local images = import 'lib/images.libsonnet'; local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet'; local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet'; local secretSecrets = import 'lib/secret-secrets.libsonnet'; local publicSecrets = import 'lib/public-secrets.libsonnet'; local util = import 'lib/util.libsonnet'; [ { kind: 'pipeline', type: 'docker', name: 'build', clone: { disable: false, depth: 0, }, /*trigger: { event: [ 'tag', ], },*/ services: [ images.docker { privileged: true, volumes: [ { name: 'dockersock', path: '/var/run', }, { name: 'ca', path: '/etc/docker/certs.d', }, ], }, ], volumes: [ { name: 'dockersock', temp: {}, }, { name: 'ca', host: { path: '/etc/docker/certs.d', }, }, ], steps:[ compose( std.map( function(secret) util.printEnv('env-squid', secret), publicSecrets, ) ) ( images.ssh { settings +: { script: [ 'rm -f env-squid', ], }, }, ) { name: 'print env', }, images.scp( '/stack/squid' ), images.wait(15), images.docker { name +: 'build docker:dind image:', environment +: environment.environmentSecrets([ 'LOCAL_DOCKER_REGISTRY', 'LOCAL_REGISTRY_PASSWORD', 'CA_CRT' ]), volumes: [ { name: 'dockersock', path: '/var/run', }, ], commands: [ 'set -e', 'sleep 15', 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"', 'cd docker-dind', 'echo "$${CA_CRT}" > CA_crt.crt', 'docker build . -t $${LOCAL_DOCKER_REGISTRY}docker:dind1', 'docker push $${LOCAL_DOCKER_REGISTRY}docker:dind1', 'docker logout $${LOCAL_DOCKER_REGISTRY}', ], }, /* images.docker { name +: 'build docker image:', environment +: environment.environmentSecrets([ 'LOCAL_DOCKER_REGISTRY', 'LOCAL_REGISTRY_PASSWORD', ]), volumes: [ { name: 'dockersock', path: '/var/run', }, ], commands: [ 'set -e', 'pwd', 'sleep 15', 'cd docker', 'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"', 'docker build . -t $${LOCAL_DOCKER_REGISTRY}squid', 'docker push $${LOCAL_DOCKER_REGISTRY}squid', 'docker logout $${LOCAL_DOCKER_REGISTRY}', ], } */ compose([ environment.envSet('local-docker-registry'), environment.envSet('local-registry-password'), environment.envSet('ca-crt'), environment.envSet('ca-key'), ])( images.ssh { name: 'deploy squid', settings +: { script +: [ 'rm -f -R /stack/squid/.secrets', 'mkdir -p /stack/squid/.secrets', 'echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt', 'echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key', 'set -e', //"docker network prune -f", "cd /stack/squid/myCA", //'openssl genrsa -out CA_key.pem 2048', //'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"', 'cd ..', //"docker stack rm squid", //"sleep 60", // "docker volume rm squid_squid-cache", "docker stack deploy -c docker-compose.yml squid", ] } }, ), ], image_pull_secrets: [ 'dockerconfigjson' ] } ]