From a9683d5432d9ab0aba666e2b1bc672d748fcc6ac Mon Sep 17 00:00:00 2001
From: Giles Bradshaw <giles.bradshaw@sigyl.com>
Date: Mon, 11 May 2020 19:05:34 +0100
Subject: [PATCH] only log in to docker for some repos

---
 drone-starlark/repos/chat/public-secrets.star |  1 -
 drone-starlark/repos/chat/secret-secrets.star |  1 -
 .../repos/commento/public-secrets.star        |  2 +-
 .../repos/commento/secret-secrets.star        |  1 -
 .../repos/deploy-from-registry.star           | 39 +++++++++++++++++++
 drone-starlark/repos/deploy.star              |  1 -
 drone-starlark/repos/drone/drone.star         |  2 +-
 drone-starlark/repos/ghost/drone.star         |  2 +-
 drone-starlark/repos/gitea/drone.star         |  2 +-
 drone-starlark/repos/guacamole/drone.star     |  2 +-
 .../repos/matomo/secret-secrets.star          |  1 -
 .../repos/portainer/secret-secrets.star       |  4 +-
 drone-starlark/repos/proxy/drone.star         |  2 +-
 .../repos/zabbix/public-secrets.star          |  4 +-
 .../repos/zabbix/secret-secrets.star          |  1 -
 15 files changed, 47 insertions(+), 18 deletions(-)
 create mode 100644 drone-starlark/repos/deploy-from-registry.star

diff --git a/drone-starlark/repos/chat/public-secrets.star b/drone-starlark/repos/chat/public-secrets.star
index f3c1145..a56f68c 100644
--- a/drone-starlark/repos/chat/public-secrets.star
+++ b/drone-starlark/repos/chat/public-secrets.star
@@ -1,6 +1,5 @@
 publicSecrets = [
   "git-domain",
-  "local-docker-registry",
   "chat-admin-name",
   "chat-admin-email",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/chat/secret-secrets.star b/drone-starlark/repos/chat/secret-secrets.star
index 509b22a..2d1fba3 100644
--- a/drone-starlark/repos/chat/secret-secrets.star
+++ b/drone-starlark/repos/chat/secret-secrets.star
@@ -1,4 +1,3 @@
 secretSecrets = [
   "chat-admin-password",
-  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/commento/public-secrets.star b/drone-starlark/repos/commento/public-secrets.star
index 9daf73d..876adda 100644
--- a/drone-starlark/repos/commento/public-secrets.star
+++ b/drone-starlark/repos/commento/public-secrets.star
@@ -7,5 +7,5 @@ publicSecrets = [
   "commento-forbid-new-owners",
   "commento-postgres-db",
   "commento-postgres-user",
-  "commento-github-key", 
+  "commento-github-key",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/commento/secret-secrets.star b/drone-starlark/repos/commento/secret-secrets.star
index 964aa36..89a50fb 100644
--- a/drone-starlark/repos/commento/secret-secrets.star
+++ b/drone-starlark/repos/commento/secret-secrets.star
@@ -3,5 +3,4 @@ secretSecrets = [
   "commento-askimet-key",
   "commento-postgres-password",
   "commento-github-secret",
-  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/deploy-from-registry.star b/drone-starlark/repos/deploy-from-registry.star
new file mode 100644
index 0000000..9e59892
--- /dev/null
+++ b/drone-starlark/repos/deploy-from-registry.star
@@ -0,0 +1,39 @@
+load("@this//:from-secret.star", "fromSecret")
+load("@this//:map.star", "map")
+load("@this//:environment.star", "environment")
+load("@this//:export.star", "export")
+
+def deploy(
+  filename,
+  name,
+  folder,
+  secrets,
+  commands,
+  ctx
+):
+  return {
+    "name": "deploy {name}".format(name = name),
+    "image": "appleboy/drone-ssh",
+    "environment": environment(secrets),
+    "settings": {
+      "envs": [x.replace("-", "_") for x in secrets ],
+      "host": fromSecret("ssh-host"),
+      "port": fromSecret("ssh-port"),
+      "username": fromSecret("ssh-root-user"),
+      "password": fromSecret("ssh-root-password"),
+      "script": [
+        "set -e"
+      ] +
+      map(export, secrets) + 
+      [
+        "export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
+        "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
+        "docker network prune -f",
+        "cd {folder}".format(folder=folder),
+        'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
+        "docker stack rm {name}".format(name = name),
+        "sleep 30",
+        "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
+      ] + commands
