cv/.drone.yml

---
kind: pipeline
name: CI/CD

trigger:
  ref:
  - refs/tags/*

volumes:
- name: deps
  temp: {}
- name: dockersock
  temp: {}

steps:
- name: notify-start
  image: appleboy/drone-discord
  settings:
    webhook_id:
      from_secret: DISCORD_WEBHOOK_ID
    webhook_token:
      from_secret: DISCORD_WEBHOOK_TOKEN
    message: "Started build: https://drone.cechis.cz/c3c/cv/{{ build.number }}"

- name: build
  image: nixos/nix
  volumes:
    - name: deps
      path: /nix/store
  environment:
    DRONE_SSH_KEY:
      from_secret: drone_ssh_key
    GITEA_KNOWN_HOSTS:
      from_secret: gitea_known_hosts
  commands:
    - mkdir /root/.ssh
    - echo $DRONE_SSH_KEY > /root/.ssh/id_ed25519
    - echo $GITEA_KNOWN_HOSTS > /root/.ssh/known_hosts
    - cat /root/.ssh/id_ed25519
    - cat /root/.ssh/known_hosts
    - nix --extra-experimental-features nix-command --extra-experimental-features flakes build .#image

- name: publish
  image: docker:dind
  environment:
    REGISTRY_PASSWORD:
      from_secret: registry_password
    REGISTRY_USER:
      from_secret: registry_user
  volumes:
    - name: deps
      path: /nix/store
    - name: dockersock
      path: /var/run
  commands:
    - sleep 5
    - ./result | docker load
    - echo $$REGISTRY_PASSWORD | docker login -u $$REGISTRY_USER --password-stdin dr.cechis.cz
    - docker tag cv:${DRONE_TAG} dr.cechis.cz/c3c/cv:${DRONE_TAG}
    - docker push dr.cechis.cz/c3c/cv:${DRONE_TAG}
  depends_on:
  - build

- name: deploy
  image: appleboy/drone-ssh
  settings:
    host: vps-1.cechis.cz
    command_timeout: 20m
    username: drone
    key:
      from_secret: SSH_DRONE
    script:
    - docker service update --quiet --with-registry-auth --detach=false --image dr.cechis.cz/c3c/cv:${DRONE_TAG} c3c-cv
  depends_on:
  - publish

- name: notify-end
  image: appleboy/drone-discord
  settings:
    webhook_id:
      from_secret: DISCORD_WEBHOOK_ID
    webhook_token:
      from_secret: DISCORD_WEBHOOK_TOKEN
    message: "C3C CV build: {{ build.number }} - {{ build.status }}"
  when:
    status: [ success, failure ]
  depends_on:
  - deploy

services:
- name: docker
  image: docker:dind
  privileged: true
  volumes:
  - name: dockersock
    path: /var/run

---
kind: secret
name: drone_ssh_key
data: tsiJlrs/usJ7DBgSh4Xz1NancyaEM7+20x8e4ZyAlca/jC5pf0Fcb+WIyZx5yUhtBNES9gE7/+FL+BUGE7GyRtRj46N55KgxPPi6LjYx35nQVDhnKRmyKcAIAvMmNgpo1dUO1HZac4Rb8enKFL6zRDsNSZjdOfxUZl056MWRkGD3ze3BxULXknXZpCxENHD49uwcF4FrHNTVf9fJFrOOrxXT6pCg3aj+hIOG2VKimIQaHje3yTIkHc/68QW+dUD6Yvx4J9f9N8buW8c0ilPtlGh58Hv/s7OeeYqszS9rTfw/6ra+mEVLTDTGSIOMuaVVfxlHJ9dpJsZsdn1PxrgGi3XiZnKMCSHAjwrmDbf5kYdoPm/PX4JwYAfopd84px749f6NOuhb8Hwv7QKu5szLmp2pQ/4nTRft/9zeo2OZneXTt8xjvptTgOwFffLkxFliYVcsd0rbanpjWDW6mfy558pNfptKK+ZDqTjpRTDk6DDws6fm9XwdPLK01t2t90DfKSNzKN1FUNg51C+VIoKqQjBzWli+4w4HsAKumPtrchCfYrNCxgyJ5jcjvxyjg3GdsOnlEA3M
---
kind: secret
name: gitea_known_hosts
data: lRpDeYXFG6c9PbcnJI5G+qyiuroipY9ODVrMukHeaT+A8Nq1Bp0rOxjiB7JhnuCA9ZKvvHm6aJ/shvBD8OKFYOil5EBNyyqZRY2+RN2qbLcI+4eSzIjd4zgQm+55i6sMsOYqgDu6A5nxqO9wZ+JTMxm4Ypy/jaP+EaPeoK2DZ+3alfNoRSHyej9Iu3Ya6aGt+lSg76GX3YKAoIjtCAtQa6rsPqjyxWhsyR0ubcts7ydeKzThVryDfrJYyemckmPG87RATBrVsMujGfFBWrn1ebGUCE24hUW5MCClHSlZDe0eaoZQkr+55yQ256M4d4rU+mnawQLPAljD1/H8/Qmy+Oo5rn2c9N65GZzkgLANgc84G1zYI+yMLLw0EXKlbYfXnUvMnJeUDbqXwAnke/VHsDS2orbrBYr0dj0DpAJ5HOEdG7KAofGPYvil+VRQnXpS++zjlcY4kxDBIR/kzhLy7e0GTdAk/GW7z3hbxpccc4O6wcYDQ38nwsz9MRK8DcDn5obIh6ME7HQ9k1NoCoYts3RtMvKof+bpgECttNq/WPgI+R1E3jlnS0VP8uAa37yWCaOvQfo9ip66qo1PcU2QZmtvc5NfG2Q1rQYL/Z9ENI1TULfZwJiZkXRvI7E++QcnKEJ0C9ekqZf072wbcBSf7p7hGnwezBzmGNVqhuoA5EMNw+iG4Cnrl5qVo/VeW7Ws22a29HYUL+XrS6pD65xXQk31L+ZRRRCVcnoDhatsJUF4x6/kV5/VjQjCS49AEeWri81SHrHtkch5ytm++IPeJGk2YiqeWfSYg13Kpzvwg/nhpyf9LDWkQzyLS6Ms86LePIh8vtM/4o3SWR9o4V/V9m2vMwpEhrRXeYEsrurt83tS8KtkzXJQDN2J0ypH6AgYDCtaJScvzYGLodGN75OPY4fKfgoln9Vc1mpXd/q6RaPqkEBxV0kFmreQI7wibiJWOI2XxvvX1dI6zpPPta/DcxjI3p0UqW8kHOmu0LyU6Cpe+YSm9niGSHILUzAsty98jc7g6E+9UkGCWCfn45/Y9E4Di464cfZp+NuAyZAq6t8f39b67Dyabg5Z/tyR27fdxFSZccALX2E=
---
kind: signature
hmac: 738247cbc5ed0b3c4f8693a6787abaf51f7bcdbd1e2932511f434c08a507fac5

...