From e0c6c5bca269993175ecdfcc834fe0a7bacb09f7 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Thu, 1 Oct 2020 18:34:28 +0200
Subject: [PATCH] Working deployment w/ optional Git(hub|ea)

Re compose-stacks/organising#18
---
 .drone.yml         |  5 +++--
 .envrc.sample      | 19 +++++++++++++----
 compose.gitea.yml  | 15 +++++++++++++
 compose.github.yml | 14 ++++++++++++
 compose.yml        | 53 +++++++++++++++++++++++++++++-----------------
 drone.conf.tmpl    |  2 --
 drone.env.tmpl     |  7 ++++++
 7 files changed, 88 insertions(+), 27 deletions(-)
 create mode 100644 compose.gitea.yml
 create mode 100644 compose.github.yml
 delete mode 100644 drone.conf.tmpl
 create mode 100644 drone.env.tmpl

diff --git a/.drone.yml b/.drone.yml
index c7ca5fa..c54d68f 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -16,8 +16,9 @@ steps:
       STACK_NAME: drone
       LETS_ENCRYPT_ENV: production
       GITEA_DOMAIN: gitea.swarm-test.autonomic.zone
-      GITEA_CLIENT_ID: barfoo
-      GITEA_CLIENT_SECRET: foobar
+      GITEA_CLIENT_ID: drone-test
+      RPC_SECRET_VERSION: v1
+      DRONE_ENV_VERSION: v1
 trigger:
   branch:
     - master
diff --git a/.envrc.sample b/.envrc.sample
index 616310e..814ca57 100644
--- a/.envrc.sample
+++ b/.envrc.sample
@@ -1,9 +1,20 @@
 export SERVICE=drone
 export STACK_NAME=drone
 
-export DOMAIN=drone.autonomic.zone
+export DOMAIN=git.example.com
 export LETS_ENCRYPT_ENV=production
 
-# Gitea Single Sign On
-export GITEA_CLIENT_ID=barfoo
-export GITEA_CLIENT_SECRET=foobar
+export DRONE_ENV_VERSION=v1
+export RPC_SECRET_VERSION=v1
+
+## Required for any kind of Single Sign On
+#export CLIENT_SECRET_VERSION=v1
+
+## Gitea Single Sign On
+#export COMPOSE_FILE="compose.yml:compose.gitea.yml"
+#export GITEA_CLIENT_ID=your-client-id
+#export GITEA_DOMAIN=git.example.com
+
+## Github Single Sign On
+#export COMPOSE_FILE="compose.yml:compose.github.yml"
+#export GITHUB_CLIENT_ID=your-client-id
diff --git a/compose.gitea.yml b/compose.gitea.yml
new file mode 100644
index 0000000..791714b
--- /dev/null
+++ b/compose.gitea.yml
@@ -0,0 +1,15 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DRONE_GITEA_CLIENT_ID=${GITEA_CLIENT_ID}
+      - DRONE_GITEA_SERVER=https://${GITEA_DOMAIN}
+    secrets:
+      - client_secret
+
+secrets:
+  client_secret:
+    name: ${STACK_NAME}_client_secret_${CLIENT_SECRET_VERSION}
+    external: true
diff --git a/compose.github.yml b/compose.github.yml
new file mode 100644
index 0000000..51b6bc3
--- /dev/null
+++ b/compose.github.yml
@@ -0,0 +1,14 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - DRONE_GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
+    secrets:
+      - client_secret
+
+secrets:
+  client_secret:
+    name: ${STACK_NAME}_client_secret_${CLIENT_SECRET_VERSION}
+    external: true
diff --git a/compose.yml b/compose.yml
index 737c928..8079192 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,40 +2,55 @@
 version: "3.8"
 
 services:
-  drone:
+  app:
     image: "drone/drone:1.9.1"
-    command:
-      - "--env-file /data/drone.conf"
     volumes:
       - "data:/data"
     configs:
-      - source: drone_conf
-        target: /data/drone.conf
+      - source: drone_env
+        target: .env
     environment:
-      - DRONE_GITEA_CLIENT_ID: "${GITEA_CLIENT_ID}"
-      - DRONE_GITEA_SERVER: "https://${GITEA_DOMAIN}"
-      - DRONE_GIT_ALWAYS_AUTH: "true"
-      - DRONE_JSONNET_ENABLED: "true"
-      - DRONE_SERVER_HOST: "${DOMAIN}"
-      - DRONE_SERVER_PORT: ":${PORT:8042}"
-      - DRONE_SERVER_PROTO: "https"
+      - DRONE_GIT_ALWAYS_AUTH=true
+      - DRONE_JSONNET_ENABLED=true
+      - DRONE_SERVER_HOST=${DOMAIN}
+      - DRONE_SERVER_PORT=:${PORT:-8042}
+      - DRONE_SERVER_PROTO=https
+      - DRONE_USER_CREATE=username:admin,admin:true
     networks:
       - proxy
+    secrets:
+      - rpc_secret
+    healthcheck:
+      test: ["CMD", "wget", "-qO", "-", "http://localhost:8042/healthz"]
+      interval: 10s
+      timeout: 10s
+      retries: 10
+      start_period: 10s
     deploy:
       update_config:
         failure_action: rollback
+        order: start-first
       labels:
         - "traefik.enable=true"
         - "traefik.http.routers.drone.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.drone.entrypoints=web-secure"
-        - "traefik.http.services.drone.loadbalancer.server.port=${PORT:8042}"
+        - "traefik.http.services.drone.loadbalancer.server.port=${PORT:-8042}"
         - "traefik.http.routers.drone.tls.certresolver=${LETS_ENCRYPT_ENV}"
 
-configs:
-  drone_conf:
-    name: ${STACK_NAME}_drone_conf_${DRONE_CONF_VERSION}
-    file: drone.conf.tmpl
-    template_driver: golang
-
 volumes:
   data:
+
+configs:
+  drone_env:
+    name: ${STACK_NAME}_drone_env_${DRONE_ENV_VERSION}
+    file: drone.env.tmpl
+    template_driver: golang
+
+secrets:
+  rpc_secret:
+    name: ${STACK_NAME}_rpc_secret_${RPC_SECRET_VERSION}
+    external: true
+
+networks:
+  proxy:
+    external: true
diff --git a/drone.conf.tmpl b/drone.conf.tmpl
deleted file mode 100644
index 0c05b22..0000000
--- a/drone.conf.tmpl
+++ /dev/null
@@ -1,2 +0,0 @@
-DRONE_GITEA_CLIENT_SECRET={{ secret "client_secret" }}
-DRONE_RPC_SECRET={{ secret "rpc_secret" }}
diff --git a/drone.env.tmpl b/drone.env.tmpl
new file mode 100644
index 0000000..97a86cd
--- /dev/null
+++ b/drone.env.tmpl
@@ -0,0 +1,7 @@
+DRONE_RPC_SECRET={{ secret "rpc_secret" }}
+{{ if (env "DRONE_GITEA_CLIENT_ID") }}
+DRONE_GITEA_CLIENT_SECRET={{ secret "client_secret" }}
+{{ end }}
+{{ if (env "DRONE_GITHUB_CLIENT_ID") }}
+DRONE_GITHUB_CLIENT_SECRET={{ secret "client_secret" }}
+{{ end }}