stack
/
drone
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Compare commits

base: stack:master
Branches Tags
stack:master
stack:upgrade
stack:deploy-at-home
stack:save
stack:drone-images
stack:fixsecrets
stack:promotion
stack:nginx-80
stack:develop
stack:deploy
stack:renovate/configure
stack:home-deploy
stack:do
stack:v0.0.10
stack:v0.0.9
stack:v0.0.8
stack:v0.0.7
stack:v0.0.6
stack:v0.0.5
stack:v0.0.4
stack:v0.0.3
stack:v0.0.2
stack:v0.0.1
..
compare: stack:renovate/configure
Branches Tags
stack:upgrade
stack:deploy-at-home
stack:master
stack:save
stack:drone-images
stack:fixsecrets
stack:promotion
stack:nginx-80
stack:develop
stack:deploy
stack:renovate/configure
stack:home-deploy
stack:do
stack:v0.0.10
stack:v0.0.9
stack:v0.0.8
stack:v0.0.7
stack:v0.0.6
stack:v0.0.5
stack:v0.0.4
stack:v0.0.3
stack:v0.0.2
stack:v0.0.1

1 Commits
master ... renovate/c

Author SHA1 Message Date
Giles Bradshaw 627c9647af chore(deps): add renovate.json
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is passing Details
2020-08-27 14:29:26 +00:00
94 changed files with 1593 additions and 543 deletions
Show Stats Expand all files Collapse all files

2
.drone/build.sh
View File

@ -1 +1 @@
echo 'nothing to build' docker build drone-starlark -t ${LOCAL_DOCKER_REGISTRY}drone-starlark

9
.drone/deploy.sh
View File

@ -1,5 +1,4 @@
export LOCAL_DOCKER_REGISTRY=${REGISTRY_DOMAIN}:${REGISTRY_PORT}/${ROOT}/${NAME}/ docker stack rm drone
docker stack rm drone \ echo 'sleeping...zzz'
&& echo 'sleeping...zzz' \ sleep 60
&& sleep 60 \ docker stack deploy -c docker-compose.yml drone
&& docker stack deploy -c docker-compose.yml drone --with-registry-auth

57
.drone/drone-home.jsonnet
View File

@ -4,64 +4,17 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet';
local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet'; local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet';
local registry = import 'node_modules/@sigyl/jsonnet-drone/registry.libsonnet';
local save = import 'node_modules/@sigyl/jsonnet-drone/save.libsonnet';
local build = import 'node_modules/@sigyl/jsonnet-drone/build.libsonnet';
local print = import 'node_modules/@sigyl/jsonnet-drone/print.libsonnet';
local droneImages = import 'node_modules/@sigyl/jsonnet-drone/drone-images.libsonnet';
local config = {
registry: '',
name: 'drone',
root: 'stack'
};
local defs = [
{
load: 'drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92',
save: 'drone/drone:2.4.0'
},
{
load: 'drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c',
save: 'drone/drone-runner-docker:1.6.3'
},
];
[ [
register, register,
registry( deploy(
config { 'drone',
secrets: [ '/stack/',
'REGISTRY_DOMAIN',
'REGISTRY_PORT',
'REGISTRY_PASSWORD'
],
images: defs,
},
),
save(config)(
defs,
[],
),
print(config)(
[],
publicSecrets,
secretSecrets,
),
build(config)(
[],
),
droneImages(config),
deploy(config)(
[ [
'REGISTRY_DOMAIN', 'LOCAL_DOCKER_REGISTRY',
'REGISTRY_PORT',
'REGISTRY_PASSWORD', 'REGISTRY_PASSWORD',
'SCHEME',
], ],
publicSecrets, publicSecrets,
secretSecrets, secretSecrets
[],
) { ) {
trigger +: { trigger +: {
event +: [ event +: [

