---
kind: pipeline
type: docker
name: build

platform:
  os: linux
  arch: amd64

steps:
- name: scp
  image: appleboy/drone-scp
  settings:
    command_timeout: 2m
    host:
      from_secret: ssh-host
    password:
      from_secret: ssh-password
    port:
      from_secret: ssh-port
    source:
    - .
    target: /stack/squid
    username:
      from_secret: ssh-user

- name: wait
  image: alpine
  commands:
  - sleep 15

- name: will print ssh-host again
  image: appleboy/drone-ssh
  settings:
    envs:
    - drone_tag
    - drone_commit
    - drone_build_number
    - drone_repo_name
    - drone_repo_namespace
    - ssh_host
    - ssh_user
    - ssh_root_user
    host:
      from_secret: ssh-host
    password:
      from_secret: ssh-password
    port:
      from_secret: ssh-port
    script:
    - rm afile
    - "echo \"export SSH_HOST='$${SSH_HOST}'\" >> afile # \"ssh-host\""
    - "echo \"export SSH_USER='$${SSH_USER}'\" >> afile # \"ssh-user\""
    - "echo \"export SSH_ROOT_USER='$${SSH_ROOT_USER}'\" >> afile # \"ssh-root-user\""
    username:
      from_secret: ssh-user
  environment:
    SSH_HOST:
      from_secret: ssh-host
    SSH_ROOT_USER:
      from_secret: ssh-root-user
    SSH_USER:
      from_secret: ssh-user

- name: deploy squid
  image: appleboy/drone-ssh
  settings:
    envs:
    - drone_tag
    - drone_commit
    - drone_build_number
    - drone_repo_name
    - drone_repo_namespace
    - ssh_host
    - ssh_user
    - ssh_root_user
    - ssh_password
    host:
      from_secret: ssh-host
    password:
      from_secret: ssh-password
    port:
      from_secret: ssh-port
    script:
    - set -e
    - docker network prune -f
    - cd /stack/squid/myCA
    - openssl genrsa -out CA_key.pem 2048
    - openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf    -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"
    - cd ..
    - docker stack rm squid
    - sleep 30
    - docker stack deploy -c docker-compose.yml squid
    - export SSH_HOST="$${SSH_HOST}"
    - echo "$${SSH_HOST}"
    - export SSH_USER="$${SSH_USER}"
    - echo "$${SSH_USER}"
    - export SSH_ROOT_USER="$${SSH_ROOT_USER}"
    - echo "$${SSH_ROOT_USER}"
    - export SSH_PASSWORD="$${SSH_PASSWORD}"
    - echo "$${SSH_PASSWORD}"
    username:
      from_secret: ssh-user
  environment:
    SSH_HOST:
      from_secret: ssh-host
    SSH_PASSWORD:
      from_secret: ssh-password
    SSH_ROOT_USER:
      from_secret: ssh-root-user
    SSH_USER:
      from_secret: ssh-user

services:
- name: docker
  image: docker:dind
  privileged: true
  volumes:
  - name: dockersock
    path: /var/run
  - name: ca
    path: /etc/docker/certs.d

volumes:
- name: dockersock
  temp: {}
- name: ca
  host:
    path: /etc/docker/certs.d

...