ci: copy drone to docker secrets

2020-09-01 15:58:06 +01:00 · 2020-09-01 15:58:06 +01:00 · e8b61d5992
parent b22b7d0321
commit e8b61d5992
5 changed files with 15 additions and 3 deletions
--- a/.drone/build.sh
+++ b/.drone/build.sh
@ -1,2 +1,2 @@
-echo $CA_CRT > docker-dind/CA_crt.crt
+echo "${CA_CRT}" > docker-dind/CA_crt.crt
 docker build docker-dind -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind
--- a/.drone/deploy.sh
+++ b/.drone/deploy.sh
@ -1,4 +1,7 @@
 docker stack rm squid
 echo 'sleeping...zzz'
 sleep 60
+mkdir -p .secrets
+echo "${CA_CRT}" > .secrets/ca.crt
+echo "${CA_KEY}" > .secrets/ca.key
 docker stack deploy -c docker-compose.yml squid
--- a/.drone/drone-home.jsonnet
+++ b/.drone/drone-home.jsonnet
@ -9,7 +9,9 @@ local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet';
  deploy(
    'squid',
    '/stack/',
-    [],
+    [
+      'CA_CRT',
+    ],
    publicSecrets,
    secretSecrets,
    [
--- a/.drone/drone-home.yml
+++ b/.drone/drone-home.yml
@ -35,6 +35,7 @@ steps:
    - drone_repo_name
    - drone_repo_namespace
    - ca_crt
+    - ca_crt
    - local_domain
    - ca_key
    host: ${SSH_HOST}
@ -44,6 +45,7 @@ steps:
    script:
    - rm -f env-squid
    - "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
+    - "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
    - "echo \"export LOCAL_DOMAIN='$${LOCAL_DOMAIN}'\" >> env-squid # \"local-domain\""
    - "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\""
    username: ${SSH_USER}
@ -81,6 +83,9 @@ steps:
  - sh .drone/build.sh
  - sh .drone/push.sh
  - sh .drone/logout.sh
+  environment:
+    CA_CRT:
+      from_secret: ca-crt
  volumes:
  - name: dockersock
    path: /var/run
@ -101,6 +106,7 @@ steps:
    - ca_crt
    - local_domain
    - ca_key
+    - ca_crt
    host: ${SSH_HOST}
    key: ${SSH_KEY}
    passphrase: ${SSH_PASSPHRASE}
@ -109,6 +115,7 @@ steps:
    - export CA_KEY=$${CA_KEY}
    - export CA_CRT=$${CA_CRT}
    - export LOCAL_DOMAIN=$${LOCAL_DOMAIN}
+    - export CA_CRT=$${CA_CRT}
    - export DOMAIN=$${DOMAIN}
    - export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
    - export REGISTRY_PORT=$${REGISTRY_PORT}
--- a/docker-dind/Dockerfile
+++ b/docker-dind/Dockerfile
@ -1,3 +1,3 @@
 FROM docker:18.06.0-dind
-COPY CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
+COPY ./CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
 RUN update-ca-certificates