From 313a7d12216b11f1fae01996d4d8909772a0de56 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 01:30:19 +0100 Subject: [PATCH 01/10] . --- .drone-home.star | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.drone-home.star b/.drone-home.star index a6690ba..9326beb 100644 --- a/.drone-home.star +++ b/.drone-home.star @@ -9,6 +9,9 @@ def main(ctx): "home-deploy", stackRoot, stackName, - [] + [ + "docker service scale proxy_letsencrypt-drone=0", + "docker service scale proxy_letsencrypt-drone=1", + ] ) \ No newline at end of file From a7d679183ce07c6337270c5af8f135f6cc42c158 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 09:44:25 +0100 Subject: [PATCH 02/10] . --- .drone-do.star | 14 ++++++++++++++ drone-starlark/repos/proxy/public-secrets.star | 1 + 2 files changed, 15 insertions(+) create mode 100644 .drone-do.star diff --git a/.drone-do.star b/.drone-do.star new file mode 100644 index 0000000..d7d2e39 --- /dev/null +++ b/.drone-do.star @@ -0,0 +1,14 @@ + +load("@this//drone:drone.star", "drone") +load("@this//drone:stack-name.star", "stackName") +load("@this//drone:stack-root.star", "stackRoot") + +def main(ctx): + return drone( + ctx, + "do", + stackRoot, + stackName, + [] + ) + \ No newline at end of file diff --git a/drone-starlark/repos/proxy/public-secrets.star b/drone-starlark/repos/proxy/public-secrets.star index 400e6cd..4867439 100644 --- a/drone-starlark/repos/proxy/public-secrets.star +++ b/drone-starlark/repos/proxy/public-secrets.star @@ -2,4 +2,5 @@ publicSecrets = [ "certbot-email", "drone-domain", "git-domain", + "local-docker-registry", ] \ No newline at end of file From 506ee9a48d5b5069ee0795cdee6a9cd122a5887e Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 11:35:27 +0100 Subject: [PATCH 03/10] . --- drone-starlark/repos/gitea/drone.star | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drone-starlark/repos/gitea/drone.star b/drone-starlark/repos/gitea/drone.star index b767e00..00b2200 100644 --- a/drone-starlark/repos/gitea/drone.star +++ b/drone-starlark/repos/gitea/drone.star @@ -9,8 +9,8 @@ load("@this//:echo-secret.star", "echoSecret") load("@this//:wait.star", "wait") load("@this//:build.star", "build") load("@this//:scp.star", "scp") -load("@this//ghost:public-secrets.star", "publicSecrets") -load("@this//ghost:secret-secrets.star", "secretSecrets") +load("@this//gitea:public-secrets.star", "publicSecrets") +load("@this//gitea:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") load("@this//:deploy.star", "deploy") From 83a82509238916edfee2921619b358ff84ffefba Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 13:51:38 +0100 Subject: [PATCH 04/10] build-registry --- drone-starlark/repos/proxy/drone.star | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drone-starlark/repos/proxy/drone.star b/drone-starlark/repos/proxy/drone.star index 2d6141b..6094734 100644 --- a/drone-starlark/repos/proxy/drone.star +++ b/drone-starlark/repos/proxy/drone.star @@ -37,6 +37,7 @@ def drone( secretSecrets, ), build("ngrok-gitea"), + build("registry"), build("letsencrypt-nginx"), buildDockerFolder( "Dockerfile.git", @@ -57,6 +58,7 @@ def drone( "pull images", [ "ngrok-gitea", + "registry", "letsencrypt-git", "letsencrypt-drone", ], From ff65f49f8e799e0f9c474bc8bdcd9527d1f2b272 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 14:15:14 +0100 Subject: [PATCH 05/10] . --- drone-starlark/repos/chat/secret-secrets.star | 1 + drone-starlark/repos/commento/secret-secrets.star | 1 + drone-starlark/repos/drone/secret-secrets.star | 1 + drone-starlark/repos/ghost/secret-secrets.star | 1 + drone-starlark/repos/gitea/secret-secrets.star | 1 + drone-starlark/repos/guacamole/secret-secrets.star | 1 + drone-starlark/repos/matomo/secret-secrets.star | 1 + drone-starlark/repos/portainer/secret-secrets.star | 4 +++- drone-starlark/repos/proxy/secret-secrets.star | 1 + drone-starlark/repos/zabbix/secret-secrets.star | 1 + 10 files changed, 12 insertions(+), 1 deletion(-) diff --git a/drone-starlark/repos/chat/secret-secrets.star b/drone-starlark/repos/chat/secret-secrets.star