From 68cec770fd3a91e16bfffb04bb1db703a9062caa Mon Sep 17 00:00:00 2001 From: Giles Date: Thu, 20 Aug 2020 00:28:42 +0100 Subject: [PATCH] ci: moved scripts --- .drone/build.sh | 1 + .drone/deploy.sh | 4 + .drone/drone-home.jsonnet | 134 +++------------------------------- .drone/drone-home.yml | 67 ++++++++++++----- .drone/lib/images.libsonnet | 38 ---------- .drone/lib/settings.libsonnet | 11 --- .drone/lib/util.libsonnet | 18 ----- .drone/login.sh | 1 + .drone/logout.sh | 1 + .drone/package.json | 3 +- .drone/pull.sh | 1 + .drone/push.sh | 1 + .drone/yarn-error.log | 40 +++++++--- .drone/yarn.lock | 8 ++ .gitignore | 1 + 15 files changed, 107 insertions(+), 222 deletions(-) create mode 100644 .drone/build.sh create mode 100644 .drone/deploy.sh delete mode 100644 .drone/lib/images.libsonnet delete mode 100644 .drone/lib/settings.libsonnet delete mode 100644 .drone/lib/util.libsonnet create mode 100644 .drone/login.sh create mode 100644 .drone/logout.sh create mode 100644 .drone/pull.sh create mode 100644 .drone/push.sh diff --git a/.drone/build.sh b/.drone/build.sh new file mode 100644 index 0000000..6477269 --- /dev/null +++ b/.drone/build.sh @@ -0,0 +1 @@ +docker build docker-dind -t ${LOCAL_DOCKER_REGISTRY}docker-dind diff --git a/.drone/deploy.sh b/.drone/deploy.sh new file mode 100644 index 0000000..4582d81 --- /dev/null +++ b/.drone/deploy.sh @@ -0,0 +1,4 @@ +docker stack rm squid +echo 'sleeping...zzz' +sleep 60 +docker stack deploy -c docker-compose.yml squid diff --git a/.drone/drone-home.jsonnet b/.drone/drone-home.jsonnet index b347773..e2fe2b6 100644 --- a/.drone/drone-home.jsonnet +++ b/.drone/drone-home.jsonnet @@ -1,127 +1,17 @@ -local images = import 'lib/images.libsonnet'; -local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; + local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; -local util = import 'lib/util.libsonnet'; + +local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; [ - { - kind: 'pipeline', - type: 'docker', - name: 'build', - clone: { - disable: false, - depth: 0, - }, - /*trigger: { - event: [ - 'tag', - ], - },*/ - services: [ - images.docker { - privileged: true, - volumes: [ - { - name: 'dockersock', - path: '/var/run', - }, - { - name: 'ca', - path: '/etc/docker/certs.d', - }, - ], - }, + deploy( + 'squid', + '/stack/', + [ + 'LOCAL_DOCKER_REGISTRY', + 'REGISTRY_PASSWORD', ], - volumes: [ - { - name: 'dockersock', - temp: {}, - }, - { - name: 'ca', - host: { - path: '/etc/docker/certs.d', - }, - }, - ], - steps:[ - compose( - std.map( - function(secret) util.printEnv('env-squid', secret), - publicSecrets, - ) - ) - ( - images.ssh { - settings +: { - script: [ - 'rm -f env-squid', - ], - }, - }, - ) { - name: 'print env', - }, - images.scp( - '/stack/squid' - ), - images.wait(15), - images.docker { - name +: 'build docker:dind image:', - environment +: environment.environmentSecrets([ - 'LOCAL_DOCKER_REGISTRY', - 'REGISTRY_PASSWORD', - 'CA_CRT' - ]), - volumes: [ - { - name: 'dockersock', - path: '/var/run', - }, - ], - commands: [ - 'set -e', - 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"', - 'cd docker-dind', - 'echo "$${CA_CRT}" > CA_crt.crt', - 'docker build . -t $${LOCAL_DOCKER_REGISTRY}docker:dind', - 'docker push $${LOCAL_DOCKER_REGISTRY}docker:dind', - 'docker logout $${LOCAL_DOCKER_REGISTRY}', - ], - }, - compose([ - environment.envSet('local-docker-registry'), - environment.envSet('registry-password'), - environment.envSet('ca-crt'), - environment.envSet('ca-key'), - ])( - images.ssh { - name: 'deploy squid', - settings +: { - script +: [ - 'rm -f -R /stack/squid/.secrets', - 