diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index 3c38890..8b47cb8 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -1,106 +1,17 @@ -local build = import 'lib/build.libsonnet'; -local images = import 'lib/images.libsonnet'; -local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; + local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; -local util = import 'lib/util.libsonnet'; + +local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; [ - { - kind: 'pipeline', - type: 'docker', - name: 'build', - clone: { - disable: false, - depth: 0, - }, - /*trigger: { - event: [ - 'tag', - ], - },*/ - services: [ - images.docker { - privileged: true, - volumes: [ - { - name: 'dockersock', - path: '/var/run', - }, - { - name: 'ca', - path: '/etc/docker/certs.d', - }, - ], - }, + deploy( + 'gitea', + '/stack/', + [ + 'LOCAL_DOCKER_REGISTRY', + 'REGISTRY_PASSWORD', ], - volumes: [ - { - name: 'dockersock', - temp: {}, - }, - { - name: 'ca', - host: { - path: '/etc/docker/certs.d', - }, - }, - ], - steps:[ - compose( - std.map( - function(secret) util.printEnv('env-gitea', secret), - publicSecrets, - ) - ) - ( - images.ssh { - settings +: { - script: [ - 'rm -f env-gitea', - ], - }, - }, - ) { - name: 'print env', - }, - images.scp( - '/stack/gitea' - ), - images.wait(15), - //build, - compose( - std.map( - function(secret) environment.envSet(secret), - publicSecrets + secretSecrets, - ), - )( - images.ssh { - name: 'deploy stack', - settings +: { - script +: - std.map( - function(secret) - 'export %(env)s=$${%(env)s}' % { - env: environment.environment(secret) - }, - secretSecrets + publicSecrets, - ) + - [ - //'rm -f -R /stack/squid/.secrets', - //'mkdir -p /stack/squid/.secrets', - //'echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt', - //'echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key', - 'set -e', - "cd /stack/gitea", - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', - 'sh pull.sh', - 'sh deploy.sh', - // 'docker logout $${LOCAL_DOCKER_REGISTRY}', - ] - } - }, - ), - ], - } + publicSecrets, + secretSecrets + ), ] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 73dfcc5..e191fd3 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -1,7 +1,7 @@ --- kind: pipeline type: docker -name: build +name: deploy platform: os: linux @@ -17,26 +17,42 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace + - local_docker_registry + - registry_password - git_domain - local_docker_registry - gitea_mailer_host - gitea_mailer_from - gitea_mailer_user - gitea_app_name + - gitea_server_lfs_jwt_secret + - gitea_security_secret_key + - gitea_security_internal_token + - gitea_oauth2_jwt_secret + - gitea_mailer_passwd + - registry_password host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port script: - rm -f env-gitea + - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-gitea # \"local-docker-registry\"" + - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-gitea # \"registry-password\"" - "echo \"export GIT_DOMAIN='$${GIT_DOMAIN}'\" >> env-gitea # \"git-domain\"" - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-gitea # \"local-docker-registry\"" - "echo \"export GITEA_MAILER_HOST='$${GITEA_MAILER_HOST}'\" >> env-gitea # \"gitea-mailer-host\"" - "echo \"export GITEA_MAILER_FROM='$${GITEA_MAILER_FROM}'\" >> env-gitea # \"gitea-mailer-from\"" - "echo \"export GITEA_MAILER_USER='$${GITEA_MAILER_USER}'\" >> env-gitea # \"gitea-mailer-user\"" - "echo \"export GITEA_APP_NAME='$${GITEA_APP_NAME}'\" >> env-gitea # \"gitea-app-name\"" + - "echo \"export GITEA_SERVER_LFS_JWT_SECRET='$${GITEA_SERVER_LFS_JWT_SECRET}'\" >> env-gitea # \"gitea-server-lfs-jwt-secret\"" + - "echo \"export GITEA_SECURITY_SECRET_KEY='$${GITEA_SECURITY_SECRET_KEY}'\" >> env-gitea # \"gitea-security-secret-key\"" + - "echo \"export GITEA_SECURITY_INTERNAL_TOKEN='$${GITEA_SECURITY_INTERNAL_TOKEN}'\" >> env-gitea # \"gitea-security-internal-token\"" + - "echo \"export GITEA_OAUTH2_JWT_SECRET='$${GITEA_OAUTH2_JWT_SECRET}'\" >> env-gitea # \"gitea-oauth2-jwt-secret\"" + - "echo \"export GITEA_MAILER_PASSWD='$${GITEA_MAILER_PASSWD}'\" >> env-gitea # \"gitea-mailer-passwd\"" + - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-gitea # \"registry-password\"" username: from_secret: ssh-user environment: @@ -46,12 +62,24 @@ steps: from_secret: gitea-mailer-from GITEA_MAILER_HOST: from_secret: gitea-mailer-host + GITEA_MAILER_PASSWD: + from_secret: gitea-mailer-passwd GITEA_MAILER_USER: from_secret: gitea-mailer-user + GITEA_OAUTH2_JWT_SECRET: + from_secret: gitea-oauth2-jwt-secret + GITEA_SECURITY_INTERNAL_TOKEN: + from_secret: gitea-security-internal-token + GITEA_SECURITY_SECRET_KEY: + from_secret: gitea-security-secret-key + GITEA_SERVER_LFS_JWT_SECRET: + from_secret: gitea-server-lfs-jwt-secret GIT_DOMAIN: from_secret: git-domain LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry + REGISTRY_PASSWORD: + from_secret: registry-password - name: scp image: appleboy/drone-scp:1.6.2 @@ -59,8 +87,8 @@ steps: command_timeout: 2m host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port source: @@ -74,7 +102,24 @@ steps: commands: - sleep 15 -- name: deploy stack +- name: "dockerbuild:" + image: docker:dind + commands: + - set -e + - sh .drone/login.sh + - sh .drone/build.sh + - sh .drone/push.sh + - sh .drone/logout.sh + environment: + LOCAL_DOCKER_REGISTRY: + from_secret: local-docker-registry + REGISTRY_PASSWORD: + from_secret: registry-password + volumes: + - name: dockersock + path: /var/run + +- name: deploy image: appleboy/drone-ssh:1.6.2 settings: envs: @@ -97,8 +142,8 @@ steps: - registry_password host: from_secret: ssh-host - password: - from_secret: ssh-password + key: + from_secret: ssh-key port: from_secret: ssh-port script: @@ -116,9 +161,9 @@ steps: - export GITEA_APP_NAME=$${GITEA_APP_NAME} - set -e - cd /stack/gitea - - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}" - - sh pull.sh - - sh deploy.sh + - sh .drone/login.sh + - sh .drone/pull.sh + - sh .drone/deploy.sh username: from_secret: ssh-user environment: diff --git a/.drone/lib/build.libsonnet b/.drone/lib/build.libsonnet deleted file mode 100644 index 339609d..0000000 --- a/.drone/lib/build.libsonnet +++ /dev/null @@ -1,23 +0,0 @@ -local images = import 'images.libsonnet'; -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; - - images.docker { - name +: 'build:', - environment +: environment.environmentSecrets([ - 'LOCAL_DOCKER_REGISTRY', - 'REGISTRY_PASSWORD', - ]), - volumes: [ - { - name: 'dockersock', - path: '/var/run', - }, - ], - commands: [ - 'set -e', - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', - 'sh build.sh', - 'sh push.sh', - 'docker logout $${LOCAL_DOCKER_REGISTRY}', - ], - } \ No newline at end of file diff --git a/.drone/lib/images.libsonnet b/.drone/lib/images.libsonnet deleted file mode 100644 index b67fc35..0000000 --- a/.drone/lib/images.libsonnet +++ /dev/null @@ -1,38 +0,0 @@ -local settings = import 'settings.libsonnet'; -{ - docker: { - name: 'docker', - image: 'docker:dind', - }, - scp(target): settings.ssh { - name: 'scp', - image: 'appleboy/drone-scp:1.6.2', - settings +: { - command_timeout: '2m', - target: target, - source: [ - '.', - ], - }, - }, - ssh: settings.ssh { - image: 'appleboy/drone-ssh:1.6.2', - settings +: { - envs: [ - 'drone_tag', - 'drone_commit', - 'drone_build_number', - 'drone_repo_name', - 'drone_repo_namespace', - ], - script: [], - }, - }, - wait(delay): { - image: 'alpine', - name: 'wait', - commands: [ - 'sleep %s' % delay, - ], - } -} \ No newline at end of file diff --git a/.drone/lib/settings.libsonnet b/.drone/lib/settings.libsonnet deleted file mode 100644 index c662633..0000000 --- a/.drone/lib/settings.libsonnet +++ /dev/null @@ -1,11 +0,0 @@ -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -{ - ssh: { - settings +: { - host: environment.fromSecret('ssh-host'), - port: environment.fromSecret('ssh-port'), - username: environment.fromSecret('ssh-user'), - password: environment.fromSecret('ssh-password'), - }, - }, -} \ No newline at end of file diff --git a/.drone/lib/util.libsonnet b/.drone/lib/util.libsonnet deleted file mode 100644 index 2596ab8..0000000 --- a/.drone/lib/util.libsonnet +++ /dev/null @@ -1,18 +0,0 @@ -local compose = import '../node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -{ - printEnv(file, env): function(step) compose([ - environment.envSet(env), - function(step) step { - settings +: { - script +: [ - 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { - environment: environment.environment(env), - file: file, - secret: environment.secret(env), - }, - ], - }, - }, - ])(step), -} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json index 3869304..434953f 100644 --- a/.drone/package.json +++ b/.drone/package.json @@ -4,7 +4,6 @@ "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-compose": "^0.0.2", - "@sigyl/jsonnet-drone-environment": "0.0.5" + "@sigyl/jsonnet-drone": "^0.0.5" } } diff --git a/.drone/yarn-error.log b/.drone/yarn-error.log index 55c6505..3a54e70 100644 --- a/.drone/yarn-error.log +++ b/.drone/yarn-error.log @@ -1,23 +1,25 @@ Arguments: - /usr/bin/node /home/giles/.yarn/bin/yarn.js + /usr/local/Cellar/node/11.9.0/bin/node /usr/local/Cellar/yarn/1.13.0/libexec/bin/yarn.js PATH: - /home/giles/.yarn/bin:/home/giles/.config/yarn/global/node_modules/.bin:/home/giles/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin + /Users/giles/.cargo/bin:/Users/giles/.local/bin:/Users/giles/Library/Python/3.7/bin:/Library/Frameworks/Python.framework/Versions/3.7/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/share/dotnet:/usr/local/share/dotnet/sdk:/usr/local/share/dotnet/sdk/2.2.101:/opt/X11/bin:~/.dotnet/tools:/usr/local/bin:/usr/local/Cellar/openssl/1.0.2j/bin/openssl Yarn version: - 1.22.4 + 1.13.0 Node version: - 11.14.0 + 12.13.1 Platform: - linux x64 + darwin x64 Trace: - Error: self signed certificate in certificate chain - at TLSSocket.onConnectSecure (_tls_wrap.js:1176:34) - at TLSSocket.emit (events.js:193:13) - at TLSSocket._finishInit (_tls_wrap.js:667:8) + SyntaxError: /Users/giles/stack/gitea/.drone/package.json: Unexpected token } in JSON at position 191 + at JSON.parse () + at /usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:1625:59 + at Generator.next () + at step (/usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:304:30) + at /usr/local/Cellar/yarn/1.13.0/libexec/lib/cli.js:315:13 npm manifest: { @@ -26,7 +28,7 @@ npm manifest: "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-compose": "^0.0.2" + "@sigyl/jsonnet-drone": "^0.0.5", } } @@ -34,4 +36,16 @@ yarn manifest: No manifest Lockfile: - No lockfile + # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. + # yarn lockfile v1 + + + "@sigyl/jsonnet-compose@^0.0.2": + version "0.0.2" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-compose/-/jsonnet-compose-0.0.2.tgz#8900a21e8cd8109929b6042703f8645aacb9bcda" + integrity sha512-wWS3CgPeNi/o1pcS6n/4pafxlMD0KC9/RKMZr/ySmzeGNRW++sPuKuxajYse2TNd47uNDdeUSnk4aEeEIKL0zA== + + "@sigyl/jsonnet-drone-environment@0.0.5": + version "0.0.5" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" + integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== diff --git a/.drone/yarn.lock b/.drone/yarn.lock index e9d5082..2ad11f0 100644 --- a/.drone/yarn.lock +++ b/.drone/yarn.lock @@ -11,3 +11,11 @@ version "0.0.5" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== + +"@sigyl/jsonnet-drone@^0.0.5": + version "0.0.5" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.5.tgz#1017714cfcdb637d36faa4206b29fd4277bfb37f" + integrity sha512-6npYDgXWGblimBYDIRNeNZX20qZmuhQYhSj9hWucXm9i+IKIrxX/3B0gf9JDNXgbK4s4QY95WBrnimeAeMfddg== + dependencies: + "@sigyl/jsonnet-compose" "^0.0.2" + "@sigyl/jsonnet-drone-environment" "0.0.5"