Compare commits

..

4 Commits

Author SHA1 Message Date
Giles Bradshaw 647d239b5e ci: jsonnet drone
continuous-integration/drone/push Build was killed Details
2020-08-14 12:31:34 +01:00
Giles Bradshaw 5ff59905e0 ci: make docker:dind stable-dind
continuous-integration/drone/push Build was killed Details
2020-08-13 10:40:33 +01:00
Giles Bradshaw a53a18a7ca ci: docker versions
continuous-integration/drone/push Build was killed Details
upgraded drone versions + specified other versions
2020-08-13 10:03:13 +01:00
Giles Bradshaw 996f6b646a ci: added drone-runner-environ secret
continuous-integration/drone/push Build was killed Details
2020-08-12 14:36:06 +01:00
102 changed files with 1822 additions and 594 deletions

14
.drone-do.star Normal file
View File

@ -0,0 +1,14 @@
load("@this//drone:drone.star", "drone")
load("@this//drone:stack-name.star", "stackName")
load("@this//drone:stack-root.star", "stackRoot")
def main(ctx):
return drone(
ctx,
"do",
stackRoot,
stackName,
[]
)

17
.drone-home.star Normal file
View File

@ -0,0 +1,17 @@
load("@this//drone:drone.star", "drone")
load("@this//drone:stack-name.star", "stackName")
load("@this//drone:stack-root.star", "stackRoot")
def main(ctx):
return drone(
ctx,
"home-deploy",
stackRoot,
stackName,
[
"docker service scale proxy_letsencrypt-drone=0",
"docker service scale proxy_letsencrypt-drone=1",
]
)

View File

@ -1 +0,0 @@
echo 'nothing to build'

View File

@ -1,5 +0,0 @@
export LOCAL_DOCKER_REGISTRY=${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/
docker stack rm drone \
&& echo 'sleeping...zzz' \
&& sleep 60 \
&& docker stack deploy -c docker-compose.yml drone --with-registry-auth

View File

@ -1,75 +1,101 @@
local build = import 'lib/build.libsonnet';
local images = import 'lib/images.libsonnet';
local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet';
local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet';
local secretSecrets = import 'lib/secret-secrets.libsonnet'; local secretSecrets = import 'lib/secret-secrets.libsonnet';
local publicSecrets = import 'lib/public-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet';
local util = import 'lib/util.libsonnet';
local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; [
local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet';
local registry = import 'node_modules/@sigyl/jsonnet-drone/registry.libsonnet';
local save = import 'node_modules/@sigyl/jsonnet-drone/save.libsonnet';
local build = import 'node_modules/@sigyl/jsonnet-drone/build.libsonnet';
local print = import 'node_modules/@sigyl/jsonnet-drone/print.libsonnet';
local droneImages = import 'node_modules/@sigyl/jsonnet-drone/drone-images.libsonnet';
local config = {
registry: '',
name: 'drone',
root: 'stack'
};
local defs = [
{ {
load: 'drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92', kind: 'pipeline',
save: 'drone/drone:2.4.0' type: 'docker',
name: 'build',
clone: {
disable: false,
depth: 0,
},
/*trigger: {
event: [
'tag',
],
},*/
services: [
images.docker {
privileged: true,
volumes: [
{
name: 'dockersock',
path: '/var/run',
}, },
{ {
load: 'drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c', name: 'ca',
save: 'drone/drone-runner-docker:1.6.3' path: '/etc/docker/certs.d',
}, },
];
[
register,
registry(
config {
secrets: [
'REGISTRY_DOMAIN',
'REGISTRY_PORT',
'REGISTRY_PASSWORD'
], ],
images: defs,
}, },
),
save(config)(
defs,
[],
),
print(config)(
[],
publicSecrets,
secretSecrets,
),
build(config)(
[],
),
droneImages(config),
deploy(config)(
[
'REGISTRY_DOMAIN',
'REGISTRY_PORT',
'REGISTRY_PASSWORD',
'SCHEME',
], ],
volumes: [
{
name: 'dockersock',
temp: {},
},
{
name: 'ca',
host: {
path: '/etc/docker/certs.d',
},
},
],
steps:[
compose(
std.map(
function(secret) util.printEnv('env-drone', secret),
publicSecrets, publicSecrets,
secretSecrets, )
[], )
(
images.ssh {
settings +: {
script: [
'rm -f env-drone',
],
},
},
) { ) {
trigger +: { name: 'print env',
event +: [
'promote',
],
target +: [
'production',
],
}, },
images.scp(
'/stack/drone'
),
images.wait(15),
build,
compose(
std.map(
function(secret) environment.envSet(secret),
publicSecrets + secretSecrets,
),
)(
images.ssh {
name: 'deploy stack',
settings +: {
script +:
std.map(
function(secret)
'export %(env)s=$${%(env)s}' % {
env: environment.environment(secret)
}, },
secretSecrets + publicSecrets,
) +
[
'set -e',
"cd /stack/drone",
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
'sh pull.sh',
'sh deploy.sh',
]
}
},
),
],
}
] ]