'mkdir -p /stack/squid/.secrets', - 'echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt', - 'echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key', - 'set -e', - "cd /stack/squid", - //"docker network prune -f", - //"cd /stack/squid/myCA", - //'openssl genrsa -out CA_key.pem 2048', - //'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"', - //'cd ..', - //"docker stack rm squid", - //"sleep 60", - // "docker volume rm squid_squid-cache", - "docker stack deploy -c docker-compose.yml squid", - ] - } - }, - ), - ], - image_pull_secrets: [ - 'dockerconfigjson' - ] - } + publicSecrets, + secretSecrets + ), ] diff --git a/.drone/drone-home.yml b/.drone/drone-home.yml index 4212940..ad3c67d 100644 --- a/.drone/drone-home.yml +++ b/.drone/drone-home.yml @@ -1,7 +1,7 @@ --- kind: pipeline type: docker -name: build +name: deploy platform: os: linux @@ -17,11 +17,16 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace + - local_docker_registry + - registry_password - ssh_host - ssh_user - ssh_port - local_docker_registry - ca_crt + - ssh_key + - registry_password + - ca_key host: from_secret: ssh-host key: @@ -30,20 +35,31 @@ steps: from_secret: ssh-port script: - rm -f env-squid + - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-squid # \"local-docker-registry\"" + - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-squid # \"registry-password\"" - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-squid # \"ssh-host\"" - "echo \"export SSH_USER='$${SSH_USER}'\" >> env-squid # \"ssh-user\"" - "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-squid # \"ssh-port\"" - "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-squid # \"local-docker-registry\"" - "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\"" + - "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-squid # \"ssh-key\"" + - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-squid # \"registry-password\"" + - "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\"" username: from_secret: ssh-user environment: CA_CRT: from_secret: ca-crt + CA_KEY: + from_secret: ca-key LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry + REGISTRY_PASSWORD: + from_secret: registry-password SSH_HOST: from_secret: ssh-host + SSH_KEY: + from_secret: ssh-key SSH_PORT: from_secret: ssh-port SSH_USER: @@ -70,19 +86,15 @@ steps: commands: - sleep 15 -- name: "dockerbuild docker:dind image:" +- name: "dockerbuild:" image: docker:dind commands: - set -e - - docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}" - - cd docker-dind - - echo "$${CA_CRT}" > CA_crt.crt - - docker build . -t $${LOCAL_DOCKER_REGISTRY}docker:dind - - docker push $${LOCAL_DOCKER_REGISTRY}docker:dind - - docker logout $${LOCAL_DOCKER_REGISTRY} + - sh .drone/login.sh + - sh .drone/build.sh + - sh .drone/push.sh + - sh .drone/logout.sh environment: - CA_CRT: - from_secret: ca-crt LOCAL_DOCKER_REGISTRY: from_secret: local-docker-registry REGISTRY_PASSWORD: @@ -91,7 +103,7 @@ steps: - name: dockersock path: /var/run -- name: deploy squid +- name: deploy image: appleboy/drone-ssh:1.6.2 settings: envs: @@ -100,9 +112,13 @@ steps: - drone_build_number - drone_repo_name - drone_repo_namespace + - ssh_host + - ssh_user + - ssh_port - local_docker_registry - - registry_password - ca_crt + - ssh_key + - registry_password - ca_key host: from_secret: ssh-host @@ -111,13 +127,19 @@ steps: port: from_secret: ssh-port script: - - rm -f -R /stack/squid/.secrets - - mkdir -p /stack/squid/.secrets - - echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt - - echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key + - export SSH_KEY=$${SSH_KEY} + - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} + - export CA_KEY=$${CA_KEY} + - export SSH_HOST=$${SSH_HOST} + - export SSH_USER=$${SSH_USER} + - export SSH_PORT=$${SSH_PORT} + - export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY} + - export CA_CRT=$${CA_CRT} - set -e - cd /stack/squid - - docker stack deploy -c docker-compose.yml squid + - sh .drone/login.sh + - sh .drone/pull.sh + - sh .drone/deploy.sh username: from_secret: ssh-user environment: @@ -129,6 +151,14 @@ steps: from_secret: local-docker-registry REGISTRY_PASSWORD: from_secret: registry-password + SSH_HOST: + from_secret: ssh-host + SSH_KEY: + from_secret: ssh-key + SSH_PORT: + from_secret: ssh-port + SSH_USER: + from_secret: ssh-user services: - name: docker @@ -147,7 +177,4 @@ volumes: host: path: /etc/docker/certs.d -image_pull_secrets: -- dockerconfigjson - ... diff --git a/.drone/lib/images.libsonnet b/.drone/lib/images.libsonnet deleted file mode 100644 index b67fc35..0000000 --- a/.drone/lib/images.libsonnet +++ /dev/null @@ -1,38 +0,0 @@ -local settings = import 'settings.libsonnet'; -{ - docker: { - name: 'docker', - image: 'docker:dind', - }, - scp(target): settings.ssh { - name: 'scp', - image: 'appleboy/drone-scp:1.6.2', - settings +: { - command_timeout: '2m', - target: target, - source: [ - '.', - ], - }, - }, - ssh: settings.ssh { - image: 'appleboy/drone-ssh:1.6.2', - settings +: { - envs: [ - 'drone_tag', - 'drone_commit', - 'drone_build_number', - 'drone_repo_name', - 'drone_repo_namespace', - ], - script: [], - }, - }, - wait(delay): { - image: 'alpine', - name: 'wait', - commands: [ - 'sleep %s' % delay, - ], - } -} \ No newline at end of file diff --git a/.drone/lib/settings.libsonnet b/.drone/lib/settings.libsonnet deleted file mode 100644 index 3c40d44..0000000 --- a/.drone/lib/settings.libsonnet +++ /dev/null @@ -1,11 +0,0 @@ -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -{ - ssh: { - settings +: { - host: environment.fromSecret('ssh-host'), - port: environment.fromSecret('ssh-port'), - username: environment.fromSecret('ssh-user'), - key: environment.fromSecret('ssh-key'), - }, - }, -} \ No newline at end of file diff --git a/.drone/lib/util.libsonnet b/.drone/lib/util.libsonnet deleted file mode 100644 index 2596ab8..0000000 --- a/.drone/lib/util.libsonnet +++ /dev/null @@ -1,18 +0,0 @@ -local compose = import '../node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; -local environment = import '../node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; -{ - printEnv(file, env): function(step) compose([ - environment.envSet(env), - function(step) step { - settings +: { - script +: [ - 'echo "export %(environment)s=\'$${%(environment)s}\'" >> %(file)s # "%(secret)s"' % { - environment: environment.environment(env), - file: file, - secret: environment.secret(env), - }, - ], - }, - }, - ])(step), -} \ No newline at end of file diff --git a/.drone/login.sh b/.drone/login.sh new file mode 100644 index 0000000..c8ffffc --- /dev/null +++ b/.drone/login.sh @@ -0,0 +1 @@ +docker login ${LOCAL_DOCKER_REGISTRY} --username client --password "${REGISTRY_PASSWORD}" \ No newline at end of file diff --git a/.drone/logout.sh b/.drone/logout.sh new file mode 100644 index 0000000..4bcacf0 --- /dev/null +++ b/.drone/logout.sh @@ -0,0 +1 @@ +docker logout ${LOCAL_DOCKER_REGISTRY} \ No newline at end of file diff --git a/.drone/package.json b/.drone/package.json index 3869304..434953f 100644 --- a/.drone/package.json +++ b/.drone/package.json @@ -4,7 +4,6 @@ "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-compose": "^0.0.2", - "@sigyl/jsonnet-drone-environment": "0.0.5" + "@sigyl/jsonnet-drone": "^0.0.5" } } diff --git a/.drone/pull.sh b/.drone/pull.sh new file mode 100644 index 0000000..93dd65e --- /dev/null +++ b/.drone/pull.sh @@ -0,0 +1 @@ +docker pull ${LOCAL_DOCKER_REGISTRY}docker-dind diff --git a/.drone/push.sh b/.drone/push.sh new file mode 100644 index 0000000..9a13777 --- /dev/null +++ b/.drone/push.sh @@ -0,0 +1 @@ +docker push ${LOCAL_DOCKER_REGISTRY}docker-dind diff --git a/.drone/yarn-error.log b/.drone/yarn-error.log index 55c6505..88bf6d0 100644 --- a/.drone/yarn-error.log +++ b/.drone/yarn-error.log @@ -1,23 +1,21 @@ Arguments: - /usr/bin/node /home/giles/.yarn/bin/yarn.js + /usr/local/Cellar/node/11.9.0/bin/node /usr/local/Cellar/yarn/1.13.0/libexec/bin/yarn.js PATH: - /home/giles/.yarn/bin:/home/giles/.config/yarn/global/node_modules/.bin:/home/giles/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/go/bin + /Users/giles/.cargo/bin:/Users/giles/.local/bin:/Users/giles/Library/Python/3.7/bin:/Library/Frameworks/Python.framework/Versions/3.7/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/share/dotnet:/usr/local/share/dotnet/sdk:/usr/local/share/dotnet/sdk/2.2.101:/opt/X11/bin:~/.dotnet/tools:/usr/local/bin:/usr/local/Cellar/openssl/1.0.2j/bin/openssl Yarn version: - 1.22.4 + 1.13.0 Node version: - 11.14.0 + 12.13.1 Platform: - linux x64 + darwin x64 Trace: - Error: self signed certificate in certificate chain - at TLSSocket.onConnectSecure (_tls_wrap.js:1176:34) - at TLSSocket.emit (events.js:193:13) - at TLSSocket._finishInit (_tls_wrap.js:667:8) + Error: getaddrinfo ENOTFOUND registry.yarnpkg.com + at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) npm manifest: { @@ -26,7 +24,7 @@ npm manifest: "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" }, "dependencies": { - "@sigyl/jsonnet-compose": "^0.0.2" + "@sigyl/jsonnet-drone": "^0.0.3" } } @@ -34,4 +32,24 @@ yarn manifest: No manifest Lockfile: - No lockfile + # THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. + # yarn lockfile v1 + + + "@sigyl/jsonnet-compose@^0.0.2": + version "0.0.2" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-compose/-/jsonnet-compose-0.0.2.tgz#8900a21e8cd8109929b6042703f8645aacb9bcda" + integrity sha512-wWS3CgPeNi/o1pcS6n/4pafxlMD0KC9/RKMZr/ySmzeGNRW++sPuKuxajYse2TNd47uNDdeUSnk4aEeEIKL0zA== + + "@sigyl/jsonnet-drone-environment@0.0.5": + version "0.0.5" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" + integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== + + "@sigyl/jsonnet-drone@^0.0.2": + version "0.0.2" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.2.tgz#64572524155eaa2c2b8bda6102f238a0269cafbb" + integrity sha512-1/EZR5Vbo8oKAm+R31XIzsS6VZxcEIcRLyrLi53JQ0+z+CWLPvrUwiq0homBysYJhqk1XRzYF6+ctwbbmmzxrA== + dependencies: + "@sigyl/jsonnet-compose" "^0.0.2" + "@sigyl/jsonnet-drone-environment" "0.0.5" diff --git a/.drone/yarn.lock b/.drone/yarn.lock index e9d5082..2ad11f0 100644 --- a/.drone/yarn.lock +++ b/.drone/yarn.lock @@ -11,3 +11,11 @@ version "0.0.5" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== + +"@sigyl/jsonnet-drone@^0.0.5": + version "0.0.5" + resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.5.tgz#1017714cfcdb637d36faa4206b29fd4277bfb37f" + integrity sha512-6npYDgXWGblimBYDIRNeNZX20qZmuhQYhSj9hWucXm9i+IKIrxX/3B0gf9JDNXgbK4s4QY95WBrnimeAeMfddg== + dependencies: + "@sigyl/jsonnet-compose" "^0.0.2" + "@sigyl/jsonnet-drone-environment" "0.0.5" diff --git a/.gitignore b/.gitignore index 3c3629e..eb03e3e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ node_modules +*.log