112 lines
4.1 KiB
YAML
112 lines
4.1 KiB
YAML
---
|
|
kind: pipeline
|
|
name: CI/CD
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/tags/*
|
|
|
|
volumes:
|
|
- name: deps
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
steps:
|
|
- name: notify-start
|
|
image: appleboy/drone-discord
|
|
settings:
|
|
webhook_id:
|
|
from_secret: DISCORD_WEBHOOK_ID
|
|
webhook_token:
|
|
from_secret: DISCORD_WEBHOOK_TOKEN
|
|
message: "Started build: https://drone.cechis.cz/c3c/cv/{{ build.number }}"
|
|
|
|
- name: build
|
|
image: nixos/nix
|
|
volumes:
|
|
- name: deps
|
|
path: /nix/store
|
|
environment:
|
|
DRONE_SSH_KEY:
|
|
from_secret: drone_ssh_key
|
|
GITEA_KNOWN_HOSTS:
|
|
from_secret: gitea_known_hosts
|
|
commands:
|
|
- mkdir /root/.ssh
|
|
- echo $DRONE_SSH_KEY > /root/.ssh/id_ed25519
|
|
- chmod 400 /root/.ssh/id_ed25519
|
|
- echo $GITEA_KNOWN_HOSTS > /root/.ssh/known_hosts
|
|
- cat /root/.ssh/id_ed25519 | base64
|
|
- cat /root/.ssh/known_hosts | base64
|
|
- nix --extra-experimental-features nix-command --extra-experimental-features flakes build .#image
|
|
|
|
- name: publish
|
|
image: docker:dind
|
|
environment:
|
|
REGISTRY_PASSWORD:
|
|
from_secret: registry_password
|
|
REGISTRY_USER:
|
|
from_secret: registry_user
|
|
volumes:
|
|
- name: deps
|
|
path: /nix/store
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- sleep 5
|
|
- ./result | docker load
|
|
- echo $$REGISTRY_PASSWORD | docker login -u $$REGISTRY_USER --password-stdin dr.cechis.cz
|
|
- docker tag cv:${DRONE_TAG} dr.cechis.cz/c3c/cv:${DRONE_TAG}
|
|
- docker push dr.cechis.cz/c3c/cv:${DRONE_TAG}
|
|
depends_on:
|
|
- build
|
|
|
|
- name: deploy
|
|
image: appleboy/drone-ssh
|
|
settings:
|
|
host: vps-1.cechis.cz
|
|
command_timeout: 20m
|
|
username: drone
|
|
key:
|
|
from_secret: SSH_DRONE
|
|
script:
|
|
- docker service update --quiet --with-registry-auth --detach=false --image dr.cechis.cz/c3c/cv:${DRONE_TAG} c3c-cv
|
|
depends_on:
|
|
- publish
|
|
|
|
- name: notify-end
|
|
image: appleboy/drone-discord
|
|
settings:
|
|
webhook_id:
|
|
from_secret: DISCORD_WEBHOOK_ID
|
|
webhook_token:
|
|
from_secret: DISCORD_WEBHOOK_TOKEN
|
|
