Add generate_secrets functionality
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
29898dda53
commit
a8042ded33
14
README.md
14
README.md
|
@ -8,17 +8,23 @@ This is meant to be used as a [Drone plugin](http://plugins.drone.io/).
|
||||||
|
|
||||||
## Settings
|
## Settings
|
||||||
|
|
||||||
### With defaults
|
### Required (no default)
|
||||||
|
|
||||||
|
- **deploy_key**: SSH private key part for ssh public key authentication
|
||||||
|
- **stack**: Name of the stack to be deployed
|
||||||
|
|
||||||
|
### Optional (with defaults)
|
||||||
|
|
||||||
- **compose** (default: `compose.yml`): compose file to use for deploying
|
- **compose** (default: `compose.yml`): compose file to use for deploying
|
||||||
- **host** (default: `swarm.autonomic.zone`): Host to deploy to (don't include `ssh://`)
|
- **host** (default: `swarm.autonomic.zone`): Host to deploy to (don't include `ssh://`)
|
||||||
- **port** (default: `222`): SSH port to connect to
|
- **port** (default: `222`): SSH port to connect to
|
||||||
- **user** (default: `drone`): System user to connect via SSH with
|
- **user** (default: `drone`): System user to connect via SSH with
|
||||||
|
|
||||||
### Without defaults
|
### Dangerous options, unwise outside CI
|
||||||
|
|
||||||
- **deploy_key**: SSH private key part for ssh public key authentication
|
- **generate_secrets** (default: no): randomly set all `secrets:` found in the
|
||||||
- **stack**: Name of the stack to be deployed
|
compose file -- you won't be able to retrieve them afterwards, so you almost
|
||||||
|
certainly don't want this for real deployments.
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
|
|
15
plugin.sh
15
plugin.sh
|
@ -7,6 +7,16 @@ PLUGIN_HOST=${PLUGIN_HOST:-swarm.autonomic.zone}
|
||||||
PLUGIN_PORT=${PLUGIN_PORT:-222}
|
PLUGIN_PORT=${PLUGIN_PORT:-222}
|
||||||
PLUGIN_USER=${PLUGIN_USER:-drone}
|
PLUGIN_USER=${PLUGIN_USER:-drone}
|
||||||
|
|
||||||
|
generate_secrets() {
|
||||||
|
echo "--- start secrets ---"
|
||||||
|
for SECRET in $(docker run --rm -v "${PWD}":/workdir mikefarah/yq yq r "$PLUGIN_COMPOSE" 'secrets.*.name'); do
|
||||||
|
eval "echo \"generating $SECRET\""
|
||||||
|
PW=$(</dev/urandom tr -dc 'A-Za-z0-9' | head -c 40; echo)
|
||||||
|
eval "echo \"$PW\" | docker secret create \"$SECRET\" -";
|
||||||
|
done
|
||||||
|
echo "--- end secrets ---"
|
||||||
|
}
|
||||||
|
|
||||||
load_deploy_key() {
|
load_deploy_key() {
|
||||||
mkdir -p "$HOME/.ssh/"
|
mkdir -p "$HOME/.ssh/"
|
||||||
ssh-keyscan -p "$PLUGIN_PORT" "$PLUGIN_HOST" > "$HOME/.ssh/known_hosts"
|
ssh-keyscan -p "$PLUGIN_PORT" "$PLUGIN_HOST" > "$HOME/.ssh/known_hosts"
|
||||||
|
@ -34,6 +44,11 @@ run_stack_wait() {
|
||||||
run_plugin() {
|
run_plugin() {
|
||||||
echo "--- start deployment ---"
|
echo "--- start deployment ---"
|
||||||
load_deploy_key
|
load_deploy_key
|
||||||
|
|
||||||
|
if [ -n "$PLUGIN_GENERATE_SECRETS" ]; then
|
||||||
|
generate_secrets
|
||||||
|
fi
|
||||||
|
|
||||||
run_stack_deploy
|
run_stack_deploy
|
||||||
run_stack_wait
|
run_stack_wait
|
||||||
echo "--- end deployment ---"
|
echo "--- end deployment ---"
|
||||||
|
|
Reference in New Issue