+    }
+  }
diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star
index 9e59892..0f9dda1 100644
--- a/drone-starlark/repos/deploy.star
+++ b/drone-starlark/repos/deploy.star
@@ -30,7 +30,6 @@ def deploy(
         "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
         "docker network prune -f",
         "cd {folder}".format(folder=folder),
-        'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
         "docker stack rm {name}".format(name = name),
         "sleep 30",
         "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
diff --git a/drone-starlark/repos/drone/drone.star b/drone-starlark/repos/drone/drone.star
index 8fbbc8a..56290c8 100644
--- a/drone-starlark/repos/drone/drone.star
+++ b/drone-starlark/repos/drone/drone.star
@@ -13,7 +13,7 @@ load("@this//drone:public-secrets.star", "publicSecrets")
 load("@this//drone:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")
diff --git a/drone-starlark/repos/ghost/drone.star b/drone-starlark/repos/ghost/drone.star
index 6e17333..15fda2b 100644
--- a/drone-starlark/repos/ghost/drone.star
+++ b/drone-starlark/repos/ghost/drone.star
@@ -13,7 +13,7 @@ load("@this//ghost:public-secrets.star", "publicSecrets")
 load("@this//ghost:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")
diff --git a/drone-starlark/repos/gitea/drone.star b/drone-starlark/repos/gitea/drone.star
index 5c93d4b..c6b8244 100644
--- a/drone-starlark/repos/gitea/drone.star
+++ b/drone-starlark/repos/gitea/drone.star
@@ -13,7 +13,7 @@ load("@this//gitea:public-secrets.star", "publicSecrets")
 load("@this//gitea:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")
diff --git a/drone-starlark/repos/guacamole/drone.star b/drone-starlark/repos/guacamole/drone.star
index a5b2bc8..0205155 100644
--- a/drone-starlark/repos/guacamole/drone.star
+++ b/drone-starlark/repos/guacamole/drone.star
@@ -13,7 +13,7 @@ load("@this//guacamole:public-secrets.star", "publicSecrets")
 load("@this//guacamole:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")
diff --git a/drone-starlark/repos/matomo/secret-secrets.star b/drone-starlark/repos/matomo/secret-secrets.star
index 5c049ef..373c06d 100644
--- a/drone-starlark/repos/matomo/secret-secrets.star
+++ b/drone-starlark/repos/matomo/secret-secrets.star
@@ -1,5 +1,4 @@
 secretSecrets = [
   "matomo-mysql-root-password",
   "matomo-mysql-password",
-  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/portainer/secret-secrets.star b/drone-starlark/repos/portainer/secret-secrets.star
index d58bfd8..301110f 100644
--- a/drone-starlark/repos/portainer/secret-secrets.star
+++ b/drone-starlark/repos/portainer/secret-secrets.star
@@ -1,3 +1 @@
-secretSecrets = [
-  "registry-password",
-]
+secretSecrets = []
diff --git a/drone-starlark/repos/proxy/drone.star b/drone-starlark/repos/proxy/drone.star
index f1bee47..686ec5d 100644
--- a/drone-starlark/repos/proxy/drone.star
+++ b/drone-starlark/repos/proxy/drone.star
@@ -13,7 +13,7 @@ load("@this//proxy:public-secrets.star", "publicSecrets")
 load("@this//proxy:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
-load("@this//:deploy.star", "deploy")
+load("@this//:deploy-from-registry.star", "deploy")
 load("@this//:build-folder.star", "buildFolder")
 load("@this//:build-docker-folder.star", "buildDockerFolder")
 load("@this//:pipeline.star", "pipeline")
diff --git a/drone-starlark/repos/zabbix/public-secrets.star b/drone-starlark/repos/zabbix/public-secrets.star
index 19b8978..a3939ad 100644
--- a/drone-starlark/repos/zabbix/public-secrets.star
+++ b/drone-starlark/repos/zabbix/public-secrets.star
@@ -1,3 +1 @@
-publicSecrets = [
-  "local-docker-registry",
-]
\ No newline at end of file
+publicSecrets = []
\ No newline at end of file
diff --git a/drone-starlark/repos/zabbix/secret-secrets.star b/drone-starlark/repos/zabbix/secret-secrets.star
index 01d7873..621d7da 100644
--- a/drone-starlark/repos/zabbix/secret-secrets.star
+++ b/drone-starlark/repos/zabbix/secret-secrets.star
@@ -1,5 +1,4 @@
 secretSecrets = [
   "zabbix-mysql-root-password",
   "zabbix-mysql-password",
-  "registry-password",
 ]
\ No newline at end of file