diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index 25cda1b..e27ec23 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -1,106 +1,17 @@ -local build = import 'lib/build.libsonnet'; -local images = import 'lib/images.libsonnet'; -local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; + local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; -local util = import 'lib/util.libsonnet'; + +local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; [ - { - kind: 'pipeline', - type: 'docker', - name: 'build', - clone: { - disable: false, - depth: 0, - }, - /*trigger: { - event: [ - 'tag', - ], - },*/ - services: [ - images.docker { - privileged: true, - volumes: [ - { - name: 'dockersock', - path: '/var/run', - }, - { - name: 'ca', - path: '/etc/docker/certs.d', - }, - ], - }, + deploy( + 'ghost', + '/stack/', + [ + 'LOCAL_DOCKER_REGISTRY', + 'REGISTRY_PASSWORD', ], - volumes: [ - { - name: 'dockersock', - temp: {}, - }, - { - name: 'ca', - host: { - path: '/etc/docker/certs.d', - }, - }, - ], - steps:[ - compose( - std.map( - function(secret) util.printEnv('env-ghost', secret), - publicSecrets, - ) - ) - ( - images.ssh { - settings +: { - script: [ - 'rm -f env-ghost', - ], - }, - }, - ) { - name: 'print env', - }, - images.scp( - '/stack/ghost' - ), - images.wait(15), - build, - compose( - std.map( - function(secret) environment.envSet(secret), - publicSecrets + secretSecrets, - ), - )( - images.ssh { - name: 'deploy stack', - settings +: { - script +: - std.map( - function(secret) - 'export %(env)s=$${%(env)s}' % { - env: environment.environment(secret) - }, - secretSecrets + publicSecrets, - ) + - [ - //'rm -f -R /stack/squid/.secrets', - //'mkdir -p /stack/squid/.secrets', - //'echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt', - //'echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key', - 'set -e', - "cd /stack/ghost", - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', - 'sh pull.sh', - 'sh deploy.sh', - // 'docker logout $${LOCAL_DOCKER_REGISTRY}', - ] - } - }, - ), - ], - } + publicSecrets, + secretSecrets + ), ] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 78656f9..bc5c5c4 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -1,7 +1,7 @@ --- kind: pipeline type: docker -name: build +name: deploy platform: os: linux @@ -17,24 +17,32 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace + - local_docker_registry + - registry_password - git_domain - local_docker_registry - ghost_mail_service - ghost_mail_user - commento_origin + - ghost_mysql_root_password + - registry_password host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port script: - rm -f env-ghost + - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-ghost # \"local-docker-registry\"" + - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-ghost # \"registry-password\"" - "echo \"export GIT_DOMAIN='$${GIT_DOMAIN}'\" >> env-ghost # \"git-domain\"" - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-ghost # \"local-docker-registry\"" - "echo \"export GHOST_MAIL_SERVICE='$${GHOST_MAIL_SERVICE}'\" >> env-ghost # \"ghost-mail-service\"" - "echo \"export GHOST_MAIL_USER='$${GHOST_MAIL_USER}'\" >> env-ghost # \"ghost-mail-user\"" - "echo \"export COMMENTO_ORIGIN='$${COMMENTO_ORIGIN}'\" >> env-ghost # \"commento-origin\"" + - "echo \"export GHOST_MYSQL_ROOT_PASSWORD='$${GHOST_MYSQL_ROOT_PASSWORD}'\" >> env-ghost # \"ghost-mysql-root-password\"" + - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-ghost # \"registry-password\"" username: from_secret: ssh-user environment: @@ -44,10 +52,14 @@ steps: from_secret: ghost-mail-service GHOST_MAIL_USER: from_secret: ghost-mail-user + GHOST_MYSQL_ROOT_PASSWORD: + from_secret: ghost-mysql-root-password GIT_DOMAIN: from_secret: git-domain LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry + REGISTRY_PASSWORD: + from_secret: registry-password - name: scp image: appleboy/drone-scp:1.6.2 @@ -55,8 +67,8 @@ steps: command_timeout: 2m host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port source: @@ -74,10 +86,10 @@ steps: image: docker:dind commands: - set -e - - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}" - - sh build.sh - - sh push.sh - - docker logout $${LOCAL_DOCKER_REGISTRY} + - sh .drone/login.sh + - sh .drone/build.sh + - sh .drone/push.sh + - sh .drone/logout.sh environment: LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry @@ -87,7 +99,7 @@ steps: - name: dockersock path: /var/run -- name: deploy stack +- name: deploy image: appleboy/drone-ssh:1.6.2 settings: envs: @@ -105,8 +117,8 @@ steps: - registry_password host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port script: @@ -119,9 +131,9 @@ steps: - export COMMENTO_ORIGIN=$${COMMENTO_ORIGIN} - set -e - cd /stack/ghost - - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}" - - sh pull.sh - - sh deploy.sh + - sh .drone/login.sh + - sh .drone/pull.sh + - sh .drone/deploy.sh username: from_secret: ssh-user environment: diff --git a/.drone/lib/build.libsonnet b/.drone/lib/build.libsonnet deleted file mode 100644 index 339609d..0000000 --- a/.drone/lib/build.libsonnet +++ /dev/null @@ -1,23 +0,0 @@ -local images = import 'images.libsonnet'; -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; - - images.docker { - name +: 'build:', - environment +: environment.environmentSecrets([ - 'LOCAL_DOCKER_REGISTRY', - 'REGISTRY_PASSWORD', - ]), - volumes: [ - { - name: 'dockersock', - path: '/var/run', - }, - ], - commands: [ - 'set -e', - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', - 'sh build.sh', - 'sh push.sh', - 'docker logout $${LOCAL_DOCKER_REGISTRY}', - ], - } \ No newline at end of file diff --git a/.drone/lib/images.libsonnet b/.drone/lib/images.libsonnet deleted file mode 100644 index b67fc35..0000000 --- a/.drone/lib/images.libsonnet +++ /dev/null @@ -1,38 +0,0 @@ -local settings = import 'settings.libsonnet'; -{ - docker: { - name: 'docker', - image: 'docker:dind', - }, - scp(target): settings.ssh { - name: 'scp', - image: 'appleboy/drone-scp:1.6.2', - settings +: { - command_timeout: '2m', - target: target, - source: [ - '.', - ], - }, - }, - ssh: settings.ssh { - image: 'appleboy/drone-ssh:1.6.2', - settings +: { - envs: [ - 'drone_tag', - 'drone_commit', - 'drone_build_number', - 'drone_repo_name', - 'drone_repo_namespace', - ], - script: [], - }, - }, - wait(delay): { - image: 'alpine', - name: 'wait', - commands: [ - 'sleep %s' % delay, - ], - } -} \ No newline at end of file diff --git a/.drone/lib/settings.libsonnet b/.drone/lib/settings.libsonnet deleted file mode 100644 index c662633..0000000 --- a/.drone/lib/settings.libsonnet +++ /dev/null @@ -1,11 +0,0 @@ -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -{ - ssh: { - settings +: { - host: environment.fromSecret('ssh-host'), - port: environment.fromSecret('ssh-port'), - username: environment.fromSecret('ssh-user'), - password: environment.fromSecret('ssh-password'), - }, - }, -} \ No newline at end of file diff --git a/.drone/lib/util.libsonnet b/.drone/lib/util.libsonnet deleted file mode 100644 index 2596ab8..0000000 --- a/.drone/lib/util.libsonnet +++ /dev/null @@ -1,18 +0,0 @@ -local compose = import '../node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -{ - printEnv(file, env): function(step) compose([ - environment.envSet(env), - function(step) step { - settings +: { - script +: [ - 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { - environment: environment.environment(env), - file: file, - secret: environment.secret(env), - }, - ], - }, - }, - ])(step), -} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json index 3869304..434953f 100644 --- a/.drone/package.json +++ b/.drone/package.json @@ -4,7 +4,6 @@ "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-compose": "^0.0.2", - "@sigyl/jsonnet-drone-environment": "0.0.5" + "@sigyl/jsonnet-drone": "^0.0.5" } } diff --git a/.drone/yarn.lock b/.drone/yarn.lock index e9d5082..2ad11f0 100644 --- a/.drone/yarn.lock +++ b/.drone/yarn.lock @@ -11,3 +11,11 @@ version "0.0.5" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== + +"@sigyl/jsonnet-drone@^0.0.5": + version "0.0.5" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.5.tgz#1017714cfcdb637d36faa4206b29fd4277bfb37f" + integrity sha512-6npYDgXWGblimBYDIRNeNZX20qZmuhQYhSj9hWucXm9i+IKIrxX/3B0gf9JDNXgbK4s4QY95WBrnimeAeMfddg== + dependencies: + "@sigyl/jsonnet-compose" "^0.0.2" + "@sigyl/jsonnet-drone-environment" "0.0.5"