576
.drone/drone-home.yml
View File

@ -15,376 +15,6 @@ trigger:
exclude: exclude:
- promote - promote
---
kind: pipeline
type: docker
name: registry
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: drone/drone:2.4.0
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
commands:
- set -e
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- "n=0\nwhile :\ndo\n docker pull drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 \\\\\n && docker tag drone/drone:2.4.0@sha256:8c1c83ed0f68b00e16ca50b8769e6cf7ccb3c5ff390036eaec7e5fcb79c3cb92 $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n"
environment:
REGISTRY_DOMAIN:
from_secret: registry-domain
REGISTRY_PASSWORD:
from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
volumes:
- name: dockersock
path: /var/run
- name: drone/drone-runner-docker:1.6.3
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
commands:
- set -e
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- "n=0\nwhile :\ndo\n docker pull drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c \\\\\n && docker tag drone/drone-runner-docker:1.6.3@sha256:0d6069fcb7a437d4526cca760e15d57e00ba3e7954a3fffd72b04e716a23312c $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 \\\\\n && docker push $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 && break\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"initialise failed\"\n exit 1\n fi\n echo \"retrying..$n\"\n sleep 5\ndone\n"
environment:
REGISTRY_DOMAIN:
from_secret: registry-domain
REGISTRY_PASSWORD:
from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
volumes:
- name: dockersock
path: /var/run
services:
- name: docker
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
- name: daemonjson
path: /etc/docker/daemon.json
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /etc/docker/certs.d
- name: daemonjson
host:
path: /etc/docker/daemon.json
image_pull_secrets:
- dockerconfigjson
trigger:
event:
- promote
target:
- registry
---
kind: pipeline
type: docker
name: save
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: mkdir
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
script:
- mkdir -p /stack/.images/drone/built
- rm -f /stack/.images/drone/*.*
- rm -f /stack/.images/drone/built/*.*
- name: drone/drone:2.4.0
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
- destination_registry
script:
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0
- docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 -o /stack/.images/drone/drone_drone:2.4.0.tar
- echo "docker load < drone_drone:2.4.0.tar" >> /stack/.images/drone/load.sh
- echo "docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone:2.4.0 $${DESTINATION_REGISTRY}/stack/drone/drone/drone:2.4.0" >> /stack/.images/drone/load.sh
- name: drone/drone-runner-docker:1.6.3
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
- destination_registry
script:
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- docker pull $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3
- docker save $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 -o /stack/.images/drone/drone_drone-runner-docker:1.6.3.tar
- echo "docker load < drone_drone-runner-docker:1.6.3.tar" >> /stack/.images/drone/load.sh
- echo "docker tag $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/stack/drone/drone/drone-runner-docker:1.6.3 $${DESTINATION_REGISTRY}/stack/drone/drone/drone-runner-docker:1.6.3" >> /stack/.images/drone/load.sh
trigger:
event:
- promote
target:
- save
---
kind: pipeline
type: docker
name: print
platform:
os: linux
arch: amd64
steps:
- name: print env
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- scheme
- domain
- registry_domain
- registry_port
- drone_gitea_client_id
- drone_gitea_server
- drone_server_host
- ssh_host
- ssh_username
- ssh_port
- drone_gitea_client_secret
- drone_rpc_secret
- ssh_key
- registry_password
script:
- rm -f env-drone
- "echo \"export SCHEME='$${SCHEME}'\" >> env-drone # \"scheme\""
- "echo \"export DOMAIN='$${DOMAIN}'\" >> env-drone # \"domain\""
- "echo \"export REGISTRY_DOMAIN='$${REGISTRY_DOMAIN}'\" >> env-drone # \"registry-domain\""
- "echo \"export REGISTRY_PORT='$${REGISTRY_PORT}'\" >> env-drone # \"registry-port\""
- "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\""
- "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\""
- "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\""
- "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-drone # \"ssh-host\""
- "echo \"export SSH_USERNAME='$${SSH_USERNAME}'\" >> env-drone # \"ssh-username\""
- "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-drone # \"ssh-port\""
- "echo \"export DRONE_GITEA_CLIENT_SECRET='$${DRONE_GITEA_CLIENT_SECRET}'\" >> env-drone # \"drone-gitea-client-secret\""
- "echo \"export DRONE_RPC_SECRET='$${DRONE_RPC_SECRET}'\" >> env-drone # \"drone-rpc-secret\""
- "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-drone # \"ssh-key\""
- "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\""
environment:
DOMAIN:
from_secret: domain
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
DRONE_GITEA_SERVER:
from_secret: drone-gitea-server
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_SERVER_HOST:
from_secret: drone-server-host
REGISTRY_DOMAIN:
from_secret: registry-domain
REGISTRY_PASSWORD:
from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port
SCHEME:
from_secret: scheme
SSH_HOST:
from_secret: ssh-host
SSH_KEY:
from_secret: ssh-key
SSH_PORT:
from_secret: ssh-port
SSH_USERNAME:
from_secret: ssh-username
trigger:
event:
- promote
target:
- print
---
kind: pipeline
type: docker
name: build
platform:
os: linux
arch: amd64
steps:
- name: "dockerbuild:"
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
commands:
- set -e
- export NAME=drone
- export ROOT=stack
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- sh .drone/build.sh
- sh .drone/push.sh
volumes:
- name: dockersock
path: /var/run
services:
- name: docker
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
- name: daemonjson
path: /etc/docker/daemon.json
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /etc/docker/certs.d
- name: daemonjson
host:
path: /etc/docker/daemon.json
trigger:
event:
- promote
target:
- build
---
kind: pipeline
type: docker
name: drone-images
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: mkdir
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
script:
- mkdir -p /stack/.images/drone/drone-images
- rm -f /stack/.images/drone/drone-images/*.*
- name: docker
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
script:
- docker pull docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f
- docker save docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f -o /stack/.images/drone/drone-images/docker.tar
- echo "docker load docker.tar" >> /stack/.images/drone/drone-images/load.sh
- name: scp
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
script:
- docker pull appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47
- docker save appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 -o /stack/.images/drone/drone-images/scp.tar
- echo "docker load scp.tar" >> /stack/.images/drone/drone-images/load.sh
