From 33d92102854cf3c8899d86a7e919aa84cf47f2d8 Mon Sep 17 00:00:00 2001 From: Giles Bradshaw Date: Thu, 6 Aug 2020 15:23:26 +0100 Subject: [PATCH] . --- .drone/drone-home.jsonnet | 25 ++++++++++++++++++++----- .drone/drone-home.yml | 29 ++++++++++++++++++++++++++++- .drone/lib/public-secrets.libsonnet | 1 + .drone/lib/secret-secrets.libsonnet | 1 + 4 files changed, 50 insertions(+), 6 deletions(-) diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index 3cc5e14..8607318 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -46,11 +46,20 @@ local util = import 'lib/util.libsonnet'; }, ], steps:[ - util.printEnv( - 'squid-env', - 'ca-crt' - )( - images.ssh + compose( + std.map( + function(secret) util.printEnv('env-squid', secret), + publicSecrets, + ) + ) + ( + images.ssh { + settings +: { + script: [ + 'rm -f env-squid', + ], + }, + }, ) { name: 'print env', }, @@ -107,11 +116,17 @@ local util = import 'lib/util.libsonnet'; compose([ environment.envSet('local-docker-registry'), environment.envSet('local-registry-password'), + environment.envSet('ca-crt'), + environment.envSet('ca-key'), ])( images.ssh { name: 'deploy squid', settings +: { script +: [ + 'rm -f -R /stack/squid/.secrets', + 'mkdir -p /stack/squid/.secrets', + 'echo $${CA_CRT} > /stack/squid/.secrets/ca.crt', + 'echo $${CA_KEY} > /stack/squid/.secrets/ca.key', 'set -e', //"docker network prune -f", "cd /stack/squid/myCA", diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 022c4f7..0d7bdc1 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -17,6 +17,10 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace + - ssh_host + - ssh_user + - ssh_root_user + - local_docker_registry - ca_crt host: from_secret: ssh-host @@ -25,12 +29,25 @@ steps: port: from_secret: ssh-port script: - - "echo \"export CA_CRT='$${CA_CRT}'\" >> squid-env # \"ca-crt\"" + - rm -f env-squid + - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-squid # \"ssh-host\"" + - "echo \"export SSH_USER='$${SSH_USER}'\" >> env-squid # \"ssh-user\"" + - "echo \"export SSH_ROOT_USER='$${SSH_ROOT_USER}'\" >> env-squid # \"ssh-root-user\"" + - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-squid # \"local-docker-registry\"" + - "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\"" username: from_secret: ssh-user environment: CA_CRT: from_secret: ca-crt + LOCAL_DOCKER_REGISTRY: + from_secret: local-docker-registry + SSH_HOST: + from_secret: ssh-host + SSH_ROOT_USER: + from_secret: ssh-root-user + SSH_USER: + from_secret: ssh-user - name: scp image: appleboy/drone-scp @@ -64,6 +81,8 @@ steps: - drone_repo_namespace - local_docker_registry - local_registry_password + - ca_crt + - ca_key host: from_secret: ssh-host key: @@ -71,6 +90,10 @@ steps: port: from_secret: ssh-port script: + - rm -f -R /stack/squid/.secrets + - mkdir -p /stack/squid/.secrets + - echo $${CA_CRT} > /stack/squid/.secrets/ca.crt + - echo $${CA_KEY} > /stack/squid/.secrets/ca.key - set -e - cd /stack/squid/myCA - cd .. @@ -78,6 +101,10 @@ steps: username: from_secret: ssh-user environment: + CA_CRT: + from_secret: ca-crt + CA_KEY: + from_secret: ca-key LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry LOCAL_REGISTRY_PASSWORD: diff --git a/.drone/lib/public-secrets.libsonnet b/.drone/lib/public-secrets.libsonnet index e7e223c..4901236 100644 --- a/.drone/lib/public-secrets.libsonnet +++ b/.drone/lib/public-secrets.libsonnet @@ -3,4 +3,5 @@ 'ssh-user', 'ssh-root-user', 'local-docker-registry', + 'ca-crt', ] diff --git a/.drone/lib/secret-secrets.libsonnet b/.drone/lib/secret-secrets.libsonnet index 760fb48..28025b7 100644 --- a/.drone/lib/secret-secrets.libsonnet +++ b/.drone/lib/secret-secrets.libsonnet @@ -2,4 +2,5 @@ 'ssh-password', 'ssh-key', 'local-registry-password', + 'ca-key', ]