stack
/
squid
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Compare commits

base: stack:master
Branches Tags
stack:master
stack:renovate/configure
stack:test
stack:temp
stack:home-deploy
stack:v0.0.8
stack:v0.0.7
stack:v0.0.6
stack:v0.0.5
stack:v0.0.4
stack:v0.0.3
stack:v0.0.2
stack:v0.0.1
..
compare: stack:renovate/configure
Branches Tags
stack:master
stack:renovate/configure
stack:test
stack:temp
stack:home-deploy
stack:v0.0.8
stack:v0.0.7
stack:v0.0.6
stack:v0.0.5
stack:v0.0.4
stack:v0.0.3
stack:v0.0.2
stack:v0.0.1

1 Commits
master ... renovate/c

Author SHA1 Message Date
Giles Bradshaw 8048bca859 chore(deps): add renovate.json 2020-08-27 14:39:17 +00:00
19 changed files with 115 additions and 119 deletions
Show Stats Expand all files Collapse all files

3
.drone/build.sh
View File

@ -1,2 +1 @@
echo "${CA_CRT}" > docker-dind/CA_crt.crt docker build docker-dind -t ${LOCAL_DOCKER_REGISTRY}docker-dind
docker build docker-dind -t ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind

3
.drone/deploy.sh
View File

@ -1,7 +1,4 @@
docker stack rm squid docker stack rm squid
echo 'sleeping...zzz' echo 'sleeping...zzz'
sleep 60 sleep 60
mkdir -p .secrets
echo "${CA_CRT}" > .secrets/ca.crt
echo "${CA_KEY}" > .secrets/ca.key
docker stack deploy -c docker-compose.yml squid docker stack deploy -c docker-compose.yml squid

24
.drone/drone-home.jsonnet
View File

@ -3,31 +3,15 @@ local secretSecrets = import 'lib/secret-secrets.libsonnet';
local publicSecrets = import 'lib/public-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet';
local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet'; local deploy = import 'node_modules/@sigyl/jsonnet-drone/deploy.libsonnet';
local register = import 'node_modules/@sigyl/jsonnet-drone/register.libsonnet';
[ [
register,
deploy( deploy(
'squid', 'squid',
'/stack/', '/stack/',
[ [
'CA_CRT', 'LOCAL_DOCKER_REGISTRY',
],
publicSecrets,
secretSecrets,
[
'DOMAIN',
'REGISTRY_DOMAIN',
'REGISTRY_PORT',
'REGISTRY_PASSWORD', 'REGISTRY_PASSWORD',
], ],
) { publicSecrets,
trigger +: { secretSecrets
event +: [ ),
'promote',
],
target +: [
'production',
],
},
},
] ]