- name: ssh
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- registry_domain
- registry_port
- registry_password
script:
- docker pull appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
- docker save appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea -o /stack/.images/drone/drone-images/ssh.tar
- echo "docker load ssh.tar" >> /stack/.images/drone/drone-images/load.sh
trigger:
event:
- promote
target:
- drone-images
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@ -395,16 +25,8 @@ platform:
arch: amd64 arch: amd64
steps: steps:
- name: scp - name: print env
image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 image: appleboy/drone-ssh:1.6.2
settings:
command_timeout: 2m
source:
- .
target: /stack/drone
- name: deploy
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea
settings: settings:
envs: envs:
- drone_tag - drone_tag
@ -412,53 +34,39 @@ steps:
- drone_build_number - drone_build_number
- drone_repo_name - drone_repo_name
- drone_repo_namespace - drone_repo_namespace
- scheme - local_docker_registry
- domain - registry_password
- registry_domain - drone_domain
- registry_port
- drone_gitea_client_id - drone_gitea_client_id
- drone_gitea_server - drone_gitea_server
- drone_server_host - drone_server_host
- ssh_host - drone_convert_secret
- ssh_username
- ssh_port
- drone_gitea_client_secret - drone_gitea_client_secret
- drone_rpc_secret - drone_rpc_secret
- ssh_key host:
- registry_password from_secret: ssh-host
- registry_domain key:
- registry_port from_secret: ssh-key
- registry_password port:
- scheme from_secret: ssh-port
script: script:
- export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET} - rm -f env-drone
- export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET} - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-drone # \"local-docker-registry\""
- export SSH_KEY=$${SSH_KEY} - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-drone # \"registry-password\""
- export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - "echo \"export DRONE_DOMAIN='$${DRONE_DOMAIN}'\" >> env-drone # \"drone-domain\""
- export SCHEME=$${SCHEME} - "echo \"export DRONE_GITEA_CLIENT_ID='$${DRONE_GITEA_CLIENT_ID}'\" >> env-drone # \"drone-gitea-client-id\""
- export DOMAIN=$${DOMAIN} - "echo \"export DRONE_GITEA_SERVER='$${DRONE_GITEA_SERVER}'\" >> env-drone # \"drone-gitea-server\""
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} - "echo \"export DRONE_SERVER_HOST='$${DRONE_SERVER_HOST}'\" >> env-drone # \"drone-server-host\""
- export REGISTRY_PORT=$${REGISTRY_PORT} - "echo \"export DRONE_CONVERT_SECRET='$${DRONE_CONVERT_SECRET}'\" >> env-drone # \"drone-convert-secret\""
- export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID} - "echo \"export DRONE_GITEA_CLIENT_SECRET='$${DRONE_GITEA_CLIENT_SECRET}'\" >> env-drone # \"drone-gitea-client-secret\""
- export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER} - "echo \"export DRONE_RPC_SECRET='$${DRONE_RPC_SECRET}'\" >> env-drone # \"drone-rpc-secret\""
- export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST} username:
- export SSH_HOST=$${SSH_HOST} from_secret: ssh-user
- export SSH_USERNAME=$${SSH_USERNAME}
- export SSH_PORT=$${SSH_PORT}
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
- export REGISTRY_PORT=$${REGISTRY_PORT}
- export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}
- export SCHEME=$${SCHEME}
- set -e
- export NAME=drone
- export ROOT=stack
- cd /stack/drone
- "n=0\nwhile :\ndo\n docker login $${REGISTRY_DOMAIN}:$${REGISTRY_PORT}/ --username client --password \"$${REGISTRY_PASSWORD}\" \\\\\n && break # substitute your command here\n n=$((n+1))\n if [ $n -ge 10 ]; then\n echo \"login failed\"\n exit 1\n fi\n echo \"retrying login..$n\"\n sleep 5\ndone\n"
- sh .drone/pull.sh
- sh .drone/deploy.sh
environment: environment:
DOMAIN: DRONE_CONVERT_SECRET:
from_secret: domain from_secret: drone-convert-secret
DRONE_DOMAIN:
from_secret: drone-domain
DRONE_GITEA_CLIENT_ID: DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET: DRONE_GITEA_CLIENT_SECRET:
@ -469,29 +77,131 @@ steps:
from_secret: drone-rpc-secret from_secret: drone-rpc-secret
DRONE_SERVER_HOST: DRONE_SERVER_HOST:
from_secret: drone-server-host from_secret: drone-server-host
REGISTRY_DOMAIN: LOCAL_DOCKER_REGISTRY:
from_secret: registry-domain from_secret: local-docker-registry
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry-password from_secret: registry-password
REGISTRY_PORT:
from_secret: registry-port - name: scp
SCHEME: image: appleboy/drone-scp:1.6.2
from_secret: scheme settings:
SSH_HOST: command_timeout: 2m
host:
from_secret: ssh-host from_secret: ssh-host
SSH_KEY: key:
from_secret: ssh-key from_secret: ssh-key
SSH_PORT: port:
from_secret: ssh-port from_secret: ssh-port
SSH_USERNAME: source:
from_secret: ssh-username - .
target: /stack/drone
username:
from_secret: ssh-user
- name: wait
image: alpine
commands:
- sleep 15
- name: "dockerbuild:"
image: docker:dind
commands:
- set -e
- sh .drone/login.sh
- sh .drone/build.sh
- sh .drone/push.sh
- sh .drone/logout.sh
environment:
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
REGISTRY_PASSWORD:
from_secret: registry-password
volumes:
- name: dockersock
path: /var/run
- name: deploy
image: appleboy/drone-ssh:1.6.2
settings:
envs:
- drone_tag
- drone_commit
- drone_build_number
- drone_repo_name
- drone_repo_namespace
- drone_domain
- drone_gitea_client_id
- drone_gitea_server
- drone_server_host
- drone_convert_secret
- drone_gitea_client_secret
- drone_rpc_secret
- local_docker_registry
- registry_password
host:
from_secret: ssh-host
key:
from_secret: ssh-key
port:
from_secret: ssh-port
script:
- export DRONE_CONVERT_SECRET=$${DRONE_CONVERT_SECRET}
- export DRONE_GITEA_CLIENT_SECRET=$${DRONE_GITEA_CLIENT_SECRET}
- export DRONE_RPC_SECRET=$${DRONE_RPC_SECRET}
- export DRONE_DOMAIN=$${DRONE_DOMAIN}
- export DRONE_GITEA_CLIENT_ID=$${DRONE_GITEA_CLIENT_ID}
- export DRONE_GITEA_SERVER=$${DRONE_GITEA_SERVER}
- export DRONE_SERVER_HOST=$${DRONE_SERVER_HOST}
- export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY}
- export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}
- set -e
- cd /stack/drone
- sh .drone/login.sh
- sh .drone/pull.sh
- sh .drone/deploy.sh
username:
from_secret: ssh-user
environment:
DRONE_CONVERT_SECRET:
from_secret: drone-convert-secret
DRONE_DOMAIN:
from_secret: drone-domain
DRONE_GITEA_CLIENT_ID:
from_secret: drone-gitea-client-id
DRONE_GITEA_CLIENT_SECRET:
from_secret: drone-gitea-client-secret
DRONE_GITEA_SERVER:
from_secret: drone-gitea-server
DRONE_RPC_SECRET:
from_secret: drone-rpc-secret
DRONE_SERVER_HOST:
from_secret: drone-server-host
LOCAL_DOCKER_REGISTRY:
from_secret: local-docker-registry
REGISTRY_PASSWORD:
from_secret: registry-password
services:
- name: docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: ca
path: /etc/docker/certs.d
volumes:
- name: dockersock
temp: {}
- name: ca
host:
path: /etc/docker/certs.d
trigger: trigger:
event: event:
- promote - promote
- promote
target: target:
- deploy
- production - production
... ...

