local images = import 'lib/images.libsonnet'; local util = import 'lib/util.libsonnet'; local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; [ { kind: 'pipeline', type: 'docker', name: 'build', clone: { disable: false, depth: 0, }, services: [ images.docker { privileged: true, volumes: [ { name: 'dockersock', path: '/var/run', }, { name: 'ca', path: '/etc/docker/certs.d', }, ], }, ], volumes: [ { name: 'dockersock', temp: {}, }, { name: 'ca', host: { path: '/etc/docker/certs.d', }, }, ], steps:[ images.scp( '/stack/squid' ), images.wait(15), compose( std.map( function(s) util.envSet(s), publicSecrets + secretSecrets ) + std.map( function(s) function(step) step { settings +: { script +: [ 'export %(env)s="$${%(env)s}"' % { env: util.environment(s), }, 'echo "$${%s}"' % util.environment(s), ], }, }, publicSecrets + secretSecrets ) ) ( images.ssh { name: 'deploy squid', settings +: { //username: util.fromSecret("ssh-root-user"), //password: util.fromSecret("ssh-root-password"), script +: [ 'set -e', "docker network prune -f", "cd /stack/squid/myCA", 'openssl genrsa -out CA_key.pem 2048', 'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"', 'cd ..', "docker stack rm squid", "sleep 30", "docker stack deploy -c docker-compose.yml squid", ] } } ), ], } ]