154
.drone/drone-home.yml
View File

@ -1,20 +1,3 @@
---
kind: pipeline
type: docker
name: register
platform:
os: linux
arch: amd64
clone:
disable: true
trigger:
event:
exclude:
- promote
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@ -26,7 +9,7 @@ platform:
steps: steps:
- name: print env - name: print env
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea image: appleboy/drone-ssh:1.6.2
settings: settings:
envs: envs:
- drone_tag - drone_tag
@ -34,49 +17,77 @@ steps:
- drone_build_number - drone_build_number
- drone_repo_name - drone_repo_name
- drone_repo_namespace - drone_repo_namespace
- local_docker_registry
- registry_password
- ssh_host
- ssh_user
- ssh_port
- local_docker_registry
- ca_crt - ca_crt
- ca_crt - ssh_key
- local_domain - registry_password
- ca_key - ca_key
host: ${SSH_HOST} host:
key: ${SSH_KEY} from_secret: ssh-host
passphrase: ${SSH_PASSPHRASE} key:
port: ${SSH_PORT} from_secret: ssh-key
port:
from_secret: ssh-port
script: script:
- rm -f env-squid - rm -f env-squid
- "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-squid # \"local-docker-registry\""
- "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-squid # \"registry-password\""
- "echo \"export SSH_HOST='$${SSH_HOST}'\" >> env-squid # \"ssh-host\""
- "echo \"export SSH_USER='$${SSH_USER}'\" >> env-squid # \"ssh-user\""
- "echo \"export SSH_PORT='$${SSH_PORT}'\" >> env-squid # \"ssh-port\""
- "echo \"export LOCAL_DOCKER_REGISTRY='$${LOCAL_DOCKER_REGISTRY}'\" >> env-squid # \"local-docker-registry\""
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\"" - "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\""
- "echo \"export CA_CRT='$${CA_CRT}'\" >> env-squid # \"ca-crt\"" - "echo \"export SSH_KEY='$${SSH_KEY}'\" >> env-squid # \"ssh-key\""
- "echo \"export LOCAL_DOMAIN='$${LOCAL_DOMAIN}'\" >> env-squid # \"local-domain\"" - "echo \"export REGISTRY_PASSWORD='$${REGISTRY_PASSWORD}'\" >> env-squid # \"registry-password\""
- "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\"" - "echo \"export CA_KEY='$${CA_KEY}'\" >> env-squid # \"ca-key\""
username: ${SSH_USER} username:
from_secret: ssh-user
environment: environment:
CA_CRT: CA_CRT:
from_secret: ca-crt from_secret: ca-crt
CA_KEY: CA_KEY:
from_secret: ca-key from_secret: ca-key
LOCAL_DOMAIN: LOCAL_DOCKER_REGISTRY:
from_secret: local-domain from_secret: local-docker-registry
REGISTRY_PASSWORD:
from_secret: registry-password
SSH_HOST:
from_secret: ssh-host
SSH_KEY:
from_secret: ssh-key
SSH_PORT:
from_secret: ssh-port
SSH_USER:
from_secret: ssh-user
- name: scp - name: scp
image: appleboy/drone-scp:1.6.2@sha256:bd37a55f4b97e7742b0de7333669b96220b3cc422d366e1fa8c34059b736ab47 image: appleboy/drone-scp:1.6.2
settings: settings:
command_timeout: 2m command_timeout: 2m
host: ${SSH_HOST} host:
key: ${SSH_KEY} from_secret: ssh-host
passphrase: ${SSH_PASSPHRASE} key:
port: ${SSH_PORT} from_secret: ssh-key
port:
from_secret: ssh-port
source: source:
- . - .
target: /stack/squid target: /stack/squid
username: ${SSH_USER} username:
from_secret: ssh-user
- name: wait - name: wait
image: alpine:3.12.0@sha256:90baa0922fe90624b05cb5766fa5da4e337921656c2f8e2b13bd3c052a0baac1 image: alpine
commands: commands:
- sleep 15 - sleep 15
- name: "dockerbuild:" - name: "dockerbuild:"
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f image: docker:dind
commands: commands:
- set -e - set -e
- sh .drone/login.sh - sh .drone/login.sh
@ -84,14 +95,16 @@ steps:
- sh .drone/push.sh - sh .drone/push.sh
- sh .drone/logout.sh - sh .drone/logout.sh
environment: environment:
CA_CRT: LOCAL_DOCKER_REGISTRY:
from_secret: ca-crt from_secret: local-docker-registry
REGISTRY_PASSWORD:
from_secret: registry-password
volumes: volumes:
- name: dockersock - name: dockersock
path: /var/run path: /var/run
- name: deploy - name: deploy
image: appleboy/drone-ssh:1.6.2@sha256:b801dc2cd238c192b6e99acfa7bc3f5b9a03f312bd2feb1e10b3a7a28a1b80ea image: appleboy/drone-ssh:1.6.2
settings: settings:
envs: envs:
- drone_tag - drone_tag
@ -99,44 +112,57 @@ steps:
- drone_build_number - drone_build_number
- drone_repo_name - drone_repo_name
- drone_repo_namespace - drone_repo_namespace
- domain - ssh_host
- registry_domain - ssh_user
- registry_port - ssh_port
- local_docker_registry
- ca_crt
- ssh_key
- registry_password - registry_password
- ca_crt
- local_domain
- ca_key - ca_key
- ca_crt host:
host: ${SSH_HOST} from_secret: ssh-host
key: ${SSH_KEY} key:
passphrase: ${SSH_PASSPHRASE} from_secret: ssh-key
port: ${SSH_PORT} port:
from_secret: ssh-port
script: script:
- export CA_KEY=$${CA_KEY} - export SSH_KEY=$${SSH_KEY}
- export CA_CRT=$${CA_CRT}
- export LOCAL_DOMAIN=$${LOCAL_DOMAIN}
- export CA_CRT=$${CA_CRT}
- export DOMAIN=$${DOMAIN}
- export REGISTRY_DOMAIN=$${REGISTRY_DOMAIN}
- export REGISTRY_PORT=$${REGISTRY_PORT}
- export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD} - export REGISTRY_PASSWORD=$${REGISTRY_PASSWORD}
- export CA_KEY=$${CA_KEY}
- export SSH_HOST=$${SSH_HOST}
- export SSH_USER=$${SSH_USER}
- export SSH_PORT=$${SSH_PORT}
- export LOCAL_DOCKER_REGISTRY=$${LOCAL_DOCKER_REGISTRY}
- export CA_CRT=$${CA_CRT}
- set -e - set -e
- cd /stack/squid - cd /stack/squid
- sh .drone/login.sh - sh .drone/login.sh
- sh .drone/pull.sh - sh .drone/pull.sh
- sh .drone/deploy.sh - sh .drone/deploy.sh
username: ${SSH_USER} username:
from_secret: ssh-user
environment: environment:
CA_CRT: CA_CRT:
from_secret: ca-crt from_secret: ca-crt
CA_KEY: CA_KEY:
from_secret: ca-key from_secret: ca-key
LOCAL_DOMAIN: LOCAL_DOCKER_REGISTRY:
from_secret: local-domain from_secret: local-docker-registry
REGISTRY_PASSWORD:
from_secret: registry-password
SSH_HOST:
from_secret: ssh-host
SSH_KEY:
from_secret: ssh-key
SSH_PORT:
from_secret: ssh-port
SSH_USER:
from_secret: ssh-user
services: services:
- name: docker - name: docker
image: docker:19.03.12-dind@sha256:8dded163e463f4a59bf305b3dca98e312b2cfb89a43da3872e48f95a7554c48f image: docker:dind
privileged: true privileged: true
volumes: volumes:
- name: dockersock - name: dockersock
@ -151,10 +177,4 @@ volumes:
host: host:
path: /etc/docker/certs.d path: /etc/docker/certs.d
trigger:
event:
- promote
target:
- production
... ...