8
.drone/lib/public-secrets.libsonnet
View File

@ -1,12 +1,6 @@
[ [
'scheme', 'drone-domain',
'domain',
'registry-domain',
'registry-port',
'drone-gitea-client-id', 'drone-gitea-client-id',
'drone-gitea-server', 'drone-gitea-server',
'drone-server-host', 'drone-server-host',
'ssh-host',
'ssh-username',
'ssh-port'
] ]

3
.drone/lib/secret-secrets.libsonnet
View File

@ -1,6 +1,5 @@
[ [
'drone-convert-secret',
'drone-gitea-client-secret', 'drone-gitea-client-secret',
'drone-rpc-secret', 'drone-rpc-secret',
'ssh-key',
'registry-password',
] ]

1
.drone/login.sh Normal file
View File

@ -0,0 +1 @@
docker login ${LOCAL_DOCKER_REGISTRY} --username client --password "${REGISTRY_PASSWORD}"

1
.drone/logout.sh Normal file
View File

@ -0,0 +1 @@
docker logout ${LOCAL_DOCKER_REGISTRY}

2
.drone/package.json
View File

@ -4,6 +4,6 @@
"build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream"
}, },
"dependencies": { "dependencies": {
"@sigyl/jsonnet-drone": "^1.0.0" "@sigyl/jsonnet-drone": "^0.0.8"
} }
} }

2
.drone/pull.sh
View File

@ -1 +1 @@
echo 'nothing to pull' docker build drone-starlark -t ${LOCAL_DOCKER_REGISTRY}drone-starlark

2
.drone/push.sh
View File

@ -1 +1 @@
echo 'nothing to push' docker push ${LOCAL_DOCKER_REGISTRY}drone-starlark

8
.drone/yarn.lock
View File

@ -12,10 +12,10 @@
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff"
integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw==
"@sigyl/jsonnet-drone@^1.0.0": "@sigyl/jsonnet-drone@^0.0.8":
version "1.0.0" version "0.0.8"
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-1.0.0.tgz#943bd8a1abc8a916026944816709f5ed1d8e7ef8" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.8.tgz#f928e6784bccf1abb82afed3cab6e435c62d2e93"
integrity sha512-ubyVC1/nAM584wTnnRBZTOP18z28Yy7SRApvSuo/3y2arngKlNI1FwOzKTFt/7L9+rNy19dRO/g0obEkyR3KmA== integrity sha512-BuFVawb7z3aUYqHCBqykgALjF07crnN2H7+WLo8crH3vT7FPMLbYdoTv7N98P8OhZBKv6KvBQep6uZK3Reho5g==
dependencies: dependencies:
"@sigyl/jsonnet-compose" "^0.0.2" "@sigyl/jsonnet-compose" "^0.0.2"
"@sigyl/jsonnet-drone-environment" "0.0.5" "@sigyl/jsonnet-drone-environment" "0.0.5"

23
CHANGELOG.md
View File

@ -2,29 +2,6 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
### [0.0.10](https://sigyl.com///compare/v0.0.9...v0.0.10) "chore(release): 0.0.10" (2020-09-24)
### Bug Fixes
* retries only 10 times ([fc63973](https://sigyl.com///commit/fc6397378f786b5ca8f80aae60775d2c4600d727))
### [0.0.9](https://sigyl.com///compare/v0.0.8...v0.0.9) "chore(release): 0.0.9" (2020-09-24)
### Features
* registry ([9d29eeb](https://sigyl.com///commit/9d29eeb26ed10c7d7d03cb0f0385e3039b0c0023))
### [0.0.8](https://sigyl.com///compare/v0.0.7...v0.0.8) "chore(release): 0.0.8" (2020-09-22)
### Bug Fixes
* ssh_username variable ([2348377](https://sigyl.com///commit/2348377415532dd5b2d1a33ce91e98ec280486fa))
### [0.0.7](https://sigyl.com///compare/v0.0.6...v0.0.7) "chore(release): 0.0.7" (2020-08-28)
### [0.0.6](https://sigyl.com///compare/v0.0.5...v0.0.6) "chore(release): 0.0.6" (2020-08-26) ### [0.0.6](https://sigyl.com///compare/v0.0.5...v0.0.6) "chore(release): 0.0.6" (2020-08-26)
### [0.0.5](https://sigyl.com///compare/v0.0.1...v0.0.5) "chore(release): 0.0.5" (2020-08-26) ### [0.0.5](https://sigyl.com///compare/v0.0.1...v0.0.5) "chore(release): 0.0.5" (2020-08-26)