index 2d1fba3..509b22a 100644 --- a/drone-starlark/repos/chat/secret-secrets.star +++ b/drone-starlark/repos/chat/secret-secrets.star @@ -1,3 +1,4 @@ secretSecrets = [ "chat-admin-password", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/commento/secret-secrets.star b/drone-starlark/repos/commento/secret-secrets.star index 89a50fb..964aa36 100644 --- a/drone-starlark/repos/commento/secret-secrets.star +++ b/drone-starlark/repos/commento/secret-secrets.star @@ -3,4 +3,5 @@ secretSecrets = [ "commento-askimet-key", "commento-postgres-password", "commento-github-secret", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/drone/secret-secrets.star b/drone-starlark/repos/drone/secret-secrets.star index 2e04f61..0b52e58 100644 --- a/drone-starlark/repos/drone/secret-secrets.star +++ b/drone-starlark/repos/drone/secret-secrets.star @@ -2,4 +2,5 @@ secretSecrets = [ "drone-convert-secret", "drone-gitea-client-secret", "drone-rpc-secret", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/ghost/secret-secrets.star b/drone-starlark/repos/ghost/secret-secrets.star index a2fa134..45a9b6c 100644 --- a/drone-starlark/repos/ghost/secret-secrets.star +++ b/drone-starlark/repos/ghost/secret-secrets.star @@ -1,3 +1,4 @@ secretSecrets = [ "ghost-mysql-root-password", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/gitea/secret-secrets.star b/drone-starlark/repos/gitea/secret-secrets.star index d093d87..907fd0a 100644 --- a/drone-starlark/repos/gitea/secret-secrets.star +++ b/drone-starlark/repos/gitea/secret-secrets.star @@ -4,4 +4,5 @@ secretSecrets = [ "gitea-security-internal-token", "gitea-oauth2-jwt-secret", "gitea-mailer-passwd", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/guacamole/secret-secrets.star b/drone-starlark/repos/guacamole/secret-secrets.star index 5eb83e0..ef0c167 100644 --- a/drone-starlark/repos/guacamole/secret-secrets.star +++ b/drone-starlark/repos/guacamole/secret-secrets.star @@ -1,3 +1,4 @@ secretSecrets = [ "guacamole-postgres-password", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/matomo/secret-secrets.star b/drone-starlark/repos/matomo/secret-secrets.star index 373c06d..5c049ef 100644 --- a/drone-starlark/repos/matomo/secret-secrets.star +++ b/drone-starlark/repos/matomo/secret-secrets.star @@ -1,4 +1,5 @@ secretSecrets = [ "matomo-mysql-root-password", "matomo-mysql-password", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/portainer/secret-secrets.star b/drone-starlark/repos/portainer/secret-secrets.star index 301110f..d58bfd8 100644 --- a/drone-starlark/repos/portainer/secret-secrets.star +++ b/drone-starlark/repos/portainer/secret-secrets.star @@ -1 +1,3 @@ -secretSecrets = [] +secretSecrets = [ + "registry-password", +] diff --git a/drone-starlark/repos/proxy/secret-secrets.star b/drone-starlark/repos/proxy/secret-secrets.star index dd71813..4d6edcc 100644 --- a/drone-starlark/repos/proxy/secret-secrets.star +++ b/drone-starlark/repos/proxy/secret-secrets.star @@ -1,3 +1,4 @@ secretSecrets = [ "ngrok-auth-token", + "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/zabbix/secret-secrets.star b/drone-starlark/repos/zabbix/secret-secrets.star index 621d7da..01d7873 100644 --- a/drone-starlark/repos/zabbix/secret-secrets.star +++ b/drone-starlark/repos/zabbix/secret-secrets.star @@ -1,4 +1,5 @@ secretSecrets = [ "zabbix-mysql-root-password", "zabbix-mysql-password", + "registry-password", ] \ No newline at end of file From e8df1dd896b58cb6ad7bbfdc322e5b3cde6d21cb Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 14:37:26 +0100 Subject: [PATCH 06/10] .. --- drone-starlark/repos/build-docker-folder.star | 2 ++ drone-starlark/repos/build-folder.star | 2 ++ drone-starlark/repos/build.star | 2 ++ drone-starlark/repos/deploy.star | 1 + 4 files changed, 7 insertions(+) diff --git a/drone-starlark/repos/build-docker-folder.star b/drone-starlark/repos/build-docker-folder.star index 90d5f98..d616590 100644 --- a/drone-starlark/repos/build-docker-folder.star +++ b/drone-starlark/repos/build-docker-folder.star @@ -19,9 +19,11 @@ def