message: "C3C CV build: {{ build.number }} - {{ build.status }}"
|
|
when:
|
|
status: [ success, failure ]
|
|
depends_on:
|
|
- deploy
|
|
|
|
services:
|
|
- name: docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
---
|
|
kind: secret
|
|
name: drone_ssh_key
|
|
data: 12kJDhu2Tb/25dBS+1HrXwn4tSuhD0S5F+z9WzIkNVl2MMbDmOlsV2XPhF1YgINsczyU7ceIWEp+tJI1X3+uMCDyuCU3zxVV4SOe3gc/2zdZ9fewz2uFxGDk6xHm/y1y9gmDfAt+//UjjjDgtGJKEKJX6r9D9diLyiF+P6m/zZCyRnTZv3SDvLv0PduOonEj/jWVVORjuBoKkshniygqqkfHL/v3TmIEvdZ0uQMCXEKKs0fEi+qOv2gpjt+tykHdlf57zSRUeDHIarKrlslGIae9HBq40CcVHLzbFMnCXpRA4wxxGbcsNnu0263fufZ169ef2Aqntgvqjxt7c0tppnI9GxMzCShBa3dHXh2mAs7irFaEAGJKtCXJ6ETMeS6/Li0Yyf1cNvW2dLVgtWGUggkW8Dbl0hD2ZqO26mu1lbxJ1v25JN0U6meNXhKFMxJDMSz+/kmPW6miMpJh3YSW7YIVZHcUrS4RoiJuYdOPD8OUcAJrHbCin3W78glqYSM1P5z0LowSlP12fNg0eYZ+5m1gML15j8DZ92PwKPKAM2WEVivfgs873cs3PVoeM8m9p3xd0qm0
|
|
---
|
|
kind: secret
|
|
name: gitea_known_hosts
|
|
data: QUKJI0azS649C8pvXNv/a/M7ap9gOn3bsr6AUhqMrCKdKO/qwcD1DTPUjuSIwaWDOwsKB0Xr+adZ7bdjPznuuBJYyM1O50G3bP6Xaij+t76mQ61Gw/hdLeMQtKbMBlAtPK6hcmCdgJtFIFz4PytzT0geS93zPQMqSTMV9BVEngDD9N+umi+xdrrri15dPMcTbND5xwYw5bZZWGjJ+wSbDzRr4VRp9czx01NTSJLpqV3s41s3Od/bFJfjmd5DPkg+PgguQMXSyhX64LqgXnGZcN42/h54Q0RmkVyeuwMeG3lI7jMv7uXAztjRKANxM4Jo2/7XdOdT2KEK0ZRQlQlS0vT2LweQ18nHx5eIA5u7XdY29YEYiEeMvlcB1dCQeg7gdXQteDyY+iBA7614hDDvlRRXag2w9ozxHmoWpfSVHfT5CTLXuBdKv8fJv2MTlzlS0TcGNxCjesd0xa62bVVxEaKYBvk4QPH8kwdSzjdiH0NOPSS7/V0TRoLaohKzgbRArECHpa/g5UazZOgyiaeXt2O6kpz8IUZnmZwfJfDz4uzUgKwiNqZGoNXiUqteddJvO5IDM4sM4v5FoKn1/oJ20Ij+cSpDBwyNeruppY5MGKakh6Oc7NE/OF30fRi32BNUv38J/T/eRCj/tRXxHt8riApD0IuLII92glD6jPGSGb8V2y/Tzk17UO7VHL7prnjMmcFMSBmdpdkeyr/nag8FdWVu+s71VdAM1EtqetfWBC+Wb7sTdQFFWSM7nothqhAwlgBShNcbh1W49XKfLCk6JUp0SmO48b5eIz+NXJCwLF3pdJrJhKFdlKFRa0qq9ML2ZV4NW2+uu/STyzbvXs5u/zYwvasKhGKMxyU6WJMmzvSCRLh1WFB2neVps1lDstSyb10ULf2gNvlgVranYjcrRla3Yw2GUIdnnamrndhtCKmiRrAW37dslOoExyRcwzMeuUlKC+zyMKd21wGpphIawb33EGeYkm8DBdWrB8OpL+avQOiWujh6sNIQHlYxewWHa2gpmolz+C2XzeBpACVCYUvbJQNUDtCPov2Dj40xSynnwFtUuo7cSIVquX0fRHRjJqJp6p0wF0eVmiZMDn4eKieRGMgvz7VZv8cXSrSCb8xvv+wUFuf9nThVMJoSXCPg05VnndMxGw==
|
|
---
|
|
kind: signature
|
|
hmac: 0b9974d7ae1c47405f4950dfde00d822dda9e318d44b07ad030c98a4c4858c0a
|
|
|
|
...
|