34
docker-compose.yml
View File

@ -8,10 +8,10 @@ services:
replicas: 1 replicas: 1
restart_policy: restart_policy:
condition: any condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone/drone:2.4.0 image: drone/drone:1.9.0
volumes: volumes:
- drone-5:/var/lib/drone - drone:/var/lib/drone
- drone-data-5:/data - drone-data:/data
environment: environment:
- DRONE_LOGS_DEBUG=true - DRONE_LOGS_DEBUG=true
- DRONE_LOGS_PRETTY=true - DRONE_LOGS_PRETTY=true
@ -20,12 +20,14 @@ services:
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} # tunnel hostname
- DRONE_ADMIN=giles - DRONE_ADMIN=giles
- DRONE_SERVER_PROTO=${SCHEME} # tunnel adds https on top - DRONE_SERVER_PROTO=https # tunnel adds https on top
- DRONE_SERVER_PORT=:8080 - DRONE_SERVER_PORT=:8080
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:giles,admin:true - DRONE_USER_CREATE=username:giles,admin:true
- DRONE_AGENTS_ENABLED=true - DRONE_AGENTS_ENABLED=true
- DRONE_JSONNET_ENABLED=true - DRONE_JSONNET_ENABLED=true
- DRONE_CONVERT_PLUGIN_ENDPOINT=http://drone-starlark:3000
- DRONE_CONVERT_PLUGIN_SECRET=${DRONE_CONVERT_SECRET}
networks: networks:
- appnet - appnet
- externalnet - externalnet
@ -37,7 +39,7 @@ services:
replicas: 1 replicas: 1
restart_policy: restart_policy:
condition: any condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone/drone-runner-docker:1.6.3 image: drone/drone-runner-docker:1.5.0
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
environment: environment:
@ -46,12 +48,28 @@ services:
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=8 - DRONE_RUNNER_CAPACITY=8
- DRONE_RUNNER_NAME="docker-runner" - DRONE_RUNNER_NAME="docker-runner"
- DRONE_RUNNER_ENVIRON=SCHEME:$SCHEME,DOMAIN:$DOMAIN,REGISTRY_DOMAIN:$REGISTRY_DOMAIN,REGISTRY_PORT:$REGISTRY_PORT,REGISTRY_PASSWORD:$REGISTRY_PASSWORD,SSH_HOST:$SSH_HOST,SSH_PORT:$SSH_PORT,SSH_USERNAME:$SSH_USERNAME,SSH_KEY:$SSH_KEY networks:
- appnet
drone-starlark:
# drone starlark server converts starlark to yaml
deploy:
placement:
constraints: [node.labels.com.sigyl.git-stack == yes]
replicas: 1
restart_policy:
condition: any
image: ${LOCAL_DOCKER_REGISTRY}drone-starlark
environment:
- DRONE_DEBUG=true
- DRONE_SECRET=${DRONE_CONVERT_SECRET}
- DRONE_STARLARK_REPO_PATHS=this:/repos
- SIGYL_STACK_NAME=$SIGYL_STACK_NAME
- SIGYL_STACK_ROOT=$SIGYL_STACK_ROOT
networks: networks:
- appnet - appnet
volumes: volumes:
drone-5: drone:
drone-data-5: drone-data:
networks: networks:
appnet: appnet:

8
drone-starlark/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM drone/drone-convert-starlark:1.1.0-beta.1
COPY repos /repos
COPY run.sh /
USER root
RUN apk update
RUN apk add gettext # enables envsubst
ENTRYPOINT []
CMD sh /run.sh

33
drone-starlark/repos/build-docker-folder.star Normal file
View File

@ -0,0 +1,33 @@
load("@this//:environment.star", "environment")
def buildDockerFolder(
dockerFile,
image,
tag,
folder,
name,
):
return {
"name": "build-{name}".format(
name = name,
),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password",
]),
"commands": [
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"sh build-docker-folder.sh {dockerFile} {image} {tag}".format(
image = image,
dockerFile = dockerFile,
tag = tag,
),
],
}

24
drone-starlark/repos/build-folder.star Normal file
View File

@ -0,0 +1,24 @@
load("@this//:environment.star", "environment")
def buildFolder(name, folder):
return {
"name": "build-{folder} {name}".format(
folder=folder,
name=name,
),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password",
]),
"commands": [
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
],
}

23
drone-starlark/repos/build.star Normal file
View File

@ -0,0 +1,23 @@
load("@this//:environment.star", "environment")
def build(name):
return {
"name": "build-{name}".format(name=name),
"image": "docker:dind",
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
],
"environment": environment([
"local-docker-registry",
"registry-password"
]),
"commands": [
"cd {name}".format(name=name),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
"docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
],
}

74
drone-starlark/repos/chat/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//chat:public-secrets.star", "publicSecrets")
load("@this//chat:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-chat",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

5
drone-starlark/repos/chat/public-secrets.star Normal file
View File

@ -0,0 +1,5 @@
publicSecrets = [
"git-domain",
"chat-admin-name",
"chat-admin-email",
]

3
drone-starlark/repos/chat/secret-secrets.star Normal file
View File

@ -0,0 +1,3 @@
secretSecrets = [
"chat-admin-password",
]

1
drone-starlark/repos/chat/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='chat'

1
drone-starlark/repos/chat/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/chat'

16
drone-starlark/repos/clear.star Normal file
View File

@ -0,0 +1,16 @@
load("@this//:from-secret.star", "fromSecret")
def clear(folder):
return {
"name": "clear",
"image": "appleboy/drone-ssh",
"settings": {
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [
"rm -r -f {folder}".format(folder = folder),
]
}
}

74
drone-starlark/repos/commento/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//commento:public-secrets.star", "publicSecrets")
load("@this//commento:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-commento",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

11
drone-starlark/repos/commento/public-secrets.star Normal file
View File

@ -0,0 +1,11 @@
publicSecrets = [
"commento-origin",
"commento-smtp-host",
"commento-smtp-port",
"commento-smtp-username",
"commento-smtp-from-address",
"commento-forbid-new-owners",
"commento-postgres-db",
"commento-postgres-user",
"commento-github-key",
]

6
drone-starlark/repos/commento/secret-secrets.star Normal file
View File

@ -0,0 +1,6 @@
secretSecrets = [
"commento-smtp-password",
"commento-askimet-key",
"commento-postgres-password",
"commento-github-secret",
]

1
drone-starlark/repos/commento/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='commento'

1
drone-starlark/repos/commento/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/commento'