5
.drone/lib/public-secrets.libsonnet
View File

@ -1,4 +1,7 @@
[ [
'ssh-host',
'ssh-user',
'ssh-port',
'local-docker-registry',
'ca-crt', 'ca-crt',
'local-domain'
] ]

2
.drone/lib/secret-secrets.libsonnet
View File

@ -1,3 +1,5 @@
[ [
'ssh-key',
'registry-password',
'ca-key', 'ca-key',
] ]

2
.drone/login.sh
View File

@ -1 +1 @@
docker login ${REGISTRY_DOMAIN}:${REGISTRY_PORT} --username client --password "${REGISTRY_PASSWORD}" docker login ${LOCAL_DOCKER_REGISTRY} --username client --password "${REGISTRY_PASSWORD}"

2
.drone/logout.sh
View File

@ -1 +1 @@
docker logout ${REGISTRY_DOMAIN}:${REGISTRY_PORT} docker logout ${LOCAL_DOCKER_REGISTRY}

2
.drone/package.json
View File

@ -4,6 +4,6 @@
"build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream" "build": "drone jsonnet --source drone-home.jsonnet --target drone-home.yml --stream"
}, },
"dependencies": { "dependencies": {
"@sigyl/jsonnet-drone": "^0.1.0" "@sigyl/jsonnet-drone": "^0.0.5"
} }
} }

2
.drone/pull.sh
View File

@ -1 +1 @@
docker pull ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind docker pull ${LOCAL_DOCKER_REGISTRY}docker-dind

2
.drone/push.sh
View File

@ -1 +1 @@
docker push ${REGISTRY_DOMAIN}:${REGISTRY_PORT}/docker-dind docker push ${LOCAL_DOCKER_REGISTRY}docker-dind