View File

@ -1,256 +1,3 @@
---
kind: pipeline
type: docker
name: register
platform:
os: linux
arch: amd64
clone:
disable: true
trigger:
event:
exclude:
- promote
---
kind: pipeline
type: docker
name: registry
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: drone/drone:2.4.0
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
commands:
- set -e
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- "n=0\nwhile :\ndo\n docker pull drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 \\\\\n && docker tag drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n"
environment:
REGISTRY_DOMAIN:
from_secret: registry-domain
REGISTRY_PASSWORD:
from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
volumes:
- name: dockersock
path: /var/run
- name: drone/drone-runner-docker:1.6.3
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
commands:
- set -e
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- "n=0\nwhile :\ndo\n docker pull drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c \\\\\n && docker tag drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n"
environment:
REGISTRY_DOMAIN:
from_secret: registry-domain
REGISTRY_PASSWORD:
from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
volumes:
- name: dockersock
path: /var/run
services:
- name: docker
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
- name: daemonjson
path: /etc/docker/daemon.json
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /etc/docker/certs.d
- name: daemonjson
host:
path: /etc/docker/daemon.json
image_pull_secrets:
- dockerconfigjson
trigger:
event:
- promote
target:
- registry
---
kind: pipeline
type: docker
name: save
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: mkdir
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
script:
- mkdir -p /stack/.images/drone/built
- rm -f /stack/.images/drone/*.*
- rm -f /stack/.images/drone/built/*.*
- name: drone/drone:2.4.0
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
- destination_registry
script:
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0
- docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 -o /stack/.images/drone/drone_drone:2.4.0.tar
- echo "docker load < drone_drone:2.4.0.tar" >> /stack/.images/drone/load.sh
- echo "docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 $${DESTINATION_REGISTRY}/stack/drone/drone/drone:2.4.0" >> /stack/.images/drone/load.sh
- name: drone/drone-runner-docker:1.6.3
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
- destination_registry
script:
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3
- docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 -o /stack/.images/drone/drone_drone-runner-docker:1.6.3.tar
- echo "docker load < drone_drone-runner-docker:1.6.3.tar" >> /stack/.images/drone/load.sh
- echo "docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 $${DESTINATION_REGISTRY}/stack/drone/drone/drone-runner-docker:1.6.3" >> /stack/.images/drone/load.sh
trigger:
event:
- promote
target:
- save
---
kind: pipeline
type: docker
name: print
platform:
os: linux
arch: amd64
steps:
- name: print env
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- scheme
- domain
- registry_domain
- registry_port
- drone_gitea_client_id
- drone_gitea_server
- drone_server_host
- ssh_host
- ssh_username
- ssh_port
- drone_gitea_client_secret
- drone_rpc_secret
- ssh_key
- registry_password
script:
- rm -f env-drone
- "echo \"export SCHEME='$${SCHEME}'\" >> env-drone # \"scheme\""
- "echo \"export DOMAIN='$${DOMAIN}'\" >> env-drone # \"domain\""
- "echo \"export REGISTRY_DOMAIN='$${REGISTRY_DOMAIN}'\" >> env-drone # \"registry-domain\""
- "echo \"export REGISTRY_PORT='$${REGISTRY_PORT}'\" >> env-drone # \"registry-port\""
- "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\""
- "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\""
- "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\""
- "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-drone # \"ssh-host\""
- "echo \"export SSH_USERNAME='$${SSH_USERNAME}'\" >> env-drone # \"ssh-username\""
- "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-drone # \"ssh-port\""
- "echo \"export DRONE_GITEA_CLIENT_SECRET='$${DRONE_GITEA_CLIENT_SECRET}'\" >> env-drone # \"drone-gitea-client-secret\""
- "echo \"export DRONE_RPC_SECRET='$${DRONE_RPC_SECRET}'\" >> env-drone # \"drone-rpc-secret\""
- "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-drone # \"ssh-key\""
- "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\""
environment:
DOMAIN:
from_secret: domain
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
DRONE_GITEA_SERVER:
from_secret: drone-gitea-server
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_SERVER_HOST:
from_secret: drone-server-host
REGISTRY_DOMAIN:
from_secret: registry-domain
REGISTRY_PASSWORD:
from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
SCHEME:
from_secret: scheme
SSH_HOST:
from_secret: ssh-host
SSH_KEY:
from_secret: ssh-key
SSH_PORT:
from_secret: ssh-port
SSH_USERNAME:
from_secret: ssh-username
trigger:
event:
- promote
target:
- print
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@ -261,62 +8,8 @@ platform:
arch: amd64 arch: amd64
steps: steps:
- name: "dockerbuild:" - name: print env
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f image: appleboy/drone-ssh:1.6.2
commands:
- set -e
- export NAME=drone
- export ROOT=stack
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- sh .drone/build.sh
- sh .drone/push.sh
volumes:
- name: dockersock
path: /var/run
services:
- name: docker
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
- name: daemonjson
path: /etc/docker/daemon.json
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /etc/docker/certs.d
- name: daemonjson
host:
path: /etc/docker/daemon.json
trigger:
event:
- promote
target:
- build
---
kind: pipeline
type: docker
name: drone-images
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: mkdir
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings: settings:
envs: envs:
- drone_tag - drone_tag
@ -324,141 +17,128 @@ steps:
- drone_build_number - drone_build_number
- drone_repo_name - drone_repo_name
- drone_repo_namespace - drone_repo_namespace
script: - drone_domain
- mkdir -p /stack/.images/drone/drone-images
- rm -f /stack/.images/drone/drone-images/*.*
- name: docker
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
script:
- docker pull docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
- docker save docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f -o /stack/.images/drone/drone-images/docker.tar
