From a9683d5432d9ab0aba666e2b1bc672d748fcc6ac Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Mon, 11 May 2020 19:05:34 +0100 Subject: [PATCH] only log in to docker for some repos --- drone-starlark/repos/chat/public-secrets.star | 1 - drone-starlark/repos/chat/secret-secrets.star | 1 - .../repos/commento/public-secrets.star | 2 +- .../repos/commento/secret-secrets.star | 1 - .../repos/deploy-from-registry.star | 39 +++++++++++++++++++ drone-starlark/repos/deploy.star | 1 - drone-starlark/repos/drone/drone.star | 2 +- drone-starlark/repos/ghost/drone.star | 2 +- drone-starlark/repos/gitea/drone.star | 2 +- drone-starlark/repos/guacamole/drone.star | 2 +- .../repos/matomo/secret-secrets.star | 1 - .../repos/portainer/secret-secrets.star | 4 +- drone-starlark/repos/proxy/drone.star | 2 +- .../repos/zabbix/public-secrets.star | 4 +- .../repos/zabbix/secret-secrets.star | 1 - 15 files changed, 47 insertions(+), 18 deletions(-) create mode 100644 drone-starlark/repos/deploy-from-registry.star diff --git a/drone-starlark/repos/chat/public-secrets.star b/drone-starlark/repos/chat/public-secrets.star index f3c1145..a56f68c 100644 --- a/drone-starlark/repos/chat/public-secrets.star +++ b/drone-starlark/repos/chat/public-secrets.star @@ -1,6 +1,5 @@ publicSecrets = [ "git-domain", - "local-docker-registry", "chat-admin-name", "chat-admin-email", ] \ No newline at end of file diff --git a/drone-starlark/repos/chat/secret-secrets.star b/drone-starlark/repos/chat/secret-secrets.star index 509b22a..2d1fba3 100644 --- a/drone-starlark/repos/chat/secret-secrets.star +++ b/drone-starlark/repos/chat/secret-secrets.star @@ -1,4 +1,3 @@ secretSecrets = [ "chat-admin-password", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/commento/public-secrets.star b/drone-starlark/repos/commento/public-secrets.star index 9daf73d..876adda 100644 --- a/drone-starlark/repos/commento/public-secrets.star +++ b/drone-starlark/repos/commento/public-secrets.star @@ -7,5 +7,5 @@ publicSecrets = [ "commento-forbid-new-owners", "commento-postgres-db", "commento-postgres-user", - "commento-github-key", + "commento-github-key", ] \ No newline at end of file diff --git a/drone-starlark/repos/commento/secret-secrets.star b/drone-starlark/repos/commento/secret-secrets.star index 964aa36..89a50fb 100644 --- a/drone-starlark/repos/commento/secret-secrets.star +++ b/drone-starlark/repos/commento/secret-secrets.star @@ -3,5 +3,4 @@ secretSecrets = [ "commento-askimet-key", "commento-postgres-password", "commento-github-secret", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/deploy-from-registry.star b/drone-starlark/repos/deploy-from-registry.star new file mode 100644 index 0000000..9e59892 --- /dev/null +++ b/drone-starlark/repos/deploy-from-registry.star @@ -0,0 +1,39 @@ +load("@this//:from-secret.star", "fromSecret") +load("@this//:map.star", "map") +load("@this//:environment.star", "environment") +load("@this//:export.star", "export") + +def deploy( + filename, + name, + folder, + secrets, + commands, + ctx +): + return { + "name": "deploy {name}".format(name = name), + "image": "appleboy/drone-ssh", + "environment": environment(secrets), + "settings": { + "envs": [x.replace("-", "_") for x in secrets ], + "host": fromSecret("ssh-host"), + "port": fromSecret("ssh-port"), + "username": fromSecret("ssh-root-user"), + "password": fromSecret("ssh-root-password"), + "script": [ + "set -e" + ] + + map(export, secrets) + + [ + "export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace), + "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), + "docker network prune -f", + "cd {folder}".format(folder=folder), + 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', + "docker stack rm {name}".format(name = name), + "sleep 30", + "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), + ] + commands + } + } diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index 9e59892..0f9dda1 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -30,7 +30,6 @@ def deploy( "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "docker network prune -f", "cd {folder}".format(folder=folder), - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', "docker stack rm {name}".format(name = name), "sleep 30", "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), diff --git a/drone-starlark/repos/drone/drone.star b/drone-starlark/repos/drone/drone.star index 8fbbc8a..56290c8 100644 --- a/drone-starlark/repos/drone/drone.star +++ b/drone-starlark/repos/drone/drone.star @@ -13,7 +13,7 @@ load("@this//drone:public-secrets.star", "publicSecrets") load("@this//drone:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") diff --git a/drone-starlark/repos/ghost/drone.star b/drone-starlark/repos/ghost/drone.star index 6e17333..15fda2b 100644 --- a/drone-starlark/repos/ghost/drone.star +++ b/drone-starlark/repos/ghost/drone.star @@ -13,7 +13,7 @@ load("@this//ghost:public-secrets.star", "publicSecrets") load("@this//ghost:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") diff --git a/drone-starlark/repos/gitea/drone.star b/drone-starlark/repos/gitea/drone.star index 5c93d4b..c6b8244 100644 --- a/drone-starlark/repos/gitea/drone.star +++ b/drone-starlark/repos/gitea/drone.star @@ -13,7 +13,7 @@ load("@this//gitea:public-secrets.star", "publicSecrets") load("@this//gitea:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") diff --git a/drone-starlark/repos/guacamole/drone.star b/drone-starlark/repos/guacamole/drone.star index a5b2bc8..0205155 100644 --- a/drone-starlark/repos/guacamole/drone.star +++ b/drone-starlark/repos/guacamole/drone.star @@ -13,7 +13,7 @@ load("@this//guacamole:public-secrets.star", "publicSecrets") load("@this//guacamole:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") diff --git a/drone-starlark/repos/matomo/secret-secrets.star b/drone-starlark/repos/matomo/secret-secrets.star index 5c049ef..373c06d 100644 --- a/drone-starlark/repos/matomo/secret-secrets.star +++ b/drone-starlark/repos/matomo/secret-secrets.star @@ -1,5 +1,4 @@ secretSecrets = [ "matomo-mysql-root-password", "matomo-mysql-password", - "registry-password", ] \ No newline at end of file diff --git a/drone-starlark/repos/portainer/secret-secrets.star b/drone-starlark/repos/portainer/secret-secrets.star index d58bfd8..301110f 100644 --- a/drone-starlark/repos/portainer/secret-secrets.star +++ b/drone-starlark/repos/portainer/secret-secrets.star @@ -1,3 +1 @@ -secretSecrets = [ - "registry-password", -] +secretSecrets = [] diff --git a/drone-starlark/repos/proxy/drone.star b/drone-starlark/repos/proxy/drone.star index f1bee47..686ec5d 100644 --- a/drone-starlark/repos/proxy/drone.star +++ b/drone-starlark/repos/proxy/drone.star @@ -13,7 +13,7 @@ load("@this//proxy:public-secrets.star", "publicSecrets") load("@this//proxy:secret-secrets.star", "secretSecrets") load("@this//:rescale.star", "rescale") load("@this//:pull.star", "pull") -load("@this//:deploy.star", "deploy") +load("@this//:deploy-from-registry.star", "deploy") load("@this//:build-folder.star", "buildFolder") load("@this//:build-docker-folder.star", "buildDockerFolder") load("@this//:pipeline.star", "pipeline") diff --git a/drone-starlark/repos/zabbix/public-secrets.star b/drone-starlark/repos/zabbix/public-secrets.star index 19b8978..a3939ad 100644 --- a/drone-starlark/repos/zabbix/public-secrets.star +++ b/drone-starlark/repos/zabbix/public-secrets.star @@ -1,3 +1 @@ -publicSecrets = [ - "local-docker-registry", -] \ No newline at end of file +publicSecrets = [] \ No newline at end of file diff --git a/drone-starlark/repos/zabbix/secret-secrets.star b/drone-starlark/repos/zabbix/secret-secrets.star index 01d7873..621d7da 100644 --- a/drone-starlark/repos/zabbix/secret-secrets.star +++ b/drone-starlark/repos/zabbix/secret-secrets.star @@ -1,5 +1,4 @@ secretSecrets = [ "zabbix-mysql-root-password", "zabbix-mysql-password", - "registry-password", ] \ No newline at end of file