39
drone-starlark/repos/deploy-from-registry.star Normal file
View File

@ -0,0 +1,39 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

38
drone-starlark/repos/deploy.star Normal file
View File

@ -0,0 +1,38 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def deploy(
filename,
name,
folder,
secrets,
commands,
ctx
):
return {
"name": "deploy {name}".format(name = name),
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
[
"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace),
"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
"docker network prune -f",
"cd {folder}".format(folder=folder),
"docker stack rm {name}".format(name = name),
"sleep 30",
"docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
] + commands
}
}

81
drone-starlark/repos/drone/drone.star Normal file
View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//drone:public-secrets.star", "publicSecrets")
load("@this//drone:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
build("drone-starlark"),
printSecrets(
"env-drone",
publicSecrets,
secretSecrets,
),
pull(
"pull images",
[
"drone-starlark",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/drone/public-secrets.star Normal file
View File

@ -0,0 +1,7 @@
publicSecrets = [
"drone-domain",
"drone-gitea-client-id",
"drone-gitea-server",
"drone-server-host",
"local-docker-registry",
]

6
drone-starlark/repos/drone/secret-secrets.star Normal file
View File

@ -0,0 +1,6 @@
secretSecrets = [
"drone-convert-secret",
"drone-gitea-client-secret",
"drone-rpc-secret",
"registry-password",
]

1
drone-starlark/repos/drone/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='drone'

1
drone-starlark/repos/drone/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/drone'

7
drone-starlark/repos/echo-secret.star Normal file
View File

@ -0,0 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echoSecret(secret):
return 'echo "export {environment}=???? ${environment}" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

7
drone-starlark/repos/echo.star Normal file
View File

@ -0,0 +1,7 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def echo(secret):
return 'echo "export {environment}=\'${environment}\'" >> ***filename*** # {secret}'.format(
secret = secret,
environment = secretToEnvironment(secret),
)

5
drone-starlark/repos/environment.star Normal file
View File

@ -0,0 +1,5 @@
load("@this//:from-secret.star", "fromSecret")
def environment(env):
return dict(
[(x.replace("-", "_").upper(), fromSecret(x)) for x in env]
)

6
drone-starlark/repos/export.star Normal file
View File

@ -0,0 +1,6 @@
load("@this//:secret-to-environment.star", "secretToEnvironment")
def export(secret):
return "export {toCaps}=${toCaps}".format(
toCaps = secretToEnvironment(secret),
)

4
drone-starlark/repos/from-secret.star Normal file
View File

@ -0,0 +1,4 @@
def fromSecret(name):
return {
"from_secret": name
}

81
drone-starlark/repos/ghost/drone.star Normal file
View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//ghost:public-secrets.star", "publicSecrets")
load("@this//ghost:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-ghost",
publicSecrets,
secretSecrets,
),
build("ghost"),
pull(
"pull images",
[
"ghost",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/ghost/public-secrets.star Normal file
View File

@ -0,0 +1,7 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"ghost-mail-service",
"ghost-mail-user",
"commento-origin",
]

4
drone-starlark/repos/ghost/secret-secrets.star Normal file
View File

@ -0,0 +1,4 @@
secretSecrets = [
"ghost-mysql-root-password",
"registry-password",
]

1
drone-starlark/repos/ghost/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='ghost'

1
drone-starlark/repos/ghost/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/ghost'

81
drone-starlark/repos/gitea/drone.star Normal file
View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//gitea:public-secrets.star", "publicSecrets")
load("@this//gitea:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-gitea",
publicSecrets,
secretSecrets,
),
build("gitea"),
pull(
"pull images",
[
"gitea",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

8
drone-starlark/repos/gitea/public-secrets.star Normal file
View File

@ -0,0 +1,8 @@
publicSecrets = [
"git-domain",
"local-docker-registry",
"gitea-mailer-host",
"gitea-mailer-from",
"gitea-mailer-user",
"gitea-app-name",
]

8
drone-starlark/repos/gitea/secret-secrets.star Normal file
View File

@ -0,0 +1,8 @@
secretSecrets = [
"gitea-server-lfs-jwt-secret",
"gitea-security-secret-key",
"gitea-security-internal-token",
"gitea-oauth2-jwt-secret",
"gitea-mailer-passwd",
"registry-password",
]

1
drone-starlark/repos/gitea/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='gitea'

1
drone-starlark/repos/gitea/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/gitea'

81
drone-starlark/repos/guacamole/drone.star Normal file
View File

@ -0,0 +1,81 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//guacamole:public-secrets.star", "publicSecrets")
load("@this//guacamole:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-guacamole",
publicSecrets,
secretSecrets,
),
build("guacamole-postgresql"),
pull(
"pull images",
[
"guacamole-postgresql",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

5
drone-starlark/repos/guacamole/public-secrets.star Normal file
View File

@ -0,0 +1,5 @@
publicSecrets = [
"local-docker-registry",
"guacamole-postgres-db",
"guacamole-postgres-user",
]

4
drone-starlark/repos/guacamole/secret-secrets.star Normal file
View File

@ -0,0 +1,4 @@
secretSecrets = [
"guacamole-postgres-password",
"registry-password",
]

1
drone-starlark/repos/guacamole/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='guacamole'

1
drone-starlark/repos/guacamole/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/guacamole'

74
drone-starlark/repos/huginn/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//huginn:public-secrets.star", "publicSecrets")
load("@this//huginn:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-huginn",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/huginn/public-secrets.star Normal file
View File

@ -0,0 +1,7 @@
publicSecrets = [
"smtp-domain",
"smtp-user-name",
"smtp-server",
"email-from-address",
"smtp-port",
]

5
drone-starlark/repos/huginn/secret-secrets.star Normal file
View File

@ -0,0 +1,5 @@
secretSecrets = [
"smtp-password",
"invitation-code",
"database-password",
]