- echo "docker load docker.tar" >> /stack/.images/drone/drone-images/load.sh
- name: scp
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
script:
- docker pull appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47
- docker save appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 -o /stack/.images/drone/drone-images/scp.tar
- echo "docker load scp.tar" >> /stack/.images/drone/drone-images/load.sh
- name: ssh
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
script:
- docker pull appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
- docker save appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea -o /stack/.images/drone/drone-images/ssh.tar
- echo "docker load ssh.tar" >> /stack/.images/drone/drone-images/load.sh
trigger:
event:
- promote
target:
- drone-images
---
kind: pipeline
type: docker
name: deploy
platform:
os: linux
arch: amd64
steps:
- name: scp
image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47
settings:
command_timeout: 2m
source:
- .
target: /stack/drone
- name: deploy
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- scheme
- domain
- registry_domain
- registry_port
- drone_gitea_client_id - drone_gitea_client_id
- drone_gitea_server - drone_gitea_server
- drone_server_host - drone_server_host
- ssh_host - local_docker_registry
- ssh_username - drone_runner_environ
- ssh_port host:
from_secret: ssh-host
password:
from_secret: ssh-password
port:
from_secret: ssh-port
script:
- rm -f env-drone
- "echo \"export DRONE_DOMAIN='$${DRONE_DOMAIN}'\" >> env-drone # \"drone-domain\""
- "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\""
- "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\""
- "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\""
- "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-drone # \"local-docker-registry\""
- "echo \"export DRONE_RUNNER_ENVIRON='$${DRONE_RUNNER_ENVIRON}'\" >> env-drone # \"drone-runner-environ\""
username:
from_secret: ssh-user
environment:
DRONE_DOMAIN:
from_secret: drone-domain
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_SERVER:
from_secret: drone-gitea-server
DRONE_RUNNER_ENVIRON:
from_secret: drone-runner-environ
DRONE_SERVER_HOST:
from_secret: drone-server-host
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
- name: scp
image: appleboy/drone-scp:1.6.2
settings:
command_timeout: 2m
host:
from_secret: ssh-host
password:
from_secret: ssh-password
port:
from_secret: ssh-port
source:
- .
target: /stack/drone
username:
from_secret: ssh-user
- name: wait
image: alpine
commands:
- sleep 15
- name: "dockerbuild:"
image: docker:dind
commands:
- set -e
- docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"
- sh build.sh
- sh push.sh
- docker logout $${LOCAL_DOCKER_REGISTRY}
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
REGISTRY_PASSWORD:
from_secret: registry-password
volumes:
- name: dockersock
path: /var/run
- name: deploy stack
image: appleboy/drone-ssh:1.6.2
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- drone_domain
- drone_gitea_client_id
- drone_gitea_server
- drone_server_host
- local_docker_registry
- drone_runner_environ
- drone_convert_secret
- drone_gitea_client_secret - drone_gitea_client_secret
- drone_rpc_secret - drone_rpc_secret
- ssh_key
- registry_password - registry_password
- registry_domain host:
- registry_port from_secret: ssh-host
- registry_password password:
- scheme from_secret: ssh-password
port:
from_secret: ssh-port
script: script:
- export DRONE_CONVERT_SECRET=$${DRONE_CONVERT_SECRET}
- export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET} - export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET}
- export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET} - export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET}
- export SSH_KEY=$${SSH_KEY}
- export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}
- export SCHEME=$${SCHEME} - export DRONE_DOMAIN=$${DRONE_DOMAIN}
- export DOMAIN=$${DOMAIN}
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
- export REGISTRY_PORT=$${REGISTRY_PORT}
- export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID} - export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID}
- export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER} - export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER}
- export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST} - export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST}
- export SSH_HOST=$${SSH_HOST} - export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY}
- export SSH_USERNAME=$${SSH_USERNAME} - export DRONE_RUNNER_ENVIRON=$${DRONE_RUNNER_ENVIRON}
- export SSH_PORT=$${SSH_PORT}
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
- export REGISTRY_PORT=$${REGISTRY_PORT}
- export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}
- export SCHEME=$${SCHEME}
- set -e - set -e
- export NAME=drone
- export ROOT=stack
- cd /stack/drone - cd /stack/drone
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n" - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"
- sh .drone/pull.sh - sh pull.sh
- sh .drone/deploy.sh - sh deploy.sh
username:
from_secret: ssh-user
environment: environment:
DOMAIN: DRONE_CONVERT_SECRET:
from_secret: domain from_secret: drone-convert-secret
DRONE_DOMAIN:
from_secret: drone-domain
DRONE_GITEA_CLIENT_ID: DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET: DRONE_GITEA_CLIENT_SECRET:
@ -467,31 +147,30 @@ steps:
from_secret: drone-gitea-server from_secret: drone-gitea-server
DRONE_RPC_SECRET: DRONE_RPC_SECRET:
from_secret: drone-rpc-secret from_secret: drone-rpc-secret
DRONE_RUNNER_ENVIRON:
from_secret: drone-runner-environ
DRONE_SERVER_HOST: DRONE_SERVER_HOST:
from_secret: drone-server-host from_secret: drone-server-host
REGISTRY_DOMAIN: LOCAL_DOCKER_REGISTRY:
from_secret: registry-domain from_secret: local-docker-registry
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry-password from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
SCHEME:
from_secret: scheme
SSH_HOST:
from_secret: ssh-host
SSH_KEY:
from_secret: ssh-key
SSH_PORT:
from_secret: ssh-port
SSH_USERNAME:
from_secret: ssh-username
trigger: services:
event: - name: docker
- promote image: docker:dind
- promote privileged: true
target: volumes:
- deploy - name: dockersock
- production path: /var/run
- name: ca
path: /etc/docker/certs.d
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /etc/docker/certs.d
... ...

