letsencrypt-nginx",
"git",
),
buildDockerFolder(
"Dockerfile.huginn",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-huginn",
"letsencrypt-nginx",
"huginn",
),
buildDockerFolder(
"Dockerfile.drone",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone",
"letsencrypt-nginx",
"drone",
),
pull(
"pull images",
[
"ngrok-gitea",
"registry",
"letsencrypt-git",
"letsencrypt-drone",
"letsencrypt-huginn",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/proxy/public-secrets.star
View File

@ -1,7 +0,0 @@
publicSecrets = [
"certbot-email",
"drone-domain",
"huginn-domain",
"git-domain",
"local-docker-registry",
]

5
drone-starlark/repos/proxy/secret-secrets.star
View File

@ -1,5 +0,0 @@
secretSecrets = [
"ngrok-auth-token",
"registry-password",
"new-registry-password",
]

1
drone-starlark/repos/proxy/stack-name._star
View File

@ -1 +0,0 @@
stackName='proxy'

1
drone-starlark/repos/proxy/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/proxy'

31
drone-starlark/repos/pull.star
View File

@ -1,31 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def pull(
name,
images,
):
secrets = [
"local-docker-registry",
"registry-password",
]
return {
"name": name,
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
['docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"'] +
["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ]
}
}

21
drone-starlark/repos/rescale.star
View File

@ -1,21 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
def rescale(
service,
scaleTo
):
return {
"name": "rescale {service}".format(service=service),
"image": "appleboy/drone-ssh",
"settings": {
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e",
"docker service scale {service}=0".format(service=service),
"docker service scale {service}={scaleTo}".format(service=service, scaleTo=scaleTo),
]
}
}

25
drone-starlark/repos/scp.star
View File

@ -1,25 +0,0 @@
def scp(target):
return {
"name": "scp files",
"image": "appleboy/drone-scp",
"settings": {
"host": {
"from_secret": "ssh-host",
},
"username": {
"from_secret": "ssh-user",
},
"password": {
"from_secret": "ssh-password",
},
"port": {
"from_secret": "ssh-port",
},
"command_timeout": "2m",
"target": target,
"source": [
".",
],
},
}

2
drone-starlark/repos/secret-to-environment.star
View File

@ -1,2 +0,0 @@
def secretToEnvironment(secret):
return secret.replace("-", "_").upper()

8
drone-starlark/repos/wait.star
View File

@ -1,8 +0,0 @@
def wait(delay, name):
return {
"name": name,
"image": "alpine",
"commands": [
"sleep {delay}".format(delay = delay),
],
}

74
drone-starlark/repos/zabbix/drone.star
View File

@ -1,74 +0,0 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//zabbix:public-secrets.star", "publicSecrets")
load("@this//zabbix:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-zabbix",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

1
drone-starlark/repos/zabbix/public-secrets.star
View File

@ -1 +0,0 @@
publicSecrets = []

4
drone-starlark/repos/zabbix/secret-secrets.star
View File

@ -1,4 +0,0 @@
secretSecrets = [
"zabbix-mysql-root-password",
"zabbix-mysql-password",
]

1
drone-starlark/repos/zabbix/stack-name._star
View File

@ -1 +0,0 @@
stackName='zabbix'

1
drone-starlark/repos/zabbix/stack-root._star
View File

@ -1 +0,0 @@
stackRoot='/stack/zabbix'

34
drone-starlark/run.sh
View File

@ -1,34 +0,0 @@
envsubst < /repos/proxy/stack-name._star > /repos/proxy/stack-name.star
envsubst < /repos/proxy/stack-root._star > /repos/proxy/stack-root.star
envsubst < /repos/drone/stack-name._star > /repos/drone/stack-name.star
envsubst < /repos/drone/stack-root._star > /repos/drone/stack-root.star
envsubst < /repos/commento/stack-name._star > /repos/commento/stack-name.star
envsubst < /repos/commento/stack-root._star > /repos/commento/stack-root.star
envsubst < /repos/ghost/stack-name._star > /repos/ghost/stack-name.star
envsubst < /repos/ghost/stack-root._star > /repos/ghost/stack-root.star
envsubst < /repos/gitea/stack-name._star > /repos/gitea/stack-name.star
envsubst < /repos/gitea/stack-root._star > /repos/gitea/stack-root.star
envsubst < /repos/guacamole/stack-name._star > /repos/guacamole/stack-name.star
envsubst < /repos/guacamole/stack-root._star > /repos/guacamole/stack-root.star
envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star
envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star
envsubst < /repos/huginn/stack-name._star > /repos/huginn/stack-name.star
envsubst < /repos/huginn/stack-root._star > /repos/huginn/stack-root.star
envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star
envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star
envsubst < /repos/zabbix/stack-name._star > /repos/zabbix/stack-name.star
envsubst < /repos/zabbix/stack-root._star > /repos/zabbix/stack-root.star
envsubst < /repos/portainer/stack-name._star > /repos/portainer/stack-name.star
envsubst < /repos/portainer/stack-root._star > /repos/portainer/stack-root.star
/bin/drone-convert-starlark