Browse Source

ci: copy drone to docker secrets

master
Giles Bradshaw 2 years ago
parent
commit
e8b61d5992
5 changed files with 15 additions and 3 deletions
  1. +1
    -1
      .drone/build.sh
  2. +3
    -0
      .drone/deploy.sh
  3. +3
    -1
      .drone/drone-home.jsonnet
  4. +7
    -0
      .drone/drone-home.yml
  5. +1
    -1
      docker-dind/Dockerfile

+ 1
- 1
.drone/build.sh View File

@@ -1,2 +1,2 @@
echo $CA_CRT > docker-dind/CA_crt.crt
echo "${CA_CRT}" > docker-dind/CA_crt.crt
docker build docker-dind -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind

+ 3
- 0
.drone/deploy.sh View File

@@ -1,4 +1,7 @@
docker stack rm squid
echo 'sleeping...zzz'
sleep 60
mkdir -p .secrets
echo "${CA_CRT}" > .secrets/ca.crt
echo "${CA_KEY}" > .secrets/ca.key
docker stack deploy -c docker-compose.yml squid

+ 3
- 1
.drone/drone-home.jsonnet View File

@@ -9,7 +9,9 @@ local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet';
deploy(
'squid',
'/stack/',
[],
[
'CA_CRT',
],
publicSecrets,
secretSecrets,
[


+ 7
- 0
.drone/drone-home.yml View File

@@ -35,6 +35,7 @@ steps:
- drone_repo_name
- drone_repo_namespace
- ca_crt
- ca_crt
- local_domain
- ca_key
host: ${SSH_HOST}
@@ -44,6 +45,7 @@ steps:
script:
- rm -f env-squid
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
- "echo \"export LOCAL_DOMAIN='$${LOCAL_DOMAIN}'\" >> env-squid # \"local-domain\""
- "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\""
username: ${SSH_USER}
@@ -81,6 +83,9 @@ steps:
- sh .drone/build.sh
- sh .drone/push.sh
- sh .drone/logout.sh
environment:
CA_CRT:
from_secret: ca-crt
volumes:
- name: dockersock
path: /var/run
@@ -101,6 +106,7 @@ steps:
- ca_crt
- local_domain
- ca_key
- ca_crt
host: ${SSH_HOST}
key: ${SSH_KEY}
passphrase: ${SSH_PASSPHRASE}
@@ -109,6 +115,7 @@ steps:
- export CA_KEY=$${CA_KEY}
- export CA_CRT=$${CA_CRT}
- export LOCAL_DOMAIN=$${LOCAL_DOMAIN}
- export CA_CRT=$${CA_CRT}
- export DOMAIN=$${DOMAIN}
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
- export REGISTRY_PORT=$${REGISTRY_PORT}


+ 1
- 1
docker-dind/Dockerfile View File

@@ -1,3 +1,3 @@
FROM docker:18.06.0-dind
COPY CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
COPY ./CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
RUN update-ca-certificates

Loading…
Cancel
Save