236 lines
4.8 KiB
Plaintext
236 lines
4.8 KiB
Plaintext
|
local publicSecrets = [
|
||
|
'ssh-host',
|
||
|
'ssh-user',
|
||
|
'ssh-root-user',
|
||
|
];
|
||
|
local secretSecrets = [
|
||
|
'ssh-password',
|
||
|
];
|
||
|
local util = {
|
||
|
// the head of an array
|
||
|
head(array): array[0],
|
||
|
// the tail of an array
|
||
|
tail(array): std.makeArray(
|
||
|
std.length(array) -1,
|
||
|
function(x) array[x + 1],
|
||
|
),
|
||
|
// compose an array of functions
|
||
|
compose(functions):
|
||
|
local compose(functions) =
|
||
|
if std.length(functions) == 0
|
||
|
then
|
||
|
local ret(object) = object;
|
||
|
ret
|
||
|
else
|
||
|
local ret(object) = compose(
|
||
|
util.tail(
|
||
|
functions,
|
||
|
)
|
||
|
)(
|
||
|
util.head(
|
||
|
functions,
|
||
|
)(object)
|
||
|
);
|
||
|
ret;
|
||
|
compose(functions),
|
||
|
fromSecret(secret): {
|
||
|
from_secret: secret,
|
||
|
},
|
||
|
secret(secret): std.asciiLower(
|
||
|
std.strReplace(
|
||
|
secret,
|
||
|
'_',
|
||
|
'-',
|
||
|
),
|
||
|
),
|
||
|
environment(secret): std.asciiUpper(
|
||
|
std.strReplace(
|
||
|
secret,
|
||
|
'-',
|
||
|
'_',
|
||
|
),
|
||
|
),
|
||
|
env(secret): std.asciiLower(
|
||
|
std.strReplace(
|
||
|
secret,
|
||
|
'-',
|
||
|
'_',
|
||
|
),
|
||
|
),
|
||
|
envSet(env): function(step) step {
|
||
|
environment +: {
|
||
|
[util.environment(env)]: util.fromSecret(
|
||
|
util.secret(env)
|
||
|
),
|
||
|
},
|
||
|
settings +: {
|
||
|
envs +: [
|
||
|
util.env(env),
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
printEnv(file, env): function(step) util.compose([
|
||
|
util.envSet(env),
|
||
|
function(step) step {
|
||
|
settings +: {
|
||
|
script +: [
|
||
|
'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % {
|
||
|
environment: util.environment(env),
|
||
|
file: file,
|
||
|
secret: util.secret(env),
|
||
|
},
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
])(step),
|
||
|
};
|
||
|
local images = {
|
||
|
docker: {
|
||
|
name: 'docker',
|
||
|
image: 'docker:dind',
|
||
|
},
|
||
|
scp(target): {
|
||
|
name: 'scp',
|
||
|
image: 'appleboy/drone-scp',
|
||
|
settings: {
|
||
|
host: {
|
||
|
from_secret: 'ssh-host',
|
||
|
},
|
||
|
username: {
|
||
|
from_secret: 'ssh-user',
|
||
|
},
|
||
|
password: {
|
||
|
from_secret: 'ssh-password',
|
||
|
},
|
||
|
port: {
|
||
|
from_secret: 'ssh-port',
|
||
|
},
|
||
|
command_timeout: '2m',
|
||
|
target: target,
|
||
|
source: [
|
||
|
'.',
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
ssh: {
|
||
|
image: 'appleboy/drone-ssh',
|
||
|
settings: {
|
||
|
host: util.fromSecret("ssh-host"),
|
||
|
port: util.fromSecret("ssh-port"),
|
||
|
username: util.fromSecret("ssh-user"),
|
||
|
password: util.fromSecret("ssh-password"),
|
||
|
envs: [
|
||
|
'drone_tag',
|
||
|
'drone_commit',
|
||
|
'drone_build_number',
|
||
|
'drone_repo_name',
|
||
|
'drone_repo_namespace',
|
||
|
],
|
||
|
script: [],
|
||
|
},
|
||
|
},
|
||
|
wait(delay): {
|
||
|
image: 'alpine',
|
||
|
name: 'wait',
|
||
|
commands: [
|
||
|
'sleep %s' % delay,
|
||
|
],
|
||
|
}
|
||
|
};
|
||
|
[
|
||
|
{
|
||
|
kind: 'pipeline',
|
||
|
type: 'docker',
|
||
|
name: 'build',
|
||
|
clone: {
|
||
|
disable: false,
|
||
|
depth: 0,
|
||
|
},
|
||
|
services: [
|
||
|
images.docker {
|
||
|
privileged: true,
|
||
|
volumes: [
|
||
|
{
|
||
|
name: 'dockersock',
|
||
|
path: '/var/run',
|
||
|
},
|
||
|
{
|
||
|
name: 'ca',
|
||
|
path: '/etc/docker/certs.d',
|
||
|
},
|
||
|
],
|
||
|
},
|
||
|
],
|
||
|
volumes: [
|
||
|
{
|
||
|
name: 'dockersock',
|
||
|
temp: {},
|
||
|
},
|
||
|
{
|
||
|
name: 'ca',
|
||
|
host: {
|
||
|
path: '/etc/docker/certs.d',
|
||
|
},
|
||
|
},
|
||
|
],
|
||
|
steps:[
|
||
|
images.scp(
|
||
|
'/stack/squid'
|
||
|
),
|
||
|
images.wait(15),
|
||
|
util.compose(
|
||
|
std.map(
|
||
|
function(secret) util.printEnv('afile', secret),
|
||
|
publicSecrets,
|
||
|
)
|
||
|
)(
|
||
|
images.ssh {
|
||
|
name: 'will print ssh-host again',
|
||
|
settings +: {
|
||
|
script +: [
|
||
|
'rm afile'
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
),
|
||
|
util.compose(
|
||
|
std.map(
|
||
|
function(s) util.envSet(s),
|
||
|
publicSecrets + secretSecrets
|
||
|
) +
|
||
|
std.map(
|
||
|
function(s) function(step) step {
|
||
|
settings +: {
|
||
|
script +: [
|
||
|
|
||
|
'export %(env)s="$${%(env)s}"' % {
|
||
|
env: util.environment(s),
|
||
|
},
|
||
|
'echo "$${%s}"' % util.environment(s),
|
||
|
],
|
||
|
},
|
||
|
},
|
||
|
publicSecrets + secretSecrets
|
||
|
)
|
||
|
)
|
||
|
(
|
||
|
images.ssh {
|
||
|
name: 'deploy squid',
|
||
|
settings +: {
|
||
|
//username: util.fromSecret("ssh-root-user"),
|
||
|
//password: util.fromSecret("ssh-root-password"),
|
||
|
script +: [
|
||
|
'set -e',
|
||
|
"docker network prune -f",
|
||
|
"cd /stack/squid",
|
||
|
"docker stack rm squid",
|
||
|
"sleep 30",
|
||
|
"docker stack deploy -c docker-compose.yml squid",
|
||
|
]
|
||
|
}
|
||
|
}
|
||
|
),
|
||
|
],
|
||
|
}
|
||
|
]
|