diff --git a/.drone.yml b/.drone.yml index 692106d..c460eb4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,86 +1,68 @@ +--- kind: pipeline -name: default +type: kubernetes +name: build + +metadata: + labels: + pod-security.kubernetes.io/audit: privileged + +services: + - name: docker daemon + image: docker:dind + privileged: true + environment: + DOCKER_TLS_CERTDIR: "" + steps: - - name: release - image: plugins/gitea-release - settings: - api_key: - from_secret: gitea_api_key - base_url: https://code.garrettmills.dev - checksum: md5 - title: ${DRONE_TAG} - when: - event: tag - - name: deploy to production - image: appleboy/drone-ssh - settings: - host: - from_secret: deploy_ssh_host - username: - from_secret: deploy_ssh_user - key: - from_secret: deploy_ssh_key - port: - from_secret: deploy_ssh_port - script: - - cd /home/coreid/CoreID - - git checkout master - - git pull - - git checkout ${DRONE_TAG} - - git pull - - yarn install - when: - event: promote - target: production - - name: restart production services - image: appleboy/drone-ssh - settings: - host: - from_secret: deploy_ssh_host - username: - from_secret: deploy_ssh_admin_user - key: - from_secret: deploy_ssh_key - port: - from_secret: deploy_ssh_port - script: - - systemctl restart coreid-www - - systemctl restart coreid-jobs - when: - event: promote - target: production - - name: send success notifications - image: plugins/webhook - settings: - urls: - from_secret: notify_webhook_url - content_type: application/json - template: | - { - "title": "Drone-CI [Starship/CoreID]", - "message": "Build ${DRONE_BUILD_NUMBER} promoted to production.", - "priority": 4 - } - when: - status: success - event: - - tag - - promote - - name: send error notifications - image: plugins/webhook - settings: - urls: - from_secret: notify_webhook_url - content_type: application/json - template: | - { - "title": "Drone-CI [Starship/CoreID]", - "message": "An error was encountered while promoting build ${DRONE_BUILD_NUMBER} to production.", - "priority": 6 - } - when: - status: failure - event: - - tag - - promote + - name: container build + image: docker:latest + privileged: true + commands: + - "while ! docker stats --no-stream; do sleep 1; done" + - "docker build -t $DOCKER_REGISTRY/starship/coreid ." + - "docker push $DOCKER_REGISTRY/starship/coreid" + environment: + DOCKER_HOST: tcp://localhost:2375 + DOCKER_REGISTRY: + from_secret: DOCKER_REGISTRY + + - name: environment substitution + image: rockylinux:9.0-minimal + commands: + - microdnf install -y gettext + - cd deploy && mkdir ../deploy-subst && bash -c 'for f in *.yaml; do envsubst < $f > ../deploy-subst/$f; done' + environment: + COREID_DOMAIN: + from_secret: COREID_DOMAIN + DOCKER_REGISTRY: + from_secret: DOCKER_REGISTRY + COREID_DATABASE_HOST: + from_secret: COREID_DATABASE_HOST + COREID_DATABASE_NAME: + from_secret: COREID_DATABASE_NAME + COREID_LDAP_BASE_DC: + from_secret: COREID_LDAP_BASE_DC + COREID_REDIS_HOST: + from_secret: COREID_REDIS_HOST + COREID_SMTP_HOST: + from_secret: COREID_SMTP_HOST +# when: +# event: +# - tag +# - promote + - name: k8s rollout + image: bitnami/kubectl + privileged: true + commands: + - cd deploy && kubectl apply -f . + - kubectl rollout restart deployment/coreid-www -n starship + - kubectl rollout restart deployment/coreid-jobs -n starship + depends_on: + - container build + - environment substitution +# when: +# event: +# - tag +# - promote