squid/.drone/drone-home.jsonnet

151 lines
4.1 KiB
Plaintext

local images = import 'lib/images.libsonnet';
local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet';
local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet';
local secretSecrets = import 'lib/secret-secrets.libsonnet';
local publicSecrets = import 'lib/public-secrets.libsonnet';
local util = import 'lib/util.libsonnet';
[
{
kind: 'pipeline',
type: 'docker',
name: 'build',
clone: {
disable: false,
depth: 0,
},
/*trigger: {
event: [
'tag',
],
},*/
services: [
images.docker {
privileged: true,
volumes: [
{
name: 'dockersock',
path: '/var/run',
},
{
name: 'ca',
path: '/etc/docker/certs.d',
},
],
},
],
volumes: [
{
name: 'dockersock',
temp: {},
},
{
name: 'ca',
host: {
path: '/etc/docker/certs.d',
},
},
],
steps:[
compose(
std.map(
function(secret) util.printEnv('env-squid', secret),
publicSecrets,
)
)
(
images.ssh {
settings +: {
script: [
'rm -f env-squid',
],
},
},
) {
name: 'print env',
},
images.scp(
'/stack/squid'
),
images.wait(15),
images.docker {
name +: 'build docker:dind image:',
environment +: environment.environmentSecrets([
'LOCAL_DOCKER_REGISTRY',
'LOCAL_REGISTRY_PASSWORD',
'CA_CRT'
]),
volumes: [
{
name: 'dockersock',
path: '/var/run',
},
],
commands: [
'set -e',
'sleep 15',
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"',
'cd docker-dind',
'echo "$${CA_CRT}" > CA_crt.crt',
'docker build . -t $${LOCAL_DOCKER_REGISTRY}docker:dind1',
'docker push $${LOCAL_DOCKER_REGISTRY}docker:dind1',
'docker logout $${LOCAL_DOCKER_REGISTRY}',
],
}, /*
images.docker {
name +: 'build docker image:',
environment +: environment.environmentSecrets([
'LOCAL_DOCKER_REGISTRY',
'LOCAL_REGISTRY_PASSWORD',
]),
volumes: [
{
name: 'dockersock',
path: '/var/run',
},
],
commands: [
'set -e',
'pwd',
'sleep 15',
'cd docker',
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"',
'docker build . -t $${LOCAL_DOCKER_REGISTRY}squid',
'docker push $${LOCAL_DOCKER_REGISTRY}squid',
'docker logout $${LOCAL_DOCKER_REGISTRY}',
],
} */
compose([
environment.envSet('local-docker-registry'),
environment.envSet('local-registry-password'),
environment.envSet('ca-crt'),
environment.envSet('ca-key'),
])(
images.ssh {
name: 'deploy squid',
settings +: {
script +: [
'rm -f -R /stack/squid/.secrets',
'mkdir -p /stack/squid/.secrets',
'echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt',
'echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key',
'set -e',
//"docker network prune -f",
"cd /stack/squid/myCA",
//'openssl genrsa -out CA_key.pem 2048',
//'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"',
'cd ..',
//"docker stack rm squid",
//"sleep 60",
// "docker volume rm squid_squid-cache",
"docker stack deploy -c docker-compose.yml squid",
]
}
},
),
],
image_pull_secrets: [
'dockerconfigjson'
]
}
]