ci: copy drone to docker secrets
This commit is contained in:
parent
b22b7d0321
commit
e8b61d5992
|
@ -1,2 +1,2 @@
|
||||||
echo $CA_CRT > docker-dind/CA_crt.crt
|
echo "${CA_CRT}" > docker-dind/CA_crt.crt
|
||||||
docker build docker-dind -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind
|
docker build docker-dind -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
docker stack rm squid
|
docker stack rm squid
|
||||||
echo 'sleeping...zzz'
|
echo 'sleeping...zzz'
|
||||||
sleep 60
|
sleep 60
|
||||||
|
mkdir -p .secrets
|
||||||
|
echo "${CA_CRT}" > .secrets/ca.crt
|
||||||
|
echo "${CA_KEY}" > .secrets/ca.key
|
||||||
docker stack deploy -c docker-compose.yml squid
|
docker stack deploy -c docker-compose.yml squid
|
||||||
|
|
|
@ -9,7 +9,9 @@ local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet';
|
||||||
deploy(
|
deploy(
|
||||||
'squid',
|
'squid',
|
||||||
'/stack/',
|
'/stack/',
|
||||||
[],
|
[
|
||||||
|
'CA_CRT',
|
||||||
|
],
|
||||||
publicSecrets,
|
publicSecrets,
|
||||||
secretSecrets,
|
secretSecrets,
|
||||||
[
|
[
|
||||||
|
|
|
@ -35,6 +35,7 @@ steps:
|
||||||
- drone_repo_name
|
- drone_repo_name
|
||||||
- drone_repo_namespace
|
- drone_repo_namespace
|
||||||
- ca_crt
|
- ca_crt
|
||||||
|
- ca_crt
|
||||||
- local_domain
|
- local_domain
|
||||||
- ca_key
|
- ca_key
|
||||||
host: ${SSH_HOST}
|
host: ${SSH_HOST}
|
||||||
|
@ -44,6 +45,7 @@ steps:
|
||||||
script:
|
script:
|
||||||
- rm -f env-squid
|
- rm -f env-squid
|
||||||
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
|
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
|
||||||
|
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
|
||||||
- "echo \"export LOCAL_DOMAIN='$${LOCAL_DOMAIN}'\" >> env-squid # \"local-domain\""
|
- "echo \"export LOCAL_DOMAIN='$${LOCAL_DOMAIN}'\" >> env-squid # \"local-domain\""
|
||||||
- "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\""
|
- "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\""
|
||||||
username: ${SSH_USER}
|
username: ${SSH_USER}
|
||||||
|
@ -81,6 +83,9 @@ steps:
|
||||||
- sh .drone/build.sh
|
- sh .drone/build.sh
|
||||||
- sh .drone/push.sh
|
- sh .drone/push.sh
|
||||||
- sh .drone/logout.sh
|
- sh .drone/logout.sh
|
||||||
|
environment:
|
||||||
|
CA_CRT:
|
||||||
|
from_secret: ca-crt
|
||||||
volumes:
|
volumes:
|
||||||
- name: dockersock
|
- name: dockersock
|
||||||
path: /var/run
|
path: /var/run
|
||||||
|
@ -101,6 +106,7 @@ steps:
|
||||||
- ca_crt
|
- ca_crt
|
||||||
- local_domain
|
- local_domain
|
||||||
- ca_key
|
- ca_key
|
||||||
|
- ca_crt
|
||||||
host: ${SSH_HOST}
|
host: ${SSH_HOST}
|
||||||
key: ${SSH_KEY}
|
key: ${SSH_KEY}
|
||||||
passphrase: ${SSH_PASSPHRASE}
|
passphrase: ${SSH_PASSPHRASE}
|
||||||
|
@ -109,6 +115,7 @@ steps:
|
||||||
- export CA_KEY=$${CA_KEY}
|
- export CA_KEY=$${CA_KEY}
|
||||||
- export CA_CRT=$${CA_CRT}
|
- export CA_CRT=$${CA_CRT}
|
||||||
- export LOCAL_DOMAIN=$${LOCAL_DOMAIN}
|
- export LOCAL_DOMAIN=$${LOCAL_DOMAIN}
|
||||||
|
- export CA_CRT=$${CA_CRT}
|
||||||
- export DOMAIN=$${DOMAIN}
|
- export DOMAIN=$${DOMAIN}
|
||||||
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
|
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
|
||||||
- export REGISTRY_PORT=$${REGISTRY_PORT}
|
- export REGISTRY_PORT=$${REGISTRY_PORT}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
FROM docker:18.06.0-dind
|
FROM docker:18.06.0-dind
|
||||||
COPY CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
|
COPY ./CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
|
||||||
RUN update-ca-certificates
|
RUN update-ca-certificates
|
||||||
|
|
Loading…
Reference in New Issue