154 lines
4.3 KiB
Plaintext
154 lines
4.3 KiB
Plaintext
local images = import 'lib/images.libsonnet';
|
|
local environment = import 'node_modules/@sigyl/jsonnet-drone-environment/environment.libsonnet';
|
|
local compose = import 'node_modules/@sigyl/jsonnet-compose/compose.libsonnet';
|
|
local secretSecrets = import 'lib/secret-secrets.libsonnet';
|
|
local publicSecrets = import 'lib/public-secrets.libsonnet';
|
|
local util = import 'lib/util.libsonnet';
|
|
[
|
|
{
|
|
kind: 'pipeline',
|
|
type: 'docker',
|
|
name: 'build',
|
|
clone: {
|
|
disable: false,
|
|
depth: 0,
|
|
},
|
|
/*trigger: {
|
|
event: [
|
|
'tag',
|
|
],
|
|
},*/
|
|
services: [
|
|
images.docker {
|
|
privileged: true,
|
|
volumes: [
|
|
{
|
|
name: 'dockersock',
|
|
path: '/var/run',
|
|
},
|
|
{
|
|
name: 'ca',
|
|
path: '/etc/docker/certs.d',
|
|
},
|
|
],
|
|
},
|
|
],
|
|
volumes: [
|
|
{
|
|
name: 'dockersock',
|
|
temp: {},
|
|
},
|
|
{
|
|
name: 'ca',
|
|
host: {
|
|
path: '/etc/docker/certs.d',
|
|
},
|
|
},
|
|
],
|
|
steps:[
|
|
compose(
|
|
std.map(
|
|
function(secret) util.printEnv('env-squid', secret),
|
|
publicSecrets,
|
|
)
|
|
)
|
|
(
|
|
images.ssh {
|
|
settings +: {
|
|
script: [
|
|
'rm -f env-squid',
|
|
],
|
|
},
|
|
},
|
|
) {
|
|
name: 'print env',
|
|
},
|
|
images.scp(
|
|
'/stack/squid'
|
|
),
|
|
images.wait(15),
|
|
images.docker {
|
|
name +: 'build docker:dind image:',
|
|
environment +: environment.environmentSecrets([
|
|
'LOCAL_DOCKER_REGISTRY',
|
|
'LOCAL_REGISTRY_PASSWORD',
|
|
'CA_CRT'
|
|
]),
|
|
volumes: [
|
|
{
|
|
name: 'dockersock',
|
|
path: '/var/run',
|
|
},
|
|
],
|
|
commands: [
|
|
'set -e',
|
|
'sleep 15',
|
|
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"',
|
|
'cd docker-dind',
|
|
'cat "$${CA_CRT}" > CA_crt.crt',
|
|
'docker build . -t $${LOCAL_DOCKER_REGISTRY}docker:dind',
|
|
'docker push $${LOCAL_DOCKER_REGISTRY}docker:dind',
|
|
'docker logout $${LOCAL_DOCKER_REGISTRY}',
|
|
],
|
|
}, /*
|
|
images.docker {
|
|
name +: 'build docker image:',
|
|
environment +: environment.environmentSecrets([
|
|
'LOCAL_DOCKER_REGISTRY',
|
|
'LOCAL_REGISTRY_PASSWORD',
|
|
]),
|
|
volumes: [
|
|
{
|
|
name: 'dockersock',
|
|
path: '/var/run',
|
|
},
|
|
],
|
|
commands: [
|
|
'set -e',
|
|
'pwd',
|
|
'sleep 15',
|
|
'cd docker',
|
|
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"',
|
|
'docker build . -t $${LOCAL_DOCKER_REGISTRY}squid',
|
|
'docker push $${LOCAL_DOCKER_REGISTRY}squid',
|
|
'docker logout $${LOCAL_DOCKER_REGISTRY}',
|
|
],
|
|
} */
|
|
compose([
|
|
environment.envSet('local-docker-registry'),
|
|
environment.envSet('local-registry-password'),
|
|
environment.envSet('ca-crt'),
|
|
environment.envSet('ca-key'),
|
|
])(
|
|
images.ssh {
|
|
name: 'deploy squid',
|
|
settings +: {
|
|
script +: [
|
|
'rm -f -R /stack/squid/.secrets',
|
|
'mkdir -p /stack/squid/.secrets',
|
|
'echo "$${CA_CRT}" > /stack/squid/.secrets/ca.crt',
|
|
'echo "$${CA_KEY}" > /stack/squid/.secrets/ca.key',
|
|
'set -e',
|
|
//"docker network prune -f",
|
|
"cd /stack/squid/myCA",
|
|
//'openssl genrsa -out CA_key.pem 2048',
|
|
//'openssl req -x509 -days 600 -new -nodes -key CA_key.pem -out CA_crt.pem -extensions v3_ca -config openssl.cnf -subj "/C=US/ST=California/L=Mountain View/O=Google/OU=Enterprise/CN=MyCA"',
|
|
'cd ..',
|
|
//"docker stack rm squid",
|
|
//"sleep 60",
|
|
// "docker volume rm squid_squid-cache",
|
|
'export SQUID_IMAGE=$${LOCAL_DOCKER_REGISTRY}squid',
|
|
'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${LOCAL_REGISTRY_PASSWORD}"',
|
|
'docker pull $${SQUID_IMAGE}',
|
|
"docker stack deploy -c docker-compose.yml squid",
|
|
]
|
|
}
|
|
},
|
|
),
|
|
],
|
|
image_pull_secrets: [
|
|
'dockerconfigjson'
|
|
]
|
|
}
|
|
]
|