Drone: rework ci pipeline

.drone.yml

@@ -1,86 +1,68 @@
+---
 kind: pipeline
-name: default
+type: kubernetes
+name: build
+
+metadata:
+  labels:
+    pod-security.kubernetes.io/audit: privileged
+
+services:
+  - name: docker daemon
+    image: docker:dind
+    privileged: true
+    environment:
+      DOCKER_TLS_CERTDIR: ""
+
 steps:
-  - name: release
+  - name: container build
-    image: plugins/gitea-release
+    image: docker:latest
-    settings:
+    privileged: true
-      api_key:
+    commands:
-        from_secret: gitea_api_key
+      - "while ! docker stats --no-stream; do sleep 1; done"
-      base_url: https://code.garrettmills.dev
+      - "docker build -t $DOCKER_REGISTRY/starship/coreid ."
-      checksum: md5
+      - "docker push $DOCKER_REGISTRY/starship/coreid"
-      title: ${DRONE_TAG}
+    environment:
-    when:
+      DOCKER_HOST: tcp://localhost:2375
-      event: tag
+      DOCKER_REGISTRY:
-  - name: deploy to production
+        from_secret: DOCKER_REGISTRY
-    image: appleboy/drone-ssh
+
-    settings:
+  - name: environment substitution
-      host:
+    image: rockylinux:9.0-minimal
-        from_secret: deploy_ssh_host
+    commands:
-      username:
+      - microdnf install -y gettext
-        from_secret: deploy_ssh_user
+      - cd deploy && mkdir ../deploy-subst && bash -c 'for f in *.yaml; do envsubst < $f > ../deploy-subst/$f; done'
-      key:
+    environment:
-        from_secret: deploy_ssh_key
+      COREID_DOMAIN:
-      port:
+        from_secret: COREID_DOMAIN
-        from_secret: deploy_ssh_port
+      DOCKER_REGISTRY:
-      script:
+        from_secret: DOCKER_REGISTRY
-        - cd /home/coreid/CoreID
+      COREID_DATABASE_HOST:
-        - git checkout master
+        from_secret: COREID_DATABASE_HOST
-        - git pull
+      COREID_DATABASE_NAME:
-        - git checkout ${DRONE_TAG}
+        from_secret: COREID_DATABASE_NAME
-        - git pull
+      COREID_LDAP_BASE_DC:
-        - yarn install
+        from_secret: COREID_LDAP_BASE_DC
-    when:
+      COREID_REDIS_HOST:
-      event: promote
+        from_secret: COREID_REDIS_HOST
-      target: production
+      COREID_SMTP_HOST:
-  - name: restart production services
+        from_secret: COREID_SMTP_HOST
-    image: appleboy/drone-ssh
+#    when:
-    settings:
+#      event:
-      host:
+#        - tag
-        from_secret: deploy_ssh_host
+#        - promote
-      username:
-        from_secret: deploy_ssh_admin_user
-      key:
-        from_secret: deploy_ssh_key
-      port:
-        from_secret: deploy_ssh_port
-      script:
-        - systemctl restart coreid-www
-        - systemctl restart coreid-jobs
-    when:
-      event: promote
-      target: production
-  - name: send success notifications
-    image: plugins/webhook
-    settings:
-      urls:
-        from_secret: notify_webhook_url
-      content_type: application/json
-      template: |
-        {
-          "title": "Drone-CI [Starship/CoreID]",
-          "message": "Build ${DRONE_BUILD_NUMBER} promoted to production.",
-          "priority": 4
-        }
-    when:
-      status: success
-      event:
-        - tag
-        - promote
-  - name: send error notifications
-    image: plugins/webhook
-    settings:
-      urls:
-        from_secret: notify_webhook_url
-      content_type: application/json
-      template: |
-        {
-          "title": "Drone-CI [Starship/CoreID]",
-          "message": "An error was encountered while promoting build ${DRONE_BUILD_NUMBER} to production.",
-          "priority": 6
-        }
-    when:
-      status: failure
-      event:
-        - tag
-        - promote
 
+  - name: k8s rollout
+    image: bitnami/kubectl
+    privileged: true
+    commands:
+      - cd deploy && kubectl apply -f .
+      - kubectl rollout restart deployment/coreid-www -n starship
+      - kubectl rollout restart deployment/coreid-jobs -n starship
+    depends_on:
+      - container build
+      - environment substitution
+#    when:
+#      event:
+#        - tag
+#        - promote