diff --git a/.drone/build.sh b/.drone/build.sh index 9f1fbc1..c97853f 100644 --- a/.drone/build.sh +++ b/.drone/build.sh @@ -1 +1 @@ -docker build gitea -t ${LOCAL_DOCKER_REGISTRY}gitea +docker build gitea -t ${REGISTRY_DOMAIN}:${REGISTRY_PASSWORD}/gitea diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index 8b47cb8..28a0b2e 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -3,15 +3,29 @@ local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; +local registry = import 'node_modules/@sigyl/jsonnet-drone/registry.libsonnet'; [ + registry, deploy( 'gitea', '/stack/', + [], + publicSecrets, + secretSecrets, [ - 'LOCAL_DOCKER_REGISTRY', + 'DOMAIN', + 'REGISTRY_DOMAIN', + 'REGISTRY_PORT', 'REGISTRY_PASSWORD', ], - publicSecrets, - secretSecrets - ), + ) { + trigger +: { + event +: [ + 'promote', + ], + target +: [ + 'production', + ], + }, + }, ] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 2614eb4..1884f09 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -1,3 +1,20 @@ +--- +kind: pipeline +type: docker +name: register + +platform: + os: linux + arch: amd64 + +clone: + disable: true + +trigger: + event: + exclude: + - promote + --- kind: pipeline type: docker @@ -9,7 +26,7 @@ platform: steps: - name: print env - image: appleboy/drone-ssh:1.6.2 + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea settings: envs: - drone_tag @@ -17,10 +34,6 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace - - local_docker_registry - - registry_password - - git_domain - - local_docker_registry - gitea_mailer_host - gitea_mailer_from - gitea_mailer_user @@ -30,19 +43,12 @@ steps: - gitea_security_internal_token - gitea_oauth2_jwt_secret - gitea_mailer_passwd - - registry_password - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} script: - rm -f env-gitea - - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-gitea # \"local-docker-registry\"" - - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-gitea # \"registry-password\"" - - "echo \"export GIT_DOMAIN='$${GIT_DOMAIN}'\" >> env-gitea # \"git-domain\"" - - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-gitea # \"local-docker-registry\"" - "echo \"export GITEA_MAILER_HOST='$${GITEA_MAILER_HOST}'\" >> env-gitea # \"gitea-mailer-host\"" - "echo \"export GITEA_MAILER_FROM='$${GITEA_MAILER_FROM}'\" >> env-gitea # \"gitea-mailer-from\"" - "echo \"export GITEA_MAILER_USER='$${GITEA_MAILER_USER}'\" >> env-gitea # \"gitea-mailer-user\"" @@ -52,9 +58,7 @@ steps: - "echo \"export GITEA_SECURITY_INTERNAL_TOKEN='$${GITEA_SECURITY_INTERNAL_TOKEN}'\" >> env-gitea # \"gitea-security-internal-token\"" - "echo \"export GITEA_OAUTH2_JWT_SECRET='$${GITEA_OAUTH2_JWT_SECRET}'\" >> env-gitea # \"gitea-oauth2-jwt-secret\"" - "echo \"export GITEA_MAILER_PASSWD='$${GITEA_MAILER_PASSWD}'\" >> env-gitea # \"gitea-mailer-passwd\"" - - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-gitea # \"registry-password\"" - username: - from_secret: ssh-user + username: ${SSH_USER} environment: GITEA_APP_NAME: from_secret: gitea-app-name @@ -74,53 +78,39 @@ steps: from_secret: gitea-security-secret-key GITEA_SERVER_LFS_JWT_SECRET: from_secret: gitea-server-lfs-jwt-secret - GIT_DOMAIN: - from_secret: git-domain - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - REGISTRY_PASSWORD: - from_secret: registry-password - name: scp - image: appleboy/drone-scp:1.6.2 + image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 settings: command_timeout: 2m - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} source: - . target: /stack/gitea - username: - from_secret: ssh-user + username: ${SSH_USER} - name: wait - image: alpine + image: alpine:3.12.0@sha256:90baa0922fe90624b05cb5766fa5da4e337921656c2f8e2b13bd3c052a0baac1 commands: - sleep 15 - name: "dockerbuild:" - image: docker:dind + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f commands: - set -e - sh .drone/login.sh - sh .drone/build.sh - sh .drone/push.sh - sh .drone/logout.sh - environment: - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - REGISTRY_PASSWORD: - from_secret: registry-password volumes: - name: dockersock path: /var/run - name: deploy - image: appleboy/drone-ssh:1.6.2 + image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea settings: envs: - drone_tag @@ -128,8 +118,10 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace - - git_domain - - local_docker_registry + - domain + - registry_domain + - registry_port + - registry_password - gitea_mailer_host - gitea_mailer_from - gitea_mailer_user @@ -139,37 +131,30 @@ steps: - gitea_security_internal_token - gitea_oauth2_jwt_secret - gitea_mailer_passwd - - registry_password - - local_docker_registry - - registry_password - host: - from_secret: ssh-host - key: - from_secret: ssh-key - port: - from_secret: ssh-port + host: ${SSH_HOST} + key: ${SSH_KEY} + passphrase: ${SSH_PASSPHRASE} + port: ${SSH_PORT} script: - export GITEA_SERVER_LFS_JWT_SECRET=$${GITEA_SERVER_LFS_JWT_SECRET} - export GITEA_SECURITY_SECRET_KEY=$${GITEA_SECURITY_SECRET_KEY} - export GITEA_SECURITY_INTERNAL_TOKEN=$${GITEA_SECURITY_INTERNAL_TOKEN} - export GITEA_OAUTH2_JWT_SECRET=$${GITEA_OAUTH2_JWT_SECRET} - export GITEA_MAILER_PASSWD=$${GITEA_MAILER_PASSWD} - - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - - export GIT_DOMAIN=$${GIT_DOMAIN} - - export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY} - export GITEA_MAILER_HOST=$${GITEA_MAILER_HOST} - export GITEA_MAILER_FROM=$${GITEA_MAILER_FROM} - export GITEA_MAILER_USER=$${GITEA_MAILER_USER} - export GITEA_APP_NAME=$${GITEA_APP_NAME} - - export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY} + - export DOMAIN=$${DOMAIN} + - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN} + - export REGISTRY_PORT=$${REGISTRY_PORT} - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - set -e - cd /stack/gitea - sh .drone/login.sh - sh .drone/pull.sh - sh .drone/deploy.sh - username: - from_secret: ssh-user + username: ${SSH_USER} environment: GITEA_APP_NAME: from_secret: gitea-app-name @@ -189,16 +174,10 @@ steps: from_secret: gitea-security-secret-key GITEA_SERVER_LFS_JWT_SECRET: from_secret: gitea-server-lfs-jwt-secret - GIT_DOMAIN: - from_secret: git-domain - LOCAL_DOCKER_REGISTRY: - from_secret: local-docker-registry - REGISTRY_PASSWORD: - from_secret: registry-password services: - name: docker - image: docker:dind + image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f privileged: true volumes: - name: dockersock @@ -213,4 +192,10 @@ volumes: host: path: /etc/docker/certs.d +trigger: + event: + - promote + target: + - production + ... diff --git a/.drone/lib/public-secrets.libsonnet b/.drone/lib/public-secrets.libsonnet index 46c9f60..2f8298f 100644 --- a/.drone/lib/public-secrets.libsonnet +++ b/.drone/lib/public-secrets.libsonnet @@ -1,6 +1,4 @@ [ - 'git-domain', - 'local-docker-registry', 'gitea-mailer-host', 'gitea-mailer-from', 'gitea-mailer-user', diff --git a/.drone/lib/secret-secrets.libsonnet b/.drone/lib/secret-secrets.libsonnet index 282e720..25bbbba 100644 --- a/.drone/lib/secret-secrets.libsonnet +++ b/.drone/lib/secret-secrets.libsonnet @@ -4,5 +4,4 @@ 'gitea-security-internal-token', 'gitea-oauth2-jwt-secret', 'gitea-mailer-passwd', - 'registry-password', ] diff --git a/.drone/login.sh b/.drone/login.sh index c8ffffc..04221bc 100644 --- a/.drone/login.sh +++ b/.drone/login.sh @@ -1 +1 @@ -docker login ${LOCAL_DOCKER_REGISTRY} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file +docker login ${REGISTRY_DOMAIN}:${REGISTRY_PASSWORD} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file diff --git a/.drone/logout.sh b/.drone/logout.sh index 4bcacf0..5bcf9f3 100644 --- a/.drone/logout.sh +++ b/.drone/logout.sh @@ -1 +1 @@ -docker logout ${LOCAL_DOCKER_REGISTRY} \ No newline at end of file +docker logout ${REGISTRY_DOMAIN}:${REGISTRY_PASSWORD} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json index 45387ae..22cfdd2 100644 --- a/.drone/package.json +++ b/.drone/package.json @@ -4,6 +4,6 @@ "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-drone": "^0.0.7" + "@sigyl/jsonnet-drone": "^0.1.0" } } diff --git a/.drone/pull.sh b/.drone/pull.sh index d9fc1e2..e515e64 100644 --- a/.drone/pull.sh +++ b/.drone/pull.sh @@ -1 +1 @@ -docker pull ${LOCAL_DOCKER_REGISTRY}gitea +docker pull ${REGISTRY_DOMAIN}:${REGISTRY_PASSWORD}/gitea diff --git a/.drone/push.sh b/.drone/push.sh index aaafed6..1a0a1c1 100644 --- a/.drone/push.sh +++ b/.drone/push.sh @@ -1 +1 @@ -docker push ${LOCAL_DOCKER_REGISTRY}gitea +docker push ${REGISTRY_DOMAIN}:${REGISTRY_PASSWORD}/gitea diff --git a/.drone/yarn.lock b/.drone/yarn.lock index b97ecd6..44ab354 100644 --- a/.drone/yarn.lock +++ b/.drone/yarn.lock @@ -12,10 +12,10 @@ resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== -"@sigyl/jsonnet-drone@^0.0.7": - version "0.0.7" - resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.7.tgz#0f92ef15096b0c5497741ff56bfbd249de9edd66" - integrity sha512-353n/zExNnKPPZ235eLX3/DFXJVNIX8fdAeG3RvY+55538eGzDIk0/3HJd8jXsD6y0zxm+LexW5HghvXBMBOEA== +"@sigyl/jsonnet-drone@^0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.1.0.tgz#feda1797e8e9ef799cad72e65f7163ca26a9e3a5" + integrity sha512-QY/ngucxFOtLfL8Mt0f2bxN4fQDUOGOFtaRpSH2cNyg84xADkzehT0ORZtbLitr+AwhyF5KN/zAGvzkyNAoqPw== dependencies: "@sigyl/jsonnet-compose" "^0.0.2" "@sigyl/jsonnet-drone-environment" "0.0.5" diff --git a/docker-compose.yml b/docker-compose.yml index c6dad36..2d41db4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,10 +11,10 @@ services: environment: - USER_UID=1000 - USER_GID=1000 - - ROOT_URL=https://${GIT_DOMAIN}/git - - SSH_DOMAIN=${GIT_DOMAIN} + - ROOT_URL=https://${DOMAIN}/git + - SSH_DOMAIN=${DOMAIN} - GITEA_APP_NAME=${GITEA_APP_NAME} - - GIT_DOMAIN=${GIT_DOMAIN} + - GIT_DOMAIN=${DOMAIN} - GITEA_SERVER_LFS_JWT_SECRET=$GITEA_SERVER_LFS_JWT_SECRET - GITEA_SECURITY_SECRET_KEY=$GITEA_SECURITY_SECRET_KEY - GITEA_SECURITY_INTERNAL_TOKEN=$GITEA_SECURITY_INTERNAL_TOKEN diff --git a/gitea/app.ini b/gitea/app.ini index 2585bdd..78ec9f5 100644 --- a/gitea/app.ini +++ b/gitea/app.ini @@ -15,15 +15,15 @@ TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea -SSH_DOMAIN = ${GIT_DOMAIN} +SSH_DOMAIN = ${DOMAIN} HTTP_PORT = 3000 -ROOT_URL = https://${GIT_DOMAIN}/git/ +ROOT_URL = https://${DOMAIN}/git/ DISABLE_SSH = false SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_CONTENT_PATH = /data/git/lfs -DOMAIN = ${GIT_DOMAIN} +DOMAIN = ${DOMAIN} LFS_JWT_SECRET = ${GITEA_SERVER_LFS_JWT_SECRET} OFFLINE_MODE = false @@ -74,7 +74,7 @@ ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = noreply.${GIT_DOMAIN} +NO_REPLY_ADDRESS = noreply.${DOMAIN} [oauth2] JWT_SECRET = ${GITEA_OAUTH2_JWT_SECRET}