Migrating to swarm

pull/4/head
Luke Murphy 3 years ago
parent d08e6b8fb0
commit 1f90a3ba7b
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
  1. 23
      .drone.yml
  2. 2
      .envrc.sample
  3. 5
      CHECKS
  4. 5
      Dockerfile
  5. 6
      README.md
  6. 55
      compose.yml
  7. 21
      deploy.d/config.yml
  8. 8
      deploy.d/plays/predeploy.yml
  9. 9
      deploy.d/vault/gitea_client_id.yml
  10. 9
      deploy.d/vault/gitea_client_secret.yml
  11. 9
      deploy.d/vault/rpc_secret.yml
  12. 2
      env.tmpl

@ -1,16 +1,21 @@
---
kind: pipeline
name: default
name: deploy to swarm.autonomic.zone
steps:
- name: Deploy Drone with Dokku
image: appleboy/drone-git-push:0.2.0-linux-amd64
- name: deployment
image: decentral1se/drone-stack:19.03.8
settings:
remote: ssh://dokku@dokku.autonomic.zone:222/drone
ssh_key:
from_secret: drone_deploy_key
compose: compose.yml
host: tcp://swarm.autonomic.zone:2376
stack_name: drone
tlsverify: true
environment:
PLUGIN_CACERT:
from_secret: docker_cacert
PLUGIN_CERT:
from_secret: docker_cert
PLUGIN_KEY:
from_secret: docker_key
trigger:
branch:
- master
event:
exclude:
- pull_request

@ -1,2 +0,0 @@
# The path to our pass credentials store
export PASSWORD_STORE_DIR=$(pwd)/../infrastructure/credentials/password-store

@ -1,5 +0,0 @@
WAIT=3
TIMEOUT=3
ATTEMPTS=5
/healthz OK

@ -1,5 +0,0 @@
FROM drone/drone:1
EXPOSE 8042
COPY . ${WORKDIR}

@ -1,7 +1,5 @@
# drone
# drone.autonomic.zone
[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/drone/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/drone)
> https://drone.io/
[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/drone.autonomic.zone/status.svg)](https://drone.autonomic.zone/autonomic-cooperative/drone.autonomic.zone)
> https://drone.autonomic.zone

@ -0,0 +1,55 @@
---
version: "3.8"
services:
drone:
image: "drone/drone:1.8.0"
volumes:
- "data:/data"
configs:
- source: drone_env
target: .env
secrets:
- client_secret
- rpc_secret
environment:
- DRONE_GITEA_CLIENT_ID=5c32ee8c-b4dc-4240-ae68-1ca0562a31fb
- DRONE_GITEA_SERVER=https://git.autonomic.zone
- DRONE_GIT_ALWAYS_AUTH=true
- DRONE_JSONNET_ENABLED=true
- DRONE_SERVER_HOST=drone.autonomic.zone
- DRONE_SERVER_PORT=:8042
- DRONE_SERVER_PROTO=https
networks:
- proxy
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.routers.drone.rule=Host(`drone.autonomic.zone`)"
- "traefik.http.routers.drone.entrypoints=web-secure"
- "traefik.http.services.drone.loadbalancer.server.port=8042"
- "traefik.http.routers.drone.tls.certresolver=production"
networks:
proxy:
external: true
configs:
drone_env:
name: drone_env_v1
file: env.tmpl
template_driver: golang
secrets:
client_secret:
name: drone_client_secret_v1
external: true
rpc_secret:
name: drone_rpc_secret_v1
external: true
volumes:
data:

@ -1,21 +0,0 @@
---
vars:
port: "8042"
domain: "drone.autonomic.zone"
volumes:
- /var/lib/drone:/data
- /var/run/docker.sock:/var/run/docker.sock
env:
DOKKU_LETSENCRYPT_EMAIL: "helo@autonomic.zone"
DRONE_GITEA_CLIENT_ID: "{{ vault.gitea_client_id }}"
DRONE_GITEA_CLIENT_SECRET: "{{ vault.gitea_client_secret }}"
DRONE_GITEA_SERVER: "https://git.autonomic.zone"
DRONE_GIT_ALWAYS_AUTH: "true"
DRONE_JSONNET_ENABLED: "true"
DRONE_RPC_SECRET: "{{ vault.rpc_secret }}"
DRONE_SERVER_HOST: "drone.autonomic.zone"
DRONE_SERVER_PORT: ":{{ vars.port }}"
DRONE_SERVER_PROTO: "https"
DRONE_USER_FILTER: "autonomic-cooperative"

@ -1,8 +0,0 @@
---
- name: Create drone application directories
become: true
file:
path: /var/lib/drone
owner: dokku
group: dokku
state: directory

@ -1,9 +0,0 @@
---
gitea_client_id: !vault |-
$ANSIBLE_VAULT;1.1;AES256
35306138376630383861373735356235616162353539616430613338363861353066376364383839
3235343831306665306233633961666561363534626462650a393130633763353533366165626239
37363839356532353161616266316438663535663131653638616634326634363731663064346530
6234343661343061360a306365363365383636353664323134373638356566633133303362303536
37333665303863313065363435313437643663316532383832366236636332636431643332336333
6632633238383535326331333633333634346431313363633533

@ -1,9 +0,0 @@
---
gitea_client_secret: !vault |-
$ANSIBLE_VAULT;1.1;AES256
37646236326330393131373965643265306530306266663662663333323435396266333334656535
3735383234663062336433643131656534333566396230620a623064323464613966643539343838
36366432323732373138373337663339323534376464393738383064353262313238323630633365
3839376337333264340a616265623136646532373966656438626263353766333861356462613963
65303136373037663437316339656537613963383661373435313037643265336161393130393137
3334393831346432333236303231353865323563313564656564

@ -1,9 +0,0 @@
---
rpc_secret: !vault |-
$ANSIBLE_VAULT;1.1;AES256
33633762646539383562636465313530313462343539623138653637383163663733623564353238
6239363339346638646333346263616136633565346166610a623632363639323634373133613862
63643666353766393032346166636566393332613761633239353238646266633230316133636661
6233376133313561380a333431353461613235613762313533636162313033303533623935616165
35366565393265353137353736376563613262313064343935373630643466336361333738353537
3563376134313361336330316162393564653630623238383832

@ -0,0 +1,2 @@
DRONE_GITEA_CLIENT_SECRET={{ secret "client_secret" }}
DRONE_RPC_SECRET={{ secret "rpc_secret" }}