1
drone-starlark/repos/huginn/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='huginn'

1
drone-starlark/repos/huginn/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/huginn'

2
drone-starlark/repos/map.star Normal file
View File

@ -0,0 +1,2 @@
def map(fn, l):
return [fn(x) for x in l]

74
drone-starlark/repos/matomo/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//matomo:public-secrets.star", "publicSecrets")
load("@this//matomo:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-matomo",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

1
drone-starlark/repos/matomo/public-secrets.star Normal file
View File

@ -0,0 +1 @@
publicSecrets = []

4
drone-starlark/repos/matomo/secret-secrets.star Normal file
View File

@ -0,0 +1,4 @@
secretSecrets = [
"matomo-mysql-root-password",
"matomo-mysql-password",
]

1
drone-starlark/repos/matomo/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='matomo'

1
drone-starlark/repos/matomo/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/matomo'

32
drone-starlark/repos/pipeline.star Normal file
View File

@ -0,0 +1,32 @@
def pipeline(
name,
steps,
dependsOn,
volumes,
dockerVolumes
):
return {
"kind": "pipeline",
"name": name,
"depends_on": dependsOn,
"steps": steps,
"services": [
{
"name": "docker",
"image": "docker:dind",
"privileged": True,
"volumes": [
{
"name": "dockersock",
"path": "/var/run",
},
] + dockerVolumes,
}
],
"volumes": [
{
"name": "dockersock",
"temp": {},
},
] + volumes,
}

74
drone-starlark/repos/portainer/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//portainer:public-secrets.star", "publicSecrets")
load("@this//portainer:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-portainer",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

1
drone-starlark/repos/portainer/public-secrets.star Normal file
View File

@ -0,0 +1 @@
publicSecrets = []

1
drone-starlark/repos/portainer/secret-secrets.star Normal file
View File

@ -0,0 +1 @@
secretSecrets = []

1
drone-starlark/repos/portainer/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='portainer'

1
drone-starlark/repos/portainer/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/portainer'

24
drone-starlark/repos/print-secrets.star Normal file
View File

@ -0,0 +1,24 @@
load("@this//:map.star", "map")
load("@this//:from-secret.star", "fromSecret")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
def printSecrets(filename, env, secretEnv):
return {
"name": "print secrets",
"image": "appleboy/drone-ssh",
"environment": environment(env + secretEnv),
"settings": {
"envs": [x.replace("-", "_") for x in env + secretEnv ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-user"),
"password": fromSecret("ssh-password"),
"script": [x.replace("***filename***", filename) for x in [
"rm -f ***filename***",
] + map(echo, env)
+ map(echo, secretEnv)]
}
}

108
drone-starlark/repos/proxy/drone.star Normal file
View File

@ -0,0 +1,108 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//proxy:public-secrets.star", "publicSecrets")
load("@this//proxy:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy-from-registry.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-proxy",
publicSecrets,
secretSecrets,
),
build("ngrok-gitea"),
build("registry"),
build("letsencrypt-nginx"),
buildDockerFolder(
"Dockerfile.git",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-git",
"letsencrypt-nginx",
"git",
),
buildDockerFolder(
"Dockerfile.huginn",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-huginn",
"letsencrypt-nginx",
"huginn",
),
buildDockerFolder(
"Dockerfile.drone",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-nginx",
"$${LOCAL_DOCKER_REGISTRY}letsencrypt-drone",
"letsencrypt-nginx",
"drone",
),
pull(
"pull images",
[
"ngrok-gitea",
"registry",
"letsencrypt-git",
"letsencrypt-drone",
"letsencrypt-huginn",
],
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

7
drone-starlark/repos/proxy/public-secrets.star Normal file
View File

@ -0,0 +1,7 @@
publicSecrets = [
"certbot-email",
"drone-domain",
"huginn-domain",
"git-domain",
"local-docker-registry",
]

5
drone-starlark/repos/proxy/secret-secrets.star Normal file
View File

@ -0,0 +1,5 @@
secretSecrets = [
"ngrok-auth-token",
"registry-password",
"new-registry-password",
]

1
drone-starlark/repos/proxy/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='proxy'

1
drone-starlark/repos/proxy/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/proxy'

31
drone-starlark/repos/pull.star Normal file
View File

@ -0,0 +1,31 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:export.star", "export")
def pull(
name,
images,
):
secrets = [
"local-docker-registry",
"registry-password",
]
return {
"name": name,
"image": "appleboy/drone-ssh",
"environment": environment(secrets),
"settings": {
"envs": [x.replace("-", "_") for x in secrets ],
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e"
] +
map(export, secrets) +
['docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"'] +
["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ]
}
}

21
drone-starlark/repos/rescale.star Normal file
View File

@ -0,0 +1,21 @@
load("@this//:from-secret.star", "fromSecret")
def rescale(
service,
scaleTo
):
return {
"name": "rescale {service}".format(service=service),
"image": "appleboy/drone-ssh",
"settings": {
"host": fromSecret("ssh-host"),
"port": fromSecret("ssh-port"),
"username": fromSecret("ssh-root-user"),
"password": fromSecret("ssh-root-password"),
"script": [
"set -e",
"docker service scale {service}=0".format(service=service),
"docker service scale {service}={scaleTo}".format(service=service, scaleTo=scaleTo),
]
}
}

25
drone-starlark/repos/scp.star Normal file
View File

@ -0,0 +1,25 @@
def scp(target):
return {
"name": "scp files",
"image": "appleboy/drone-scp",
"settings": {
"host": {
"from_secret": "ssh-host",
},
"username": {
"from_secret": "ssh-user",
},
"password": {
"from_secret": "ssh-password",
},
"port": {
"from_secret": "ssh-port",
},
"command_timeout": "2m",
"target": target,
"source": [
".",
],
},
}

