Browse Source

Working deployment w/ optional Git(hub|ea)

Re compose-stacks/organising#18
pull/4/head
3wc 7 months ago
parent
commit
e0c6c5bca2
7 changed files with 87 additions and 26 deletions
  1. +3
    -2
      .drone.yml
  2. +15
    -4
      .envrc.sample
  3. +15
    -0
      compose.gitea.yml
  4. +14
    -0
      compose.github.yml
  5. +33
    -18
      compose.yml
  6. +0
    -2
      drone.conf.tmpl
  7. +7
    -0
      drone.env.tmpl

+ 3
- 2
.drone.yml View File

@ -16,8 +16,9 @@ steps:
STACK_NAME: drone
LETS_ENCRYPT_ENV: production
GITEA_DOMAIN: gitea.swarm-test.autonomic.zone
GITEA_CLIENT_ID: barfoo
GITEA_CLIENT_SECRET: foobar
GITEA_CLIENT_ID: drone-test
RPC_SECRET_VERSION: v1
DRONE_ENV_VERSION: v1
trigger:
branch:
- master

+ 15
- 4
.envrc.sample View File

@ -1,9 +1,20 @@
export SERVICE=drone
export STACK_NAME=drone
export DOMAIN=drone.autonomic.zone
export DOMAIN=git.example.com
export LETS_ENCRYPT_ENV=production
# Gitea Single Sign On
export GITEA_CLIENT_ID=barfoo
export GITEA_CLIENT_SECRET=foobar
export DRONE_ENV_VERSION=v1
export RPC_SECRET_VERSION=v1
## Required for any kind of Single Sign On
#export CLIENT_SECRET_VERSION=v1
## Gitea Single Sign On
#export COMPOSE_FILE="compose.yml:compose.gitea.yml"
#export GITEA_CLIENT_ID=your-client-id
#export GITEA_DOMAIN=git.example.com
## Github Single Sign On
#export COMPOSE_FILE="compose.yml:compose.github.yml"
#export GITHUB_CLIENT_ID=your-client-id

+ 15
- 0
compose.gitea.yml View File

@ -0,0 +1,15 @@
---
version: "3.8"
services:
app:
environment:
- DRONE_GITEA_CLIENT_ID=${GITEA_CLIENT_ID}
- DRONE_GITEA_SERVER=https://${GITEA_DOMAIN}
secrets:
- client_secret
secrets:
client_secret:
name: ${STACK_NAME}_client_secret_${CLIENT_SECRET_VERSION}
external: true

+ 14
- 0
compose.github.yml View File

@ -0,0 +1,14 @@
---
version: "3.8"
services:
app:
environment:
- DRONE_GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
secrets:
- client_secret
secrets:
client_secret:
name: ${STACK_NAME}_client_secret_${CLIENT_SECRET_VERSION}
external: true

+ 33
- 18
compose.yml View File

@ -2,40 +2,55 @@
version: "3.8"
services:
drone:
app:
image: "drone/drone:1.9.1"
command:
- "--env-file /data/drone.conf"
volumes:
- "data:/data"
configs:
- source: drone_conf
target: /data/drone.conf
- source: drone_env
target: .env
environment:
- DRONE_GITEA_CLIENT_ID: "${GITEA_CLIENT_ID}"
- DRONE_GITEA_SERVER: "https://${GITEA_DOMAIN}"
- DRONE_GIT_ALWAYS_AUTH: "true"
- DRONE_JSONNET_ENABLED: "true"
- DRONE_SERVER_HOST: "${DOMAIN}"
- DRONE_SERVER_PORT: ":${PORT:8042}"
- DRONE_SERVER_PROTO: "https"
- DRONE_GIT_ALWAYS_AUTH=true
- DRONE_JSONNET_ENABLED=true
- DRONE_SERVER_HOST=${DOMAIN}
- DRONE_SERVER_PORT=:${PORT:-8042}
- DRONE_SERVER_PROTO=https
- DRONE_USER_CREATE=username:admin,admin:true
networks:
- proxy
secrets:
- rpc_secret
healthcheck:
test: ["CMD", "wget", "-qO", "-", "http://localhost:8042/healthz"]
interval: 10s
timeout: 10s
retries: 10
start_period: 10s
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.routers.drone.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.drone.entrypoints=web-secure"
- "traefik.http.services.drone.loadbalancer.server.port=${PORT:8042}"
- "traefik.http.services.drone.loadbalancer.server.port=${PORT:-8042}"
- "traefik.http.routers.drone.tls.certresolver=${LETS_ENCRYPT_ENV}"
volumes:
data:
configs:
drone_conf:
name: ${STACK_NAME}_drone_conf_${DRONE_CONF_VERSION}
file: drone.conf.tmpl
drone_env:
name: ${STACK_NAME}_drone_env_${DRONE_ENV_VERSION}
file: drone.env.tmpl
template_driver: golang
volumes:
data:
secrets:
rpc_secret:
name: ${STACK_NAME}_rpc_secret_${RPC_SECRET_VERSION}
external: true
networks:
proxy:
external: true

+ 0
- 2
drone.conf.tmpl View File

@ -1,2 +0,0 @@
DRONE_GITEA_CLIENT_SECRET={{ secret "client_secret" }}
DRONE_RPC_SECRET={{ secret "rpc_secret" }}

+ 7
- 0
drone.env.tmpl View File

@ -0,0 +1,7 @@
DRONE_RPC_SECRET={{ secret "rpc_secret" }}
{{ if (env "DRONE_GITEA_CLIENT_ID") }}
DRONE_GITEA_CLIENT_SECRET={{ secret "client_secret" }}
{{ end }}
{{ if (env "DRONE_GITHUB_CLIENT_ID") }}
DRONE_GITHUB_CLIENT_SECRET={{ secret "client_secret" }}
{{ end }}

Loading…
Cancel
Save