View File

@ -0,0 +1,23 @@
local images = import 'images.libsonnet';
local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet';
images.docker {
name +: 'build:',
environment +: environment.environmentSecrets([
'LOCAL_DOCKER_REGISTRY',
'REGISTRY_PASSWORD',
]),
volumes: [
{
name: 'dockersock',
path: '/var/run',
},
],
commands: [
'set -e',
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
'sh build.sh',
'sh push.sh',
'docker logout $${LOCAL_DOCKER_REGISTRY}',
],
}

View File

@ -0,0 +1,38 @@
local settings = import 'settings.libsonnet';
{
docker: {
name: 'docker',
image: 'docker:dind',
},
scp(target): settings.ssh {
name: 'scp',
image: 'appleboy/drone-scp:1.6.2',
settings +: {
command_timeout: '2m',
target: target,
source: [
'.',
],
},
},
ssh: settings.ssh {
image: 'appleboy/drone-ssh:1.6.2',
settings +: {
envs: [
'drone_tag',
'drone_commit',
'drone_build_number',
'drone_repo_name',
'drone_repo_namespace',
],
script: [],
},
},
wait(delay): {
image: 'alpine',
name: 'wait',
commands: [
'sleep %s' % delay,
],
}
}

View File

@ -1,12 +1,8 @@
[ [
'scheme', 'drone-domain',
'domain',
'registry-domain',
'registry-port',
'drone-gitea-client-id', 'drone-gitea-client-id',
'drone-gitea-server', 'drone-gitea-server',
'drone-server-host', 'drone-server-host',
'ssh-host', 'local-docker-registry',
'ssh-username', 'drone-runner-environ',
'ssh-port'
] ]

View File

@ -1,6 +1,6 @@
[ [
'drone-convert-secret',
'drone-gitea-client-secret', 'drone-gitea-client-secret',
'drone-rpc-secret', 'drone-rpc-secret',
'ssh-key',
'registry-password', 'registry-password',
] ]

View File

@ -0,0 +1,11 @@
local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet';
{
ssh: {
settings +: {
host: environment.fromSecret('ssh-host'),
port: environment.fromSecret('ssh-port'),
username: environment.fromSecret('ssh-user'),
password: environment.fromSecret('ssh-password'),
},
},
}

18
.drone/lib/util.libsonnet Normal file
View File

@ -0,0 +1,18 @@
local compose = import '../node_modules/@sigyl/jsonnet-compose/compose.libsonnet';
local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet';
{
printEnv(file, env): function(step) compose([
environment.envSet(env),
function(step) step {
settings +: {
script +: [
'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % {
environment: environment.environment(env),
file: file,
secret: environment.secret(env),
},
],
},
},
])(step),
}

View File

@ -4,6 +4,7 @@
"build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream"
}, },
"dependencies": { "dependencies": {
"@sigyl/jsonnet-drone": "^1.0.0" "@sigyl/jsonnet-compose": "^0.0.2",
"@sigyl/jsonnet-drone-environment": "0.0.5"
} }
} }

View File

@ -1 +0,0 @@
echo 'nothing to pull'

View File

@ -1 +0,0 @@
echo 'nothing to push'

37
.drone/yarn-error.log Normal file
View File

@ -0,0 +1,37 @@
Arguments:
/usr/bin/node /home/giles/.yarn/bin/yarn.js
PATH:
/home/giles/.yarn/bin:/home/giles/.config/yarn/global/node_modules/.bin:/home/giles/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin
Yarn version:
1.22.4
Node version:
11.14.0
Platform:
linux x64
Trace:
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1176:34)
at TLSSocket.emit (events.js:193:13)
at TLSSocket._finishInit (_tls_wrap.js:667:8)
npm manifest:
{
"private": true,
"scripts": {
"build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream"
},
"dependencies": {
"@sigyl/jsonnet-compose": "^0.0.2"
}
}
yarn manifest:
No manifest
Lockfile:
No lockfile

