111 lines
4.1 KiB
YAML
111 lines
4.1 KiB
YAML
---
|
|
kind: pipeline
|
|
name: CI/CD
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/tags/*
|
|
|
|
volumes:
|
|
- name: deps
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
steps:
|
|
- name: notify-start
|
|
image: appleboy/drone-discord
|
|
settings:
|
|
webhook_id:
|
|
from_secret: DISCORD_WEBHOOK_ID
|
|
webhook_token:
|
|
from_secret: DISCORD_WEBHOOK_TOKEN
|
|
message: "Started build: https://drone.cechis.cz/c3c/cv/{{ build.number }}"
|
|
|
|
- name: build
|
|
image: nixos/nix
|
|
volumes:
|
|
- name: deps
|
|
path: /nix/store
|
|
environment:
|
|
DRONE_SSH_KEY:
|
|
from_secret: drone_ssh_key
|
|
GITEA_KNOWN_HOSTS:
|
|
from_secret: gitea_known_hosts
|
|
commands:
|
|
- mkdir /root/.ssh
|
|
- echo "$DRONE_SSH_KEY" > /root/.ssh/id_ed25519
|
|
- chmod 400 /root/.ssh/id_ed25519
|
|
- echo "Host git.c3c.cz\n\tPort 5522" > /root/.ssh/config
|
|
- echo "$GITEA_KNOWN_HOSTS" > /root/.ssh/known_hosts
|
|
- nix --extra-experimental-features nix-command --extra-experimental-features flakes build .#image
|
|
|
|
- name: publish
|
|
image: docker:dind
|
|
environment:
|
|
REGISTRY_PASSWORD:
|
|
from_secret: registry_password
|
|
REGISTRY_USER:
|
|
from_secret: registry_user
|
|
volumes:
|
|
- name: deps
|
|
path: /nix/store
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- sleep 5
|
|
- ./result | docker load
|
|
- echo $$REGISTRY_PASSWORD | docker login -u $$REGISTRY_USER --password-stdin dr.cechis.cz
|
|
- docker tag cv:${DRONE_TAG} dr.cechis.cz/c3c/cv:${DRONE_TAG}
|
|
- docker push dr.cechis.cz/c3c/cv:${DRONE_TAG}
|
|
depends_on:
|
|
- build
|
|
|
|
- name: deploy
|
|
image: appleboy/drone-ssh
|
|
settings:
|
|
host: vps-1.cechis.cz
|
|
command_timeout: 20m
|
|
username: drone
|
|
key:
|
|
from_secret: SSH_DRONE
|
|
script:
|
|
- docker service update --quiet --with-registry-auth --detach=false --image dr.cechis.cz/c3c/cv:${DRONE_TAG} c3c-cv
|
|
depends_on:
|
|
- publish
|
|
|
|
- name: notify-end
|
|
image: appleboy/drone-discord
|
|
settings:
|
|
webhook_id:
|
|
from_secret: DISCORD_WEBHOOK_ID
|
|
webhook_token:
|
|
from_secret: DISCORD_WEBHOOK_TOKEN
|
|
message: "C3C CV build: {{ build.number }} - {{ build.status }}"
