diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet new file mode 100644 index 0000000..fe17c27 --- /dev/null +++ b/.drone/drone-home.jsonnet @@ -0,0 +1,235 @@ +local publicSecrets = [ + 'ssh-host', + 'ssh-user', + 'ssh-root-user', +]; +local secretSecrets = [ + 'ssh-password', +]; +local util = { + // the head of an array + head(array): array[0], + // the tail of an array + tail(array): std.makeArray( + std.length(array) -1, + function(x) array[x + 1], + ), + // compose an array of functions + compose(functions): + local compose(functions) = + if std.length(functions) == 0 + then + local ret(object) = object; + ret + else + local ret(object) = compose( + util.tail( + functions, + ) + )( + util.head( + functions, + )(object) + ); + ret; + compose(functions), + fromSecret(secret): { + from_secret: secret, + }, + secret(secret): std.asciiLower( + std.strReplace( + secret, + '_', + '-', + ), + ), + environment(secret): std.asciiUpper( + std.strReplace( + secret, + '-', + '_', + ), + ), + env(secret): std.asciiLower( + std.strReplace( + secret, + '-', + '_', + ), + ), + envSet(env): function(step) step { + environment +: { + [util.environment(env)]: util.fromSecret( + util.secret(env) + ), + }, + settings +: { + envs +: [ + util.env(env), + ], + }, + }, + printEnv(file, env): function(step) util.compose([ + util.envSet(env), + function(step) step { + settings +: { + script +: [ + 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { + environment: util.environment(env), + file: file, + secret: util.secret(env), + }, + ], + }, + }, + ])(step), +}; +local images = { + docker: { + name: 'docker', + image: 'docker:dind', + }, + scp(target): { + name: 'scp', + image: 'appleboy/drone-scp', + settings: { + host: { + from_secret: 'ssh-host', + }, + username: { + from_secret: 'ssh-user', + }, + password: { + from_secret: 'ssh-password', + }, + port: { + from_secret: 'ssh-port', + }, + command_timeout: '2m', + target: target, + source: [ + '.', + ], + }, + }, + ssh: { + image: 'appleboy/drone-ssh', + settings: { + host: util.fromSecret("ssh-host"), + port: util.fromSecret("ssh-port"), + username: util.fromSecret("ssh-user"), + password: util.fromSecret("ssh-password"), + envs: [ + 'drone_tag', + 'drone_commit', + 'drone_build_number', + 'drone_repo_name', + 'drone_repo_namespace', + ], + script: [], + }, + }, + wait(delay): { + image: 'alpine', + name: 'wait', + commands: [ + 'sleep %s' % delay, + ], + } +}; +[ + { + kind: 'pipeline', + type: 'docker', + name: 'build', + clone: { + disable: false, + depth: 0, + }, + services: [ + images.docker { + privileged: true, + volumes: [ + { + name: 'dockersock', + path: '/var/run', + }, + { + name: 'ca', + path: '/etc/docker/certs.d', + }, + ], + }, + ], + volumes: [ + { + name: 'dockersock', + temp: {}, + }, + { + name: 'ca', + host: { + path: '/etc/docker/certs.d', + }, + }, + ], + steps:[ + images.scp( + '/stack/squid' + ), + images.wait(15), + util.compose( + std.map( + function(secret) util.printEnv('afile', secret), + publicSecrets, + ) + )( + images.ssh { + name: 'will print ssh-host again', + settings +: { + script +: [ + 'rm afile' + ], + }, + }, + ), + util.compose( + std.map( + function(s) util.envSet(s), + publicSecrets + secretSecrets + ) + + std.map( + function(s) function(step) step { + settings +: { + script +: [ + + 'export %(env)s="$${%(env)s}"' % { + env: util.environment(s), + }, + 'echo "$${%s}"' % util.environment(s), + ], + }, + }, + publicSecrets + secretSecrets + ) + ) + ( + images.ssh { + name: 'deploy squid', + settings +: { + //username: util.fromSecret("ssh-root-user"), + //password: util.fromSecret("ssh-root-password"), + script +: [ + 'set -e', + "docker network prune -f", + "cd /stack/squid", + "docker stack rm squid", + "sleep 30", + "docker stack deploy -c docker-compose.yml squid", + ] + } + } + ), + ], + } +] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml new file mode 100644 index 0000000..0538818 --- /dev/null +++ b/.drone/drone-home.yml @@ -0,0 +1,130 @@ +--- +kind: pipeline +type: docker +name: build + +platform: + os: linux + arch: amd64 + +steps: +- name: scp + image: appleboy/drone-scp + settings: + command_timeout: 2m + host: + from_secret: ssh-host + password: + from_secret: ssh-password + port: + from_secret: ssh-port + source: + - . + target: /stack/squid + username: + from_secret: ssh-user + +- name: wait + image: alpine + commands: + - sleep 15 + +- name: will print ssh-host again + image: appleboy/drone-ssh + settings: + envs: + - drone_tag + - drone_commit + - drone_build_number + - drone_repo_name + - drone_repo_namespace + - DRONE_GITEA_SERVER + - ssh_host + - ssh_user + - ssh_root_user + host: + from_secret: ssh-host + password: + from_secret: ssh-password + port: + from_secret: ssh-port + script: + - rm afile + - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> afile # \"ssh-host\"" + - "echo \"export SSH_USER='$${SSH_USER}'\" >> afile # \"ssh-user\"" + - "echo \"export SSH_ROOT_USER='$${SSH_ROOT_USER}'\" >> afile # \"ssh-root-user\"" + username: + from_secret: ssh-user + environment: + SSH_HOST: + from_secret: ssh-host + SSH_ROOT_USER: + from_secret: ssh-root-user + SSH_USER: + from_secret: ssh-user + +- name: deploy squid + image: appleboy/drone-ssh + settings: + envs: + - drone_tag + - drone_commit + - drone_build_number + - drone_repo_name + - drone_repo_namespace + - DRONE_GITEA_SERVER + - ssh_host + - ssh_user + - ssh_root_user + - ssh_password + host: + from_secret: ssh-host + password: + from_secret: ssh-password + port: + from_secret: ssh-port + script: + - set -e + - docker network prune -f + - cd /stack/squid + - docker stack rm squid + - sleep 30 + - docker stack deploy -c docker-compose.yml squid + - export SSH_HOST="$${SSH_HOST}" + - echo "$${SSH_HOST}" + - export SSH_USER="$${SSH_USER}" + - echo "$${SSH_USER}" + - export SSH_ROOT_USER="$${SSH_ROOT_USER}" + - echo "$${SSH_ROOT_USER}" + - export SSH_PASSWORD="$${SSH_PASSWORD}" + - echo "$${SSH_PASSWORD}" + username: + from_secret: ssh-user + environment: + SSH_HOST: + from_secret: ssh-host + SSH_PASSWORD: + from_secret: ssh-password + SSH_ROOT_USER: + from_secret: ssh-root-user + SSH_USER: + from_secret: ssh-user + +services: +- name: docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run + - name: ca + path: /etc/docker/certs.d + +volumes: +- name: dockersock + temp: {} +- name: ca + host: + path: /etc/docker/certs.d + +... diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..27eea9a --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,28 @@ +version: "3.7" +services: + gitea: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: mikepurvis/squid-deb-proxy:latest + #environment: + volumes: + - squid-cache:/cachedir + ports: + - 8000:8000 + networks: + - appnet + - externalnet +volumes: + squid-cache: + +networks: + appnet: + driver: overlay + #external: true + externalnet: + driver: overlay + external: true \ No newline at end of file diff --git a/package.json b/package.json new file mode 100644 index 0000000..ab343a8 --- /dev/null +++ b/package.json @@ -0,0 +1,6 @@ +{ + "private": true, + "scripts": { + "jsonnet:home": "drone jsonnet --source jsonnet/.drone-home.jsonnet --target jsonnet/.drone-home.yml --stream" + } +} \ No newline at end of file