View File

@ -11,11 +11,3 @@
version "0.0.5" version "0.0.5"
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff"
integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw==
"@sigyl/jsonnet-drone@^1.0.0":
version "1.0.0"
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-1.0.0.tgz#943bd8a1abc8a916026944816709f5ed1d8e7ef8"
integrity sha512-ubyVC1/nAM584wTnnRBZTOP18z28Yy7SRApvSuo/3y2arngKlNI1FwOzKTFt/7L9+rNy19dRO/g0obEkyR3KmA==
dependencies:
"@sigyl/jsonnet-compose" "^0.0.2"
"@sigyl/jsonnet-drone-environment" "0.0.5"

View File

@ -2,42 +2,4 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
### [0.0.10](https://sigyl.com///compare/v0.0.9...v0.0.10) "chore(release): 0.0.10" (2020-09-24)
### Bug Fixes
* retries only 10 times ([fc63973](https://sigyl.com///commit/fc6397378f786b5ca8f80aae60775d2c4600d727))
### [0.0.9](https://sigyl.com///compare/v0.0.8...v0.0.9) "chore(release): 0.0.9" (2020-09-24)
### Features
* registry ([9d29eeb](https://sigyl.com///commit/9d29eeb26ed10c7d7d03cb0f0385e3039b0c0023))
### [0.0.8](https://sigyl.com///compare/v0.0.7...v0.0.8) "chore(release): 0.0.8" (2020-09-22)
### Bug Fixes
* ssh_username variable ([2348377](https://sigyl.com///commit/2348377415532dd5b2d1a33ce91e98ec280486fa))
### [0.0.7](https://sigyl.com///compare/v0.0.6...v0.0.7) "chore(release): 0.0.7" (2020-08-28)
### [0.0.6](https://sigyl.com///compare/v0.0.5...v0.0.6) "chore(release): 0.0.6" (2020-08-26)
### [0.0.5](https://sigyl.com///compare/v0.0.1...v0.0.5) "chore(release): 0.0.5" (2020-08-26)
### Bug Fixes
* chnaged to jsonnet for build ([af8d7a3](https://sigyl.com///commit/af8d7a3caa77d7476d8551cc5c0c944d31285493))
### [0.0.4](https://sigyl.com///compare/v0.0.3...v0.0.4) "chore(release): 0.0.4" (2020-08-19)
### [0.0.3](https://sigyl.com///compare/v0.0.2...v0.0.3) "chore(release): 0.0.3" (2020-08-19)
### [0.0.2](https://sigyl.com///compare/v0.0.1...v0.0.2) "chore(release): 0.0.2" (2020-08-19)
### 0.0.1 "chore(release): 0.0.1" (2020-08-11) ### 0.0.1 "chore(release): 0.0.1" (2020-08-11)

1
build.sh Normal file
View File

@ -0,0 +1 @@
docker build drone-starlark -t ${LOCAL_DOCKER_REGISTRY}drone-starlark

4
deploy.sh Normal file
View File

@ -0,0 +1,4 @@
docker stack rm drone
echo 'sleeping...zzz'
sleep 60
docker stack deploy -c docker-compose.yml drone

View File

@ -8,10 +8,10 @@ services:
replicas: 1 replicas: 1
restart_policy: restart_policy:
condition: any condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone/drone:2.4.0 image: drone/drone:1.9.0
volumes: volumes:
- drone-5:/var/lib/drone - drone:/var/lib/drone
- drone-data-5:/data - drone-data:/data
environment: environment:
- DRONE_LOGS_DEBUG=true - DRONE_LOGS_DEBUG=true
- DRONE_LOGS_PRETTY=true - DRONE_LOGS_PRETTY=true
@ -20,12 +20,14 @@ services:
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
- DRONE_ADMIN=giles - DRONE_ADMIN=giles
- DRONE_SERVER_PROTO=${SCHEME} # tunnel adds https on top - DRONE_SERVER_PROTO=https # tunnel adds https on top
- DRONE_SERVER_PORT=:8080 - DRONE_SERVER_PORT=:8080
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:giles,admin:true - DRONE_USER_CREATE=username:giles,admin:true
- DRONE_AGENTS_ENABLED=true - DRONE_AGENTS_ENABLED=true
- DRONE_JSONNET_ENABLED=true - DRONE_JSONNET_ENABLED=true
- DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
- DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
networks: networks:
- appnet - appnet
- externalnet - externalnet
@ -37,7 +39,7 @@ services:
replicas: 1 replicas: 1
restart_policy: restart_policy:
condition: any condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone/drone-runner-docker:1.6.3 image: drone/drone-runner-docker:1.4.0
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
environment: environment:
@ -46,12 +48,29 @@ services:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_CAPACITY=8
- DRONE_RUNNER_NAME="docker-runner" - DRONE_RUNNER_NAME="docker-runner"
- DRONE_RUNNER_ENVIRON=SCHEME:$SCHEME,DOMAIN:$DOMAIN,REGISTRY_DOMAIN:$REGISTRY_DOMAIN,REGISTRY_PORT:$REGISTRY_PORT,REGISTRY_PASSWORD:$REGISTRY_PASSWORD,SSH_HOST:$SSH_HOST,SSH_PORT:$SSH_PORT,SSH_USERNAME:$SSH_USERNAME,SSH_KEY:$SSH_KEY - DRONE_RUNNER_ENVIRON=${DRONE_RUNNER_ENVIRON}
networks:
- appnet
drone-starlark:
# drone starlark server converts starlark to yaml
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
environment:
- DRONE_DEBUG=true
- DRONE_SECRET=${DRONE_CONVERT_SECRET}
- DRONE_STARLARK_REPO_PATHS=this:/repos
- SIGYL_STACK_NAME=$SIGYL_STACK_NAME
- SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
networks: networks:
- appnet - appnet
volumes: volumes:
drone-5: drone:
drone-data-5: drone-data:
networks: networks:
appnet: appnet:

View File

@ -0,0 +1,8 @@
FROM drone/drone-convert-starlark:1.1.0-beta.1
COPY repos /repos
COPY run.sh /
USER root
RUN apk update
RUN apk add gettext # enables envsubst
ENTRYPOINT []
CMD sh /run.sh

View File

@ -0,0 +1,33 @@
load("@this//:environment.star", "environment")
def buildDockerFolder(
dockerFile,
image,
tag,
folder,
name,
):
return {
"name": "build-{name}".format(
name = name,
),
"image": "docker:stable-dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password",
]),
"commands": [
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"sh build-docker-folder.sh {dockerFile} {image} {tag}".format(
image = image,
dockerFile = dockerFile,
tag = tag,
),
],
}

View File

@ -0,0 +1,24 @@
load("@this//:environment.star", "environment")
def buildFolder(name, folder):
return {
"name": "build-{folder} {name}".format(
folder=folder,
name=name,
),
"image": "docker:stable-dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password",
]),
"commands": [
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
],
}

View File

@ -0,0 +1,23 @@
load("@this//:environment.star", "environment")
def build(name):
return {
"name": "build-{name}".format(name=name),
"image": "docker:stable-dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password"
]),
"commands": [
"cd {name}".format(name=name),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
"docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
],
}

View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//chat:public-secrets.star", "publicSecrets")
load("@this//chat:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-chat",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,5 @@
publicSecrets = [
"git-domain",
"chat-admin-name",
"chat-admin-email",
]

View File

@ -0,0 +1,3 @@
secretSecrets = [
"chat-admin-password",
]

View File

@ -0,0 +1 @@
stackName='chat'

View File

@ -0,0 +1 @@
stackRoot='/stack/chat'

View File

@ -0,0 +1,16 @@
load("@this//:from-secret.star", "fromSecret")
def clear(folder):
return {
"name": "clear",
"image": "appleboy/drone-ssh:1.6.2",
"settings": {
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [
"rm -r -f {folder}".format(folder = folder),
]
}
}

View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//commento:public-secrets.star", "publicSecrets")
load("@this//commento:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-commento",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,11 @@
publicSecrets = [
"commento-origin",
"commento-smtp-host",
"commento-smtp-port",
"commento-smtp-username",
"commento-smtp-from-address",
"commento-forbid-new-owners",
"commento-postgres-db",
"commento-postgres-user",
"commento-github-key",
]

View File

@ -0,0 +1,6 @@
secretSecrets = [
"commento-smtp-password",
"commento-askimet-key",
"commento-postgres-password",
"commento-github-secret",
]

View File

@ -0,0 +1 @@
stackName='commento'

View File

@ -0,0 +1 @@
stackRoot='/stack/commento'

View File

@ -0,0 +1,39 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh:1.6.2",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

View File

@ -0,0 +1,38 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh:1.6.2",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//drone:public-secrets.star", "publicSecrets")
load("@this//drone:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
build("drone-starlark"),
printSecrets(
"env-drone",
publicSecrets,
secretSecrets,
),
pull(
"pull images",
[
"drone-starlark",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,8 @@
publicSecrets = [
"drone-domain",
"drone-gitea-client-id",
"drone-gitea-server",
"drone-server-host",
"local-docker-registry",
"drone-runner-environ"
]

View File

@ -0,0 +1,6 @@
secretSecrets = [
"drone-convert-secret",
"drone-gitea-client-secret",
"drone-rpc-secret",
"registry-password",
]

View File

@ -0,0 +1 @@
stackName='drone'

View File

@ -0,0 +1 @@
stackRoot='/stack/drone'

View File

@ -0,0 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echoSecret(secret):
return 'echo "export {environment}=???? ${environment}" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

View File

@ -0,0 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echo(secret):
return 'echo "export {environment}=\'${environment}\'" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

View File

@ -0,0 +1,5 @@
load("@this//:from-secret.star", "fromSecret")
def environment(env):
return dict(
[(x.replace("-", "_").upper(), fromSecret(x)) for x in env]
)

View File

@ -0,0 +1,6 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def export(secret):
return "export {toCaps}=${toCaps}".format(
toCaps = secretToEnvironment(secret),
)