8
.drone/yarn.lock
View File

@ -12,10 +12,10 @@
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone-environment/-/jsonnet-drone-environment-0.0.5.tgz#9ea85e08904777bd21a3e4b30b0b91461d0285ff"
integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw== integrity sha512-xVGmdMO1pOyozAWUbJm6mzKBgsLPJ+1hWnGCK3AxPkr7kkDh18hu30+TLzlcQtqq76s5jUfvJUztezsGj/mIcw==
"@sigyl/jsonnet-drone@^0.1.0": "@sigyl/jsonnet-drone@^0.0.5":
version "0.1.0" version "0.0.5"
resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.1.0.tgz#feda1797e8e9ef799cad72e65f7163ca26a9e3a5" resolved "https://registry.yarnpkg.com/@sigyl/jsonnet-drone/-/jsonnet-drone-0.0.5.tgz#1017714cfcdb637d36faa4206b29fd4277bfb37f"
integrity sha512-QY/ngucxFOtLfL8Mt0f2bxN4fQDUOGOFtaRpSH2cNyg84xADkzehT0ORZtbLitr+AwhyF5KN/zAGvzkyNAoqPw== integrity sha512-6npYDgXWGblimBYDIRNeNZX20qZmuhQYhSj9hWucXm9i+IKIrxX/3B0gf9JDNXgbK4s4QY95WBrnimeAeMfddg==
dependencies: dependencies:
"@sigyl/jsonnet-compose" "^0.0.2" "@sigyl/jsonnet-compose" "^0.0.2"
"@sigyl/jsonnet-drone-environment" "0.0.5" "@sigyl/jsonnet-drone-environment" "0.0.5"

1
.gitignore vendored
View File

@ -1,3 +1,2 @@
node_modules node_modules
*.log *.log
.secrets

11
CHANGELOG.md
View File

@ -2,17 +2,6 @@
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
### [0.0.8](https://sigyl.com/git/stack/squid/compare/v0.0.7...v0.0.8) (2020-08-28)
### Bug Fixes
* no need for cd to myCA ([8135c9c](https://sigyl.com///commit/8135c9c88c18e864d5b2084d79523dc116cd356d))
* rename local_registry_password ([eb113d0](https://sigyl.com///commit/eb113d091d1c2ae1f35ad986d924f081d7f0e5cc))
* rename local-registry-password to registry-password ([2e09f39](https://sigyl.com///commit/2e09f39cdc99314e90f2f78ce02ff5e094fb0bd5))
* rm stack ([581abb7](https://sigyl.com///commit/581abb7746a33dbff8cf94668d8b49e8d89f1311))
* wrong folder! ([8233fe2](https://sigyl.com///commit/8233fe28be8e25a36d0ffaa1bba54e3314729333))
### [0.0.7](https://sigyl.com/git/stack/squid/compare/v0.0.6...v0.0.7) (2020-08-12) ### [0.0.7](https://sigyl.com/git/stack/squid/compare/v0.0.6...v0.0.7) (2020-08-12)

4
README.md
View File

@ -11,11 +11,11 @@ openssl genrsa -out CA_key.pem 2048
openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=UK/ST=Devon/L=Rose Ash/O=Google/OU=SiGyl/CN=Proxy-ca" openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=UK/ST=Devon/L=Rose Ash/O=Google/OU=SiGyl/CN=Proxy-ca"
``` ```
then set drone secrets ca-crt and ca-key to the created files then set secrets ca-crt and ca-key to the created files
## making dockerconfigjson ## making dockerconfigjson
the drone secret dockerconfigjson allows images to be pulled from the local docker repository the secret dockerconfigjson allows images to be pulled from the local docker repository
if you login to this repository with: if you login to this repository with:

2
docker-compose.yml
View File

@ -13,7 +13,7 @@ services:
- HTTP_PORT=3128 - HTTP_PORT=3128
- MITM_CERT=/run/secrets/ca.crt - MITM_CERT=/run/secrets/ca.crt
- MITM_KEY=/run/secrets/ca.key - MITM_KEY=/run/secrets/ca.key
- VISIBLE_HOSTNAME=$LOCAL_DOMAIN - VISIBLE_HOSTNAME=git.local-domain
- > - >
EXTRA_CONFIG1=tls_outgoing_options EXTRA_CONFIG1=tls_outgoing_options
capath=/etc/ssl/certs capath=/etc/ssl/certs

2
docker-dind/Dockerfile
View File

@ -1,3 +1,3 @@
FROM docker:18.06.0-dind FROM docker:18.06.0-dind
COPY ./CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt COPY CA_crt.crt /usr/local/share/ca-certificates/CA_crt.crt
RUN update-ca-certificates RUN update-ca-certificates

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"private": true, "private": true,
"version": "0.0.8", "version": "0.0.7",
"scripts": { "scripts": {
"release": "standard-version", "release": "standard-version",
"release:message": "standard-version --releaseCommitMessageFormat", "release:message": "standard-version --releaseCommitMessageFormat",

3
renovate.json Normal file
View File

@ -0,0 +1,3 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}