buildDockerFolder( ], "environment": environment([ "local-docker-registry", + "registry-password", ]), "commands": [ "cd {folder}".format(folder=folder), + "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", "sh build-docker-folder.sh {dockerFile} {image} {tag}".format( image = image, dockerFile = dockerFile, diff --git a/drone-starlark/repos/build-folder.star b/drone-starlark/repos/build-folder.star index 7ccf5ea..ca42e34 100644 --- a/drone-starlark/repos/build-folder.star +++ b/drone-starlark/repos/build-folder.star @@ -14,9 +14,11 @@ def buildFolder(name, folder): ], "environment": environment([ "local-docker-registry", + "registry-password", ]), "commands": [ "cd {folder}".format(folder=folder), + "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), ], } diff --git a/drone-starlark/repos/build.star b/drone-starlark/repos/build.star index 827c7ab..dd4c7f5 100644 --- a/drone-starlark/repos/build.star +++ b/drone-starlark/repos/build.star @@ -12,9 +12,11 @@ def build(name): ], "environment": environment([ "local-docker-registry", + "registry-password" ]), "commands": [ "cd {name}".format(name=name), + "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), ], diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index 0f9dda1..9575e3e 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -30,6 +30,7 @@ def deploy( "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "docker network prune -f", "cd {folder}".format(folder=folder), + "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", "docker stack rm {name}".format(name = name), "sleep 30", "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), From 4f1fb0f15e2e8dc054e9c41a5cae77689ba20eb4 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 14:57:52 +0100 Subject: [PATCH 07/10] . --- drone-starlark/repos/build-docker-folder.star | 2 +- drone-starlark/repos/build-folder.star | 2 +- drone-starlark/repos/build.star | 2 +- drone-starlark/repos/deploy.star | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drone-starlark/repos/build-docker-folder.star b/drone-starlark/repos/build-docker-folder.star index d616590..61b1f76 100644 --- a/drone-starlark/repos/build-docker-folder.star +++ b/drone-starlark/repos/build-docker-folder.star @@ -23,7 +23,7 @@ def buildDockerFolder( ]), "commands": [ "cd {folder}".format(folder=folder), - "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", + "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", "sh build-docker-folder.sh {dockerFile} {image} {tag}".format( image = image, dockerFile = dockerFile, diff --git a/drone-starlark/repos/build-folder.star b/drone-starlark/repos/build-folder.star index ca42e34..87876d1 100644 --- a/drone-starlark/repos/build-folder.star +++ b/drone-starlark/repos/build-folder.star @@ -18,7 +18,7 @@ def buildFolder(name, folder): ]), "commands": [ "cd {folder}".format(folder=folder), - "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", + "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), ], } diff --git a/drone-starlark/repos/build.star b/drone-starlark/repos/build.star index dd4c7f5..2836037 100644 --- a/drone-starlark/repos/build.star +++ b/drone-starlark/repos/build.star @@ -16,7 +16,7 @@ def build(name): ]), "commands": [ "cd {name}".format(name=name), - "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", + "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), ], diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index 9575e3e..be6a52e 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -30,7 +30,7 @@ def deploy( "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "docker network prune -f", "cd {folder}".format(folder=folder), - "docker login $${{LOCAL_DOCKER_REGISTRY}} --username client --password '$${{REGISTRY_PASSWORD}}'", + "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", "docker stack rm {name}".format(name = name), "sleep 30", "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), From 55781975d0f8dc8d412b1224a82d98f056c11722 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 15:01:41 +0100 Subject: [PATCH 