View File

@ -0,0 +1,4 @@
def fromSecret(name):
return {
"from_secret": name
}

View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//ghost:public-secrets.star", "publicSecrets")
load("@this//ghost:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-ghost",
publicSecrets,
secretSecrets,
),
build("ghost"),
pull(
"pull images",
[
"ghost",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,7 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"ghost-mail-service",
"ghost-mail-user",
"commento-origin",
]

View File

@ -0,0 +1,4 @@
secretSecrets = [
"ghost-mysql-root-password",
"registry-password",
]

View File

@ -0,0 +1 @@
stackName='ghost'

View File

@ -0,0 +1 @@
stackRoot='/stack/ghost'

View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//gitea:public-secrets.star", "publicSecrets")
load("@this//gitea:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-gitea",
publicSecrets,
secretSecrets,
),
build("gitea"),
pull(
"pull images",
[
"gitea",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,8 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"gitea-mailer-host",
"gitea-mailer-from",
"gitea-mailer-user",
"gitea-app-name",
]

View File

@ -0,0 +1,8 @@
secretSecrets = [
"gitea-server-lfs-jwt-secret",
"gitea-security-secret-key",
"gitea-security-internal-token",
"gitea-oauth2-jwt-secret",
"gitea-mailer-passwd",
"registry-password",
]

View File

@ -0,0 +1 @@
stackName='gitea'

View File

@ -0,0 +1 @@
stackRoot='/stack/gitea'

View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//guacamole:public-secrets.star", "publicSecrets")
load("@this//guacamole:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-guacamole",
publicSecrets,
secretSecrets,
),
build("guacamole-postgresql"),
pull(
"pull images",
[
"guacamole-postgresql",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,5 @@
publicSecrets = [
"local-docker-registry",
"guacamole-postgres-db",
"guacamole-postgres-user",
]

View File

@ -0,0 +1,4 @@
secretSecrets = [
"guacamole-postgres-password",
"registry-password",
]

View File

@ -0,0 +1 @@
stackName='guacamole'

View File

@ -0,0 +1 @@
stackRoot='/stack/guacamole'

View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//huginn:public-secrets.star", "publicSecrets")
load("@this//huginn:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-huginn",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,7 @@
publicSecrets = [
"smtp-domain",
"smtp-user-name",
"smtp-server",
"email-from-address",
"smtp-port",
]

View File

@ -0,0 +1,5 @@
secretSecrets = [
"smtp-password",
"invitation-code",
"database-password",
]

View File

@ -0,0 +1 @@
stackName='huginn'

View File

@ -0,0 +1 @@
stackRoot='/stack/huginn'

View File

@ -0,0 +1,2 @@
def map(fn, l):
return [fn(x) for x in l]

View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//matomo:public-secrets.star", "publicSecrets")
load("@this//matomo:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-matomo",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1 @@
publicSecrets = []

View File

@ -0,0 +1,4 @@
secretSecrets = [
"matomo-mysql-root-password",
"matomo-mysql-password",
]

View File

@ -0,0 +1 @@
stackName='matomo'

View File

@ -0,0 +1 @@
stackRoot='/stack/matomo'

View File

@ -0,0 +1,32 @@
def pipeline(
name,
steps,
dependsOn,
volumes,
dockerVolumes
):
return {
"kind": "pipeline",
"name": name,
"depends_on": dependsOn,
"steps": steps,
"services": [
{
"name": "docker",
"image": "docker:stable-dind",
"privileged": True,
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
] + dockerVolumes,
}
],
"volumes": [
{
"name": "dockersock",
"temp": {},
},
] + volumes,
}

View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//portainer:public-secrets.star", "publicSecrets")
load("@this//portainer:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-portainer",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1 @@
publicSecrets = []

View File

@ -0,0 +1 @@
secretSecrets = []

View File

@ -0,0 +1 @@
stackName='portainer'

View File

@ -0,0 +1 @@
stackRoot='/stack/portainer'

View File

@ -0,0 +1,24 @@
load("@this//:map.star", "map")
load("@this//:from-secret.star", "fromSecret")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
def printSecrets(filename, env, secretEnv):
return {
"name": "print secrets",
"image": "appleboy/drone-ssh:1.6.2",
"environment": environment(env + secretEnv),
"settings": {
"envs": [x.replace("-", "_") for x in env + secretEnv ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [x.replace("***filename***", filename) for x in [
"rm -f ***filename***",
] + map(echo, env)
+ map(echo, secretEnv)]
}
}

View File

@ -0,0 +1,108 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//proxy:public-secrets.star", "publicSecrets")
load("@this//proxy:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-proxy",
publicSecrets,
secretSecrets,
),
build("ngrok-gitea"),
build("registry"),
build("letsencrypt-nginx"),
buildDockerFolder(
"Dockerfile.git",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-git",
"letsencrypt-nginx",
"git",
),
buildDockerFolder(
"Dockerfile.huginn",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-huginn",
"letsencrypt-nginx",
"huginn",
),
buildDockerFolder(
"Dockerfile.drone",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone",
"letsencrypt-nginx",
"drone",
),
pull(
"pull images",
[
"ngrok-gitea",
"registry",
"letsencrypt-git",
"letsencrypt-drone",
"letsencrypt-huginn",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1,7 @@
publicSecrets = [
"certbot-email",
"drone-domain",
"huginn-domain",
"git-domain",
"local-docker-registry",
]

