Migrate to drone.conf for secrets
This commit is contained in:
parent
330e21b492
commit
3979f23cae
20
compose.yml
20
compose.yml
|
@ -1,23 +1,23 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
# Note(decentral1se): outstanding tickets for swarm integration
|
||||
# https://discourse.drone.io/t/can-drone-drone-image-support-file-for-env-var-secrets/7522
|
||||
|
||||
services:
|
||||
drone:
|
||||
image: "drone/drone:1.8.0"
|
||||
command:
|
||||
- "--env-file /data/drone.conf"
|
||||
volumes:
|
||||
- "data:/data"
|
||||
configs:
|
||||
- source: drone_conf
|
||||
target: /data/drone.conf
|
||||
environment:
|
||||
- DRONE_GITEA_CLIENT_ID: "${GITEA_CLIENT_ID}"
|
||||
- DRONE_GITEA_CLIENT_SECRET: "${GITEA_CLIENT_SECRET}"
|
||||
- DRONE_GITEA_SERVER: "https://${GITEA_DOMAIN}"
|
||||
- DRONE_GIT_ALWAYS_AUTH: "true"
|
||||
- DRONE_JSONNET_ENABLED: "true"
|
||||
- DRONE_RPC_SECRET: "${RPC_SECRET}"
|
||||
- DRONE_SERVER_HOST: "${DOMAIN}"
|
||||
- DRONE_SERVER_PORT: ":8042"
|
||||
- DRONE_SERVER_PORT: ":${PORT:8042}"
|
||||
- DRONE_SERVER_PROTO: "https"
|
||||
networks:
|
||||
- proxy
|
||||
|
@ -28,8 +28,14 @@ services:
|
|||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.drone.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.drone.entrypoints=web-secure"
|
||||
- "traefik.http.services.drone.loadbalancer.server.port=8042"
|
||||
- "traefik.http.services.drone.loadbalancer.server.port=${PORT:8042}"
|
||||
- "traefik.http.routers.drone.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
|
||||
configs:
|
||||
drone_conf:
|
||||
name: ${STACK_NAME}_drone_conf_${DRONE_CONF_VERSION}
|
||||
file: drone.conf.tmpl
|
||||
template_driver: golang
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
DRONE_GITEA_CLIENT_SECRET={{ secret "client_secret" }}
|
||||
DRONE_RPC_SECRET={{ secret "rpc_secret" }}
|
Reference in New Issue