08/10] . --- drone-starlark/repos/pull.star | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drone-starlark/repos/pull.star b/drone-starlark/repos/pull.star index c0acd4e..d3b90e2 100644 --- a/drone-starlark/repos/pull.star +++ b/drone-starlark/repos/pull.star @@ -21,7 +21,8 @@ def pull( "script": [ "set -e" ] + - map(export, secrets) + + map(export, secrets) + + ["docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'"] + ["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ] } } From bc6c0eec676ac57b248dad6782791187c113b3f5 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 15:08:31 +0100 Subject: [PATCH 09/10] . --- drone-starlark/repos/build-docker-folder.star | 2 +- drone-starlark/repos/build-folder.star | 2 +- drone-starlark/repos/build.star | 2 +- drone-starlark/repos/deploy.star | 2 +- drone-starlark/repos/pull.star | 7 +++++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drone-starlark/repos/build-docker-folder.star b/drone-starlark/repos/build-docker-folder.star index 61b1f76..66dd30b 100644 --- a/drone-starlark/repos/build-docker-folder.star +++ b/drone-starlark/repos/build-docker-folder.star @@ -23,7 +23,7 @@ def buildDockerFolder( ]), "commands": [ "cd {folder}".format(folder=folder), - "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", + 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', "sh build-docker-folder.sh {dockerFile} {image} {tag}".format( image = image, dockerFile = dockerFile, diff --git a/drone-starlark/repos/build-folder.star b/drone-starlark/repos/build-folder.star index 87876d1..1a43f1c 100644 --- a/drone-starlark/repos/build-folder.star +++ b/drone-starlark/repos/build-folder.star @@ -18,7 +18,7 @@ def buildFolder(name, folder): ]), "commands": [ "cd {folder}".format(folder=folder), - "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", + 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name), ], } diff --git a/drone-starlark/repos/build.star b/drone-starlark/repos/build.star index 2836037..c095ae9 100644 --- a/drone-starlark/repos/build.star +++ b/drone-starlark/repos/build.star @@ -16,7 +16,7 @@ def build(name): ]), "commands": [ "cd {name}".format(name=name), - "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", + 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name), ], diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index be6a52e..9e59892 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -30,7 +30,7 @@ def deploy( "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "docker network prune -f", "cd {folder}".format(folder=folder), - "docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'", + 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', "docker stack rm {name}".format(name = name), "sleep 30", "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), diff --git a/drone-starlark/repos/pull.star b/drone-starlark/repos/pull.star index d3b90e2..c24c577 100644 --- a/drone-starlark/repos/pull.star +++ b/drone-starlark/repos/pull.star @@ -7,7 +7,10 @@ def pull( name, images, ): - secrets = [ "local-docker-registry"] + secrets = [ + "local-docker-registry", + "registry-password", + ] return { "name": name, "image": "appleboy/drone-ssh", @@ -22,7 +25,7 @@ def pull( "set -e" ] + map(export, secrets) + - ["docker login $${LOCAL_DOCKER_REGISTRY} --username client --password '$${REGISTRY_PASSWORD}'"] + + ['docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"'] + ["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ] } } From 7975ac24eaaa7dc35a85936c4714f9bf23a415c3 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 15:47:22 +0100 Subject: [PATCH 10/10] . --- drone-starlark/repos/proxy/secret-secrets.star | 1 + 1 file changed, 1 insertion(+) diff --git a/drone-starlark/repos/proxy/secret-secrets.star b/drone-starlark/repos/proxy/secret-secrets.star index 4d6edcc..a401da8 100644 --- a/drone-starlark/repos/proxy/secret-secrets.star +++ b/drone-starlark/repos/proxy/secret-secrets.star @@ -1,4 +1,5 @@ secretSecrets = [ "ngrok-auth-token", "registry-password", + "new-registry-password", ] \ No newline at end of file