--- kind: pipeline name: CI/CD trigger: ref: - refs/tags/* volumes: - name: deps temp: {} - name: dockersock temp: {} steps: - name: notify-start image: appleboy/drone-discord settings: webhook_id: from_secret: DISCORD_WEBHOOK_ID webhook_token: from_secret: DISCORD_WEBHOOK_TOKEN message: "Started build: https://drone.cechis.cz/c3c/cv/{{ build.number }}" - name: build image: nixos/nix volumes: - name: deps path: /nix/store environment: DRONE_SSH_KEY: from_secret: DRONE_SSH_KEY GIT_C3C_KNOW_HOSTS: from_secret: GIT_C3C_KNOW_HOSTS commands: - mkdir /root/.ssh - echo "$DRONE_SSH_KEY" > /root/.ssh/id_ed25519 - echo "$GIT_C3C_KNOW_HOSTS" > /root/.ssh/known_hosts - nix --extra-experimental-features nix-command --extra-experimental-features flakes build .#image - name: publish image: docker:dind environment: REGISTRY_PASSWORD: from_secret: registry_password REGISTRY_USER: from_secret: registry_user volumes: - name: deps path: /nix/store - name: dockersock path: /var/run commands: - sleep 5 - ./result | docker load - echo $$REGISTRY_PASSWORD | docker login -u $$REGISTRY_USER --password-stdin dr.cechis.cz - docker tag cv:${DRONE_TAG} dr.cechis.cz/c3c/cv:${DRONE_TAG} - docker push dr.cechis.cz/c3c/cv:${DRONE_TAG} depends_on: - build - name: deploy image: appleboy/drone-ssh settings: host: vps-1.cechis.cz command_timeout: 20m username: drone key: from_secret: SSH_DRONE script: - docker service update --quiet --with-registry-auth --detach=false --image dr.cechis.cz/c3c/cv:${DRONE_TAG} c3c-cv depends_on: - publish - name: notify-end image: appleboy/drone-discord settings: webhook_id: from_secret: DISCORD_WEBHOOK_ID webhook_token: from_secret: DISCORD_WEBHOOK_TOKEN message: "C3C CV build: {{ build.number }} - {{ build.status }}" when: status: [ success, failure ] depends_on: - deploy services: - name: docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run --- kind: signature hmac: df39c218d4fba826757d713ce80db6debfed40c0b49215cfdf871dc37046f558 ...