Compare commits
10 Commits
2a2f2c1e23
...
f93514a174
Author | SHA1 | Date |
---|---|---|
Comrade Renovate Bot | f93514a174 | |
3wc | be963d420e | |
3wc | 76078a2f6c | |
3wc | 3b95b98442 | |
3wc | 992d1dbae2 | |
3wc | 143b8974d6 | |
3wc | 69df540680 | |
3wc | 768c48ddf9 | |
3wc | 890c8b670f | |
3wc | 91f6cba3e9 |
12
.drone.yml
12
.drone.yml
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: deploy to hub.docker.com
|
||||
name: build & publish image
|
||||
steps:
|
||||
- name: run shellcheck
|
||||
image: debian:buster
|
||||
image: debian:bullseye
|
||||
commands:
|
||||
- apt update
|
||||
- apt install -y shellcheck
|
||||
|
@ -11,12 +11,12 @@ steps:
|
|||
- name: docker push
|
||||
image: plugins/docker
|
||||
settings:
|
||||
username:
|
||||
from_secret: docker_reg_username_coopcloud
|
||||
username: 3wordchant
|
||||
password:
|
||||
from_secret: docker_reg_passwd_coopcloud
|
||||
repo: thecoopcloud/stack-ssh-deploy
|
||||
from_secret: git_coopcloud_tech_token_3wc
|
||||
repo: git.coopcloud.tech/coop-cloud/stack-ssh-deploy
|
||||
tags: latest
|
||||
registry: git.coopcloud.tech
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# stack-ssh-deploy
|
||||
|
||||
[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/stack-ssh-deploy/status.svg?ref=refs/heads/main)](https://drone.autonomic.zone/coop-cloud/stack-ssh-deploy)
|
||||
[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/stack-ssh-deploy/status.svg?ref=refs/heads/main)](https://build.coopcloud.tech/coop-cloud/stack-ssh-deploy)
|
||||
|
||||
Deploy swarm stacks against a SSH based remote docker daemon context.
|
||||
|
||||
|
|
32
plugin.sh
32
plugin.sh
|
@ -31,15 +31,19 @@ generate_secrets() {
|
|||
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O /usr/bin/yq &&\
|
||||
chmod +x /usr/bin/yq
|
||||
|
||||
for SECRET in $(yq r "$PLUGIN_COMPOSE" 'secrets.*.name'); do
|
||||
SECRET=$(eval echo "$SECRET")
|
||||
if docker -H "$REMOTE_DOCKER_HOST" secret ls | grep -q "$SECRET"; then
|
||||
echo "Skipping existing secret $SECRET"
|
||||
else
|
||||
eval "echo \"generating $SECRET\""
|
||||
PW=$(</dev/urandom tr -dc 'A-Za-z0-9' | head -c 40; echo)
|
||||
eval "echo \"$PW\" | docker -H \"$REMOTE_DOCKER_HOST\" secret create \"$SECRET\" -";
|
||||
fi
|
||||
# shellcheck disable=SC2086
|
||||
for COMPOSE_FILE in ${PLUGIN_COMPOSE//:/ }; do
|
||||
for SECRET in $(yq r "$COMPOSE_FILE" 'secrets.*.name'); do
|
||||
echo "generating $SECRET"
|
||||
SECRET=$(eval echo "$SECRET")
|
||||
if docker -H "$REMOTE_DOCKER_HOST" secret ls | grep -q "$SECRET"; then
|
||||
echo "Skipping existing secret $SECRET"
|
||||
else
|
||||
eval "echo \"generating $SECRET\""
|
||||
PW=$(</dev/urandom tr -dc 'A-Za-z0-9' | head -c 40; echo)
|
||||
eval "echo \"$PW\" | docker -H \"$REMOTE_DOCKER_HOST\" secret create \"$SECRET\" -";
|
||||
fi
|
||||
done
|
||||
done
|
||||
echo "--- end secrets ---"
|
||||
}
|
||||
|
@ -64,15 +68,15 @@ output_versions(){
|
|||
run_stack_deploy() {
|
||||
echo "--- start deploy ---"
|
||||
|
||||
if [[ ! -z "${PLUGIN_REG_USER}" ]] && [[ ! -z "${PLUGIN_REG_PASS}" ]]; then
|
||||
if [[ -n "${PLUGIN_REG_USER}" ]] && [[ -n "${PLUGIN_REG_PASS}" ]]; then
|
||||
echo "--- discovered secrets, assuming private registry, logging in ---"
|
||||
docker -H "$REMOTE_DOCKER_HOST" login -u "${PLUGIN_REG_USER}" -p "${PLUGIN_REG_PASS}"
|
||||
docker -H "$REMOTE_DOCKER_HOST" pull "${PLUGIN_IMAGE}"
|
||||
echo "${PLUGIN_IMAGE}"
|
||||
docker -H "$REMOTE_DOCKER_HOST" stack deploy -c "$PLUGIN_COMPOSE" "$PLUGIN_STACK"
|
||||
else
|
||||
docker -H "$REMOTE_DOCKER_HOST" stack deploy -c "$PLUGIN_COMPOSE" "$PLUGIN_STACK"
|
||||
fi
|
||||
echo "compose: $PLUGIN_COMPOSE"
|
||||
# shellcheck disable=SC2086
|
||||
docker -H "$REMOTE_DOCKER_HOST" stack deploy -c ${PLUGIN_COMPOSE//:/ -c } "$PLUGIN_STACK"
|
||||
echo "--- end deploy ---"
|
||||
}
|
||||
|
||||
|
@ -100,7 +104,7 @@ run_purge() {
|
|||
|
||||
# See https://github.com/moby/moby/issues/30942#issuecomment-540699206
|
||||
until [ -z "$(docker -H "$REMOTE_DOCKER_HOST" stack ps "$PLUGIN_STACK" -q)" ]; do sleep 1; done
|
||||
docker -H "$REMOTE_DOCKER_HOST" system prune --all --volumes --force
|
||||
docker -H "$REMOTE_DOCKER_HOST" system prune --all --volumes --force || true
|
||||
|
||||
# try and remove all secrets; Docker will leave ones which are in use
|
||||
docker -H "$REMOTE_DOCKER_HOST" secret ls --format '{{ .Name }}' | xargs -i sh -c "echo {}; docker -H \"$REMOTE_DOCKER_HOST\" secret rm {} || true"
|
||||
|
|
Loading…
Reference in New Issue