|
|
when:
|
|
status: [ success, failure ]
|
|
depends_on:
|
|
- deploy
|
|
|
|
services:
|
|
- name: docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
---
|
|
kind: secret
|
|
name: drone_ssh_key
|
|
data: 12kJDhu2Tb/25dBS+1HrXwn4tSuhD0S5F+z9WzIkNVl2MMbDmOlsV2XPhF1YgINsczyU7ceIWEp+tJI1X3+uMCDyuCU3zxVV4SOe3gc/2zdZ9fewz2uFxGDk6xHm/y1y9gmDfAt+//UjjjDgtGJKEKJX6r9D9diLyiF+P6m/zZCyRnTZv3SDvLv0PduOonEj/jWVVORjuBoKkshniygqqkfHL/v3TmIEvdZ0uQMCXEKKs0fEi+qOv2gpjt+tykHdlf57zSRUeDHIarKrlslGIae9HBq40CcVHLzbFMnCXpRA4wxxGbcsNnu0263fufZ169ef2Aqntgvqjxt7c0tppnI9GxMzCShBa3dHXh2mAs7irFaEAGJKtCXJ6ETMeS6/Li0Yyf1cNvW2dLVgtWGUggkW8Dbl0hD2ZqO26mu1lbxJ1v25JN0U6meNXhKFMxJDMSz+/kmPW6miMpJh3YSW7YIVZHcUrS4RoiJuYdOPD8OUcAJrHbCin3W78glqYSM1P5z0LowSlP12fNg0eYZ+5m1gML15j8DZ92PwKPKAM2WEVivfgs873cs3PVoeM8m9p3xd0qm0
|
|
---
|
|
kind: secret
|
|
name: gitea_known_hosts
|
|
data: r9Bi+OWiiOtFustCnv/oUn2ULPCHZwQKlhZ3IroztOaHsTy/RJiTsqm9Ntachs8by+skida+21YVry1oyabrbXcnClyejEuqgTKhB8fSm4Oy3GW35gZVoxRCOdYfteFgPAvX2iOpxzREwiOzhw9hcGSFNwZG5Iij+Ylp1/dD5fDc3SAczWE8M7A1mACwe2sBFv0EiG+SXOsHjH+n9P64EV52R4F7y+kSQmQ/Frjv1ZjtcbhVyP1LsLn3xhbotOI8ug0sxybRH2Mf48xC1wahdJJ54eoTDLFWBrOsopbZEVIC3wPHRSKjouSTPyzysb6QPnJdEYzQCwCNOJ4JNDrH5txVft7yLc6egyiIpiFE3IUfZHGWKeZiraqkUc3WjRIyX4+7v89HWmLlTPG08I3hBFR5aESu4NGPOp72fGjc3YKRze/nBuKDM5RXVH2AH3J9VLGD+6pfnllz9cgmHP3CEaS+8XC0rnOIpBKlNZWQJrApiWeBnLMdopy5E9ri1dPPmkvJjxaLyJ/23r35gz9RUUj/ws1AlGCIo3sM04XCXbLJbC1mgM1YDcRr6GMVztHMiMA4z0zCDzYHlQzTuSRPUl1Ygb/lyXBwVnvaajZDoyHju0D5Ie8kajcjlRxAMDcLZFlPTBJLuLp89WN9JEyKMss2L5kH0Ku7IDn3tZ7w4Ix9YJ4tN7WnjszZsks+lUbOwy5w4bKjiwwS7S9haiN2gMQ8TwCwzXIfynFS9c5xnOEzvDYTCjz04/1YbuSsYCM4HjR/ObpQWGo+1Zs5iUC9Lrhv9EaOO2q/8O7kpbqJURePN2F8f6lGRKe/aR8VGhrRrdd+YuKchL+BQaJK7q9d7m2ov3m+njNGO8/wzgUmB5GjALfYZ1nNVPta/+aMhVPrIc2iHMwlsGCx9pMClen0gtKic6MZhRWIZWxbxjoF4n9PNcBdcUW4/VvCLJRokAVHfxIH1/epH1hBrFRrDfI3hmFw8BXXIIEk4PDi1KydbJilbF3OvSOradcdzXlwIOOW2zqiq0tkeqjPrApdcCM6hkETkKgRfV9B9Ia9Ses3iy/v1bBN9Db8WjDu+KqoHfZrSkZGF2UlMjXQYLKoAPtH6ShlnaGHeeDZLk/+El6smOgeyUN6WJjKPPyBpSEZzbFfIZh7kkrqNmrkxh8ZdVlYloAuwzbCKzxCxHxDsGK5
|
|
---
|
|
kind: signature
|
|
hmac: f10e4fe9d1fe06a83ca01e97de3a2a1037fcaa94e38d05cb07bb83d00bdcb495
|
|
|
|
...
|