diff --git a/jsonnet/.drone-home.jsonnet b/jsonnet/.drone-home.jsonnet new file mode 100644 index 0000000..033e183 --- /dev/null +++ b/jsonnet/.drone-home.jsonnet @@ -0,0 +1,256 @@ +local publicSecrets = [ + 'ssh-host', + 'ssh-user', + 'ssh-root-user', +]; +local secretSecrets = [ + 'ssh-password', +]; +local util = { + // the head of an array + head(array): array[0], + // the tail of an array + tail(array): std.makeArray( + std.length(array) -1, + function(x) array[x + 1], + ), + // compose an array of functions + compose(functions): + local compose(functions) = + if std.length(functions) == 0 + then + local ret(object) = object; + ret + else + local ret(object) = compose( + util.tail( + functions, + ) + )( + util.head( + functions, + )(object) + ); + ret; + compose(functions), + fromSecret(secret): { + from_secret: secret, + }, + secret(secret): std.asciiLower( + std.strReplace( + secret, + '_', + '-', + ), + ), + environment(secret): std.asciiUpper( + std.strReplace( + secret, + '-', + '_', + ), + ), + env(secret): std.asciiLower( + std.strReplace( + secret, + '-', + '_', + ), + ), + envSet(env): function(step) step { + environment +: { + [util.environment(env)]: util.fromSecret( + util.secret(env) + ), + }, + settings +: { + envs +: [ + util.env(env), + ], + }, + }, + printEnv(file, env): function(step) util.compose([ + util.envSet(env), + function(step) step { + settings +: { + script +: [ + 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { + environment: util.environment(env), + file: file, + secret: util.secret(env), + }, + ], + }, + }, + ])(step), +}; +local images = { + docker: { + name: 'docker', + image: 'docker:dind', + }, + scp(target): { + name: 'scp', + image: 'appleboy/drone-scp', + settings: { + host: { + from_secret: 'ssh-host', + }, + username: { + from_secret: 'ssh-user', + }, + password: { + from_secret: 'ssh-password', + }, + port: { + from_secret: 'ssh-port', + }, + command_timeout: '2m', + target: target, + source: [ + '.', + ], + }, + }, + ssh: { + image: 'appleboy/drone-ssh', + settings: { + host: util.fromSecret("ssh-host"), + port: util.fromSecret("ssh-port"), + username: util.fromSecret("ssh-user"), + password: util.fromSecret("ssh-password"), + envs: [ + 'drone_tag', + 'drone_commit', + 'drone_build_number', + 'drone_repo_name', + 'drone_repo_namespace', + 'DRONE_GITEA_SERVER', + ], + script: [], + }, + }, + wait(delay): { + image: 'alpine', + name: 'wait', + commands: [ + 'sleep %s' % delay, + ], + } +}; +[ + { + kind: 'pipeline', + type: 'docker', + name: 'build', + clone: { + disable: false, + depth: 0, + }, + services: [ + images.docker { + privileged: true, + volumes: [ + { + name: 'dockersock', + path: '/var/run', + }, + { + name: 'ca', + path: '/etc/docker/certs.d', + }, + ], + }, + ], + volumes: [ + { + name: 'dockersock', + temp: {}, + }, + { + name: 'ca', + host: { + path: '/etc/docker/certs.d', + }, + }, + ], + steps:[ + images.scp( + '/stack/root' + ), + images.wait(15), + util.compose( + std.map( + function(secret) util.printEnv('afile', secret), + publicSecrets, + ) + )( + images.ssh { + name: 'will print ssh-host again', + settings +: { + script +: [ + 'rm afile' + ], + }, + }, + ), + util.compose( + std.map( + function(s) util.envSet(s), + publicSecrets + secretSecrets + ) + + std.map( + function(s) function(step) step { + settings +: { + script +: [ + + 'export %(env)s="$${%(env)s}"' % { + env: util.environment(s), + }, + 'echo "$${%s}"' % util.environment(s), + ], + }, + }, + publicSecrets + secretSecrets + ) + ) + ( + images.ssh { + name: 'deploy portainer', + settings +: { + //username: util.fromSecret("ssh-root-user"), + //password: util.fromSecret("ssh-root-password"), + script +: [ + 'set -e', + 'echo go', + " echo $${DRONE_GITEA_SERVER} > thefile", + ] /*+ + map(export, secrets) + + [ + "export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/{namespace}/{name}".format(name=ctx.repo.name, namespace=ctx.repo.namespace), + "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), + "docker network prune -f", + "cd {folder}".format(folder=folder), + "docker stack rm {name}".format(name = name), + "sleep 30", + "docker stack deploy -c {filename} {name}".format(name= name, filename = filename), + ] + commands */ + } + } + ) { + settings +: { + script +: [ + //"export DRONE_REPO_LINK=$${{DRONE_GITEA_SERVER}}/$${DRONE_REPO_NAMESPACE}/$${DRONE_REPO_NAME}", + //"export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), + "docker network prune -f", + "cd /stack/portainer", + "docker stack rm portainer", + "sleep 30", + "docker stack deploy -c docker-compose.yml portainer", + ], + }, + }, + ], + } +] + diff --git a/jsonnet/.drone-home.yml b/jsonnet/.drone-home.yml new file mode 100644 index 0000000..5bfbb9f --- /dev/null +++ b/jsonnet/.drone-home.yml @@ -0,0 +1,132 @@ +--- +kind: pipeline +type: docker +name: build + +platform: + os: linux + arch: amd64 + +steps: +- name: scp + image: appleboy/drone-scp + settings: + command_timeout: 2m + host: + from_secret: ssh-host + password: + from_secret: ssh-password + port: + from_secret: ssh-port + source: + - . + target: /stack/root + username: + from_secret: ssh-user + +- name: wait + image: alpine + commands: + - sleep 15 + +- name: will print ssh-host again + image: appleboy/drone-ssh + settings: + envs: + - drone_tag + - drone_commit + - drone_build_number + - drone_repo_name + - drone_repo_namespace + - DRONE_GITEA_SERVER + - ssh_host + - ssh_user + - ssh_root_user + host: + from_secret: ssh-host + password: + from_secret: ssh-password + port: + from_secret: ssh-port + script: + - rm afile + - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> afile # \"ssh-host\"" + - "echo \"export SSH_USER='$${SSH_USER}'\" >> afile # \"ssh-user\"" + - "echo \"export SSH_ROOT_USER='$${SSH_ROOT_USER}'\" >> afile # \"ssh-root-user\"" + username: + from_secret: ssh-user + environment: + SSH_HOST: + from_secret: ssh-host + SSH_ROOT_USER: + from_secret: ssh-root-user + SSH_USER: + from_secret: ssh-user + +- name: deploy portainer + image: appleboy/drone-ssh + settings: + envs: + - drone_tag + - drone_commit + - drone_build_number + - drone_repo_name + - drone_repo_namespace + - DRONE_GITEA_SERVER + - ssh_host + - ssh_user + - ssh_root_user + - ssh_password + host: + from_secret: ssh-host + password: + from_secret: ssh-password + port: + from_secret: ssh-port + script: + - set -e + - echo go + - " echo $${DRONE_GITEA_SERVER} > thefile" + - export SSH_HOST="$${SSH_HOST}" + - echo "$${SSH_HOST}" + - export SSH_USER="$${SSH_USER}" + - echo "$${SSH_USER}" + - export SSH_ROOT_USER="$${SSH_ROOT_USER}" + - echo "$${SSH_ROOT_USER}" + - export SSH_PASSWORD="$${SSH_PASSWORD}" + - echo "$${SSH_PASSWORD}" + - docker network prune -f + - cd /stack/portainer + - docker stack rm portainer + - sleep 30 + - docker stack deploy -c docker-compose.yml portainer + username: + from_secret: ssh-user + environment: + SSH_HOST: + from_secret: ssh-host + SSH_PASSWORD: + from_secret: ssh-password + SSH_ROOT_USER: + from_secret: ssh-root-user + SSH_USER: + from_secret: ssh-user + +services: +- name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + - name: ca + path: /etc/docker/certs.d + +volumes: +- name: dockersock + temp: {} +- name: ca + host: + path: /etc/docker/certs.d + +... diff --git a/package.json b/package.json new file mode 100644 index 0000000..7830b03 --- /dev/null +++ b/package.json @@ -0,0 +1,6 @@ +{ + "private": true, + "scripts": { + "jsonnet:home": "drone jsonnet --source jsonnet/.drone-home.jsonnet --target jsonnet/.drone-home.yml --stream" + } +}