View File

@ -0,0 +1,5 @@
secretSecrets = [
"ngrok-auth-token",
"registry-password",
"new-registry-password",
]

View File

@ -0,0 +1 @@
stackName='proxy'

View File

@ -0,0 +1 @@
stackRoot='/stack/proxy'

View File

@ -0,0 +1,31 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def pull(
name,
images,
):
secrets = [
"local-docker-registry",
"registry-password",
]
return {
"name": name,
"image": "appleboy/drone-ssh:1.6.2",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
['docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"'] +
["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ]
}
}

View File

@ -0,0 +1,21 @@
load("@this//:from-secret.star", "fromSecret")
def rescale(
service,
scaleTo
):
return {
"name": "rescale {service}".format(service=service),
"image": "appleboy/drone-ssh:1.6.2",
"settings": {
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e",
"docker service scale {service}=0".format(service=service),
"docker service scale {service}={scaleTo}".format(service=service, scaleTo=scaleTo),
]
}
}

View File

@ -0,0 +1,25 @@
def scp(target):
return {
"name": "scp files",
"image": "appleboy/drone-scp:1.6.2",
"settings": {
"host": {
"from_secret": "ssh-host",
},
"username": {
"from_secret": "ssh-user",
},
"password": {
"from_secret": "ssh-password",
},
"port": {
"from_secret": "ssh-port",
},
"command_timeout": "2m",
"target": target,
"source": [
".",
],
},
}

View File

@ -0,0 +1,2 @@
def secretToEnvironment(secret):
return secret.replace("-", "_").upper()

View File

@ -0,0 +1,8 @@
def wait(delay, name):
return {
"name": name,
"image": "alpine:3.12.0",
"commands": [
"sleep {delay}".format(delay = delay),
],
}

View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//zabbix:public-secrets.star", "publicSecrets")
load("@this//zabbix:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-zabbix",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

View File

@ -0,0 +1 @@
publicSecrets = []

View File

@ -0,0 +1,4 @@
secretSecrets = [
"zabbix-mysql-root-password",
"zabbix-mysql-password",
]

View File

@ -0,0 +1 @@
stackName='zabbix'

View File

@ -0,0 +1 @@
stackRoot='/stack/zabbix'

34
drone-starlark/run.sh Normal file
View File

@ -0,0 +1,34 @@
envsubst < /repos/proxy/stack-name._star > /repos/proxy/stack-name.star
envsubst < /repos/proxy/stack-root._star > /repos/proxy/stack-root.star
envsubst < /repos/drone/stack-name._star > /repos/drone/stack-name.star
envsubst < /repos/drone/stack-root._star > /repos/drone/stack-root.star
envsubst < /repos/commento/stack-name._star > /repos/commento/stack-name.star
envsubst < /repos/commento/stack-root._star > /repos/commento/stack-root.star
envsubst < /repos/ghost/stack-name._star > /repos/ghost/stack-name.star
envsubst < /repos/ghost/stack-root._star > /repos/ghost/stack-root.star
envsubst < /repos/gitea/stack-name._star > /repos/gitea/stack-name.star
envsubst < /repos/gitea/stack-root._star > /repos/gitea/stack-root.star
envsubst < /repos/guacamole/stack-name._star > /repos/guacamole/stack-name.star
envsubst < /repos/guacamole/stack-root._star > /repos/guacamole/stack-root.star
envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star
envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star
envsubst < /repos/huginn/stack-name._star > /repos/huginn/stack-name.star
envsubst < /repos/huginn/stack-root._star > /repos/huginn/stack-root.star
envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star
envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star
envsubst < /repos/zabbix/stack-name._star > /repos/zabbix/stack-name.star
envsubst < /repos/zabbix/stack-root._star > /repos/zabbix/stack-root.star
envsubst < /repos/portainer/stack-name._star > /repos/portainer/stack-name.star
envsubst < /repos/portainer/stack-root._star > /repos/portainer/stack-root.star
/bin/drone-convert-starlark

View File

@ -1,3 +0,0 @@
drone jsonnet --source .drone/$1.jsonnet --target .drone/$1.yml --stream \
&& git add .drone/$1.yml \
&& echo .drone/$1.yml \

View File

@ -1,2 +1,3 @@
sh git-hooks/build.sh drone-home \ drone jsonnet --source .drone/drone-home.jsonnet --target .drone/drone-home.yml --stream \
&& git add .drone/drone-home.yml \
&& echo "jsonnet built" && echo "jsonnet built"

View File

@ -1,7 +1,7 @@
{ {
"private": true, "private": true,
"name": "drone", "name": "drone",
"version": "0.0.10", "version": "0.0.1",
"description": "drone ci", "description": "drone ci",
"scripts": { "scripts": {
"deploy": "sh deploy.sh", "deploy": "sh deploy.sh",

Some files were not shown because too many files have changed in this diff Show More