From 63a782b3910783f7333fc9c5c556d60b471554b3 Mon Sep 17 00:00:00 2001
From: Giles Bradshaw <giles.bradshaw@sigyl.com>
Date: Thu, 6 Aug 2020 10:28:48 +0100
Subject: [PATCH] test: squid:4

---
 .drone/drone-home.jsonnet   |  6 ++---
 .drone/drone-home.yml       | 45 ++++++++++++-------------------------
 docker/Dockerfile           |  6 ++---
 docker/squid.intercept.conf |  4 ++--
 4 files changed, 22 insertions(+), 39 deletions(-)

diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet
index ef1c4e7..cc2a75c 100644
--- a/.drone/drone-home.jsonnet
+++ b/.drone/drone-home.jsonnet
@@ -49,7 +49,7 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
         '/stack/squid'
       ),
       images.wait(15),
-      /*images.docker {
+      images.docker {
         name +: 'build docker image:',
         environment +: environment.environmentSecrets([
           'LOCAL_DOCKER_REGISTRY',
@@ -71,7 +71,7 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
           'docker push $${LOCAL_DOCKER_REGISTRY}squid',
           'docker logout $${LOCAL_DOCKER_REGISTRY}',
         ],
-      },*/
+      } /*
       compose([
         environment.envSet('local-docker-registry'),
         environment.envSet('local-registry-password'),
@@ -96,7 +96,7 @@ local publicSecrets = import 'lib/public-secrets.libsonnet';
             ]
           }
         },
-      ),
+      ),*/
     ],
   }
 ]
diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml
index 06ee2c2..8b487d2 100644
--- a/.drone/drone-home.yml
+++ b/.drone/drone-home.yml
@@ -29,42 +29,25 @@ steps:
   commands:
   - sleep 15
 
-- name: deploy squid
-  image: appleboy/drone-ssh
-  settings:
-    envs:
-    - drone_tag
-    - drone_commit
-    - drone_build_number
-    - drone_repo_name
-    - drone_repo_namespace
-    - local_docker_registry
-    - local_registry_password
-    host:
-      from_secret: ssh-host
-    key:
-      from_secret: ssh-key
-    port:
-      from_secret: ssh-port
-    script:
-    - set -e
-    - docker network prune -f
-    - cd /stack/squid/myCA
-    - cd ..
-    - docker stack rm squid
-    - sleep 60
-    - docker volume rm squid_squid-cache
-    - export SQUID_IMAGE=$${LOCAL_DOCKER_REGISTRY}squid
-    - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"
-    - docker pull $${SQUID_IMAGE}
-    - docker stack deploy -c docker-compose.yml squid
-    username:
-      from_secret: ssh-user
+- name: "dockerbuild docker image:"
+  image: docker:dind
+  commands:
+  - set -e
+  - pwd
+  - sleep 15
+  - cd docker
+  - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"
+  - docker build . -t $${LOCAL_DOCKER_REGISTRY}squid
+  - docker push $${LOCAL_DOCKER_REGISTRY}squid
+  - docker logout $${LOCAL_DOCKER_REGISTRY}
   environment:
     LOCAL_DOCKER_REGISTRY:
       from_secret: local-docker-registry
     LOCAL_REGISTRY_PASSWORD:
       from_secret: local-registry-password
+  volumes:
+  - name: dockersock
+    path: /var/run
 
 services:
 - name: docker
diff --git a/docker/Dockerfile b/docker/Dockerfile
index ebe0a65..7d0b6f6 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -3,14 +3,14 @@ RUN apt-get -y update
 RUN apt-get install -y curl supervisor git openssl  build-essential libssl-dev wget vim curl
 RUN mkdir -p /var/log/supervisor
 WORKDIR /apps/
-RUN wget -O - http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.27.tar.gz | tar zxfv - \
+RUN wget -O - http://www.squid-cache.org/Versions/v4/squid-4.12.tar.gz.asc | tar zxfv - \
     && CPU=$(( `nproc --all`-1 )) \
-    && cd /apps/squid-3.5.27/ \
+    && cd /apps/squid-4.12/ \
     && ./configure --prefix=/apps/squid --enable-icap-client --enable-ssl --with-openssl --enable-ssl-crtd --enable-auth --enable-basic-auth-helpers="NCSA" \
     && make -j$CPU \
     && make install \
     && cd /apps \
-    && rm -rf /apps/squid-3.5.27
+    && rm -rf /apps/squid-4.12
 ADD . /apps/
 
 RUN chown -R nobody:nogroup /apps/
diff --git a/docker/squid.intercept.conf b/docker/squid.intercept.conf
index 71ac726..da6ea38 100644
--- a/docker/squid.intercept.conf
+++ b/docker/squid.intercept.conf
@@ -28,8 +28,8 @@ htcp_access deny all
 
 visible_hostname git.local-domain
 
-http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem version=4
-#http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
+#http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem version=4
+http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 #https_port 3129 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 
 always_direct allow all