only log in to docker for some repos

drone-starlark/repos/chat/public-secrets.star

@@ -1,6 +1,5 @@
 publicSecrets = [
   "git-domain",
-  "local-docker-registry",
   "chat-admin-name",
   "chat-admin-email",
 ]

drone-starlark/repos/chat/secret-secrets.star

@@ -1,4 +1,3 @@
 secretSecrets = [
   "chat-admin-password",
-  "registry-password",
 ]

drone-starlark/repos/commento/public-secrets.star

@@ -7,5 +7,5 @@ publicSecrets = [
   "commento-forbid-new-owners",
   "commento-postgres-db",
   "commento-postgres-user",
-  "commento-github-key", 
+  "commento-github-key",
 ]

drone-starlark/repos/commento/secret-secrets.star

@@ -3,5 +3,4 @@ secretSecrets = [
   "commento-askimet-key",
   "commento-postgres-password",
   "commento-github-secret",
-  "registry-password",
 ]

drone-starlark/repos/deploy-from-registry.star

@@ -0,0 +1,39 @@
+load("@this//:from-secret.star", "fromSecret")
+load("@this//:map.star", "map")
+load("@this//:environment.star", "environment")
+load("@this//:export.star", "export")
+
+def deploy(
+  filename,
+  name,
+  folder,
+  secrets,
+  commands,
+  ctx
+):
+  return {
+    "name": "deploy {name}".format(name = name),
+    "image": "appleboy/drone-ssh",
+    "environment": environment(secrets),
+    "settings": {
+      "envs": [x.replace("-", "_") for x in secrets ],
+      "host": fromSecret("ssh-host"),
+      "port": fromSecret("ssh-port"),
+      "username": fromSecret("ssh-root-user"),
+      "password": fromSecret("ssh-root-password"),
+      "script": [
+        "set -e"
+      ] +
+      map(export, secrets) + 
+      [
+        "export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
+        "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
+        "docker network prune -f",
+        "cd {folder}".format(folder=folder),
+        'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
+        "docker stack rm {name}".format(name = name),
+        "sleep 30",
+        "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
+      ] + commands
+    }
+  }

drone-starlark/repos/deploy.star

@@ -30,7 +30,6 @@ def deploy(
         "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
         "docker network prune -f",
         "cd {folder}".format(folder=folder),
-        'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
         "docker stack rm {name}".format(name = name),
         "sleep 30",
         "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),

drone-starlark/repos/drone/drone.star

@@ -13,7 +13,7 @@ load("@this//drone:public-secrets.star", "publicSecrets")
 load("@this//drone:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")

drone-starlark/repos/ghost/drone.star

@@ -13,7 +13,7 @@ load("@this//ghost:public-secrets.star", "publicSecrets")
 load("@this//ghost:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")

drone-starlark/repos/gitea/drone.star

@@ -13,7 +13,7 @@ load("@this//gitea:public-secrets.star", "publicSecrets")
 load("@this//gitea:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")

drone-starlark/repos/guacamole/drone.star

@@ -13,7 +13,7 @@ load("@this//guacamole:public-secrets.star", "publicSecrets")
 load("@this//guacamole:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")

drone-starlark/repos/matomo/secret-secrets.star

@@ -1,5 +1,4 @@
 secretSecrets = [
   "matomo-mysql-root-password",
   "matomo-mysql-password",
-  "registry-password",
 ]

drone-starlark/repos/portainer/secret-secrets.star

@@ -1,3 +1 @@
-secretSecrets = [
-  "registry-password",
-]
+secretSecrets = []

drone-starlark/repos/proxy/drone.star

@@ -13,7 +13,7 @@ load("@this//proxy:public-secrets.star", "publicSecrets")
 load("@this//proxy:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")

drone-starlark/repos/zabbix/public-secrets.star

@@ -1,3 +1 @@
-publicSecrets = [
-  "local-docker-registry",
-]
+publicSecrets = []

drone-starlark/repos/zabbix/secret-secrets.star

@@ -1,5 +1,4 @@
 secretSecrets = [
   "zabbix-mysql-root-password",
   "zabbix-mysql-password",
-  "registry-password",
 ]