2
drone-starlark/repos/secret-to-environment.star Normal file
View File

@ -0,0 +1,2 @@
def secretToEnvironment(secret):
return secret.replace("-", "_").upper()

8
drone-starlark/repos/wait.star Normal file
View File

@ -0,0 +1,8 @@
def wait(delay, name):
return {
"name": name,
"image": "alpine",
"commands": [
"sleep {delay}".format(delay = delay),
],
}

74
drone-starlark/repos/zabbix/drone.star Normal file
View File

@ -0,0 +1,74 @@
load("@this//:from-secret.star", "fromSecret")
load("@this//:print-secrets.star", "printSecrets")
load("@this//:map.star", "map")
load("@this//:environment.star", "environment")
load("@this//:echo.star", "echo")
load("@this//:export.star", "export")
load("@this//:echo-secret.star", "echoSecret")
load("@this//:wait.star", "wait")
load("@this//:build.star", "build")
load("@this//:scp.star", "scp")
load("@this//zabbix:public-secrets.star", "publicSecrets")
load("@this//zabbix:secret-secrets.star", "secretSecrets")
load("@this//:rescale.star", "rescale")
load("@this//:pull.star", "pull")
load("@this//:deploy.star", "deploy")
load("@this//:build-folder.star", "buildFolder")
load("@this//:build-docker-folder.star", "buildDockerFolder")
load("@this//:pipeline.star", "pipeline")
def drone(
ctx,
branch,
base,
name,
commands,
):
if ctx.build.branch == branch:
return [
pipeline(
branch,
[
scp(base),
wait(15, "wait"),
printSecrets(
"env-zabbix",
publicSecrets,
secretSecrets,
),
deploy(
"docker-compose.yml",
name,
base,
publicSecrets + secretSecrets,
commands,
ctx
),
],
[],
[
{
"name": "ca",
"host": {
"path": "/etc/docker/certs.d",
},
}
],
[
{
"name": "ca",
"path": "/etc/docker/certs.d",
},
]
),
]
else:
return pipeline(
ctx.build.branch,
[],
[],
[],
[],
)

1
drone-starlark/repos/zabbix/public-secrets.star Normal file
View File

@ -0,0 +1 @@
publicSecrets = []

4
drone-starlark/repos/zabbix/secret-secrets.star Normal file
View File

@ -0,0 +1,4 @@
secretSecrets = [
"zabbix-mysql-root-password",
"zabbix-mysql-password",
]

1
drone-starlark/repos/zabbix/stack-name._star Normal file
View File

@ -0,0 +1 @@
stackName='zabbix'

1
drone-starlark/repos/zabbix/stack-root._star Normal file
View File

@ -0,0 +1 @@
stackRoot='/stack/zabbix'

34
drone-starlark/run.sh Normal file
View File

@ -0,0 +1,34 @@
envsubst < /repos/proxy/stack-name._star > /repos/proxy/stack-name.star
envsubst < /repos/proxy/stack-root._star > /repos/proxy/stack-root.star
envsubst < /repos/drone/stack-name._star > /repos/drone/stack-name.star
envsubst < /repos/drone/stack-root._star > /repos/drone/stack-root.star
envsubst < /repos/commento/stack-name._star > /repos/commento/stack-name.star
envsubst < /repos/commento/stack-root._star > /repos/commento/stack-root.star
envsubst < /repos/ghost/stack-name._star > /repos/ghost/stack-name.star
envsubst < /repos/ghost/stack-root._star > /repos/ghost/stack-root.star
envsubst < /repos/gitea/stack-name._star > /repos/gitea/stack-name.star
envsubst < /repos/gitea/stack-root._star > /repos/gitea/stack-root.star
envsubst < /repos/guacamole/stack-name._star > /repos/guacamole/stack-name.star
envsubst < /repos/guacamole/stack-root._star > /repos/guacamole/stack-root.star
envsubst < /repos/chat/stack-name._star > /repos/chat/stack-name.star
envsubst < /repos/chat/stack-root._star > /repos/chat/stack-root.star
envsubst < /repos/huginn/stack-name._star > /repos/huginn/stack-name.star
envsubst < /repos/huginn/stack-root._star > /repos/huginn/stack-root.star
envsubst < /repos/matomo/stack-name._star > /repos/matomo/stack-name.star
envsubst < /repos/matomo/stack-root._star > /repos/matomo/stack-root.star
envsubst < /repos/zabbix/stack-name._star > /repos/zabbix/stack-name.star
envsubst < /repos/zabbix/stack-root._star > /repos/zabbix/stack-root.star
envsubst < /repos/portainer/stack-name._star > /repos/portainer/stack-name.star
envsubst < /repos/portainer/stack-root._star > /repos/portainer/stack-root.star
/bin/drone-convert-starlark

3
git-hooks/build.sh
View File

@ -1,3 +0,0 @@
drone jsonnet --source .drone/$1.jsonnet --target .drone/$1.yml --stream \
&& git add .drone/$1.yml \
&& echo .drone/$1.yml \

3
git-hooks/pre-commit
View File

@ -1,2 +1,3 @@
sh git-hooks/build.sh drone-home \ drone jsonnet --source .drone/drone-home.jsonnet --target .drone/drone-home.yml --stream \
&& git add .drone/drone-home.yml \
&& echo "jsonnet built" && echo "jsonnet built"

2
package.json
View File

@ -1,7 +1,7 @@
{ {
"private": true, "private": true,
"name": "drone", "name": "drone",
"version": "0.0.10", "version": "0.0.6",
"description": "drone ci", "description": "drone ci",
"scripts": { "scripts": {
"deploy": "sh deploy.sh", "deploy": "sh deploy.sh",

3
renovate.json Normal file
View File

@ -0,0 +1,3 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}