wanderer
cfe496dcb7
Some checks failed
continuous-integration/drone/push Build is failing
the entire './public' folder that Hugo produces is embedded into a variable of 'embed.FS' type and served directly using the default http mux that Go std offers. ci, pre-commit, Dockerfile and compose file have all been updated accordingly. nginx is no longer needed to front the site files, which enabled switching to a SCRATCH image containing just a single statically linked "homepage" app that has all files (html, css, js) embedded. the containers are otherwise empty (as the name SCRATCH suggests), which further decreases potential attack surface area. Co-authored-by: surtur <a_mirre@utb.cz> Reviewed-on: #33
415 lines
8.4 KiB
YAML
415 lines
8.4 KiB
YAML
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: pull
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
trigger:
|
|
event:
|
|
exclude: [push, pull_request]
|
|
|
|
steps:
|
|
- name: fedora-hugo
|
|
pull: always
|
|
image: immawanderer/fedora-hugo:linux-amd64
|
|
commands:
|
|
- uname -r
|
|
- cat /etc/fedora-release
|
|
|
|
- name: alpine-rsync
|
|
pull: always
|
|
image: immawanderer/alpine-rsync:latest
|
|
commands:
|
|
- uname -r
|
|
|
|
- name: hadolint
|
|
pull: always
|
|
image: hadolint/hadolint:2.9.1-alpine
|
|
commands:
|
|
- uname -r
|
|
- hadolint --version
|
|
|
|
- name: golang
|
|
pull: always
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
commands:
|
|
- uname -r
|
|
- go version
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: build
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
trigger:
|
|
branch: [master, testing]
|
|
event: pull_request
|
|
|
|
depends_on:
|
|
- pull
|
|
|
|
environment:
|
|
CGO_ENABLED: 0
|
|
|
|
steps:
|
|
- name: hugo-extended
|
|
pull: if-not-exists
|
|
image: immawanderer/fedora-hugo:linux-amd64
|
|
commands:
|
|
- git submodule init
|
|
- git submodule update
|
|
- hugo version
|
|
- hugo --gc=true --minify
|
|
|
|
- name: go fmt
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
volumes:
|
|
- name: gopath
|
|
path: /go
|
|
depends_on:
|
|
- clone
|
|
commands:
|
|
- go fmt
|
|
|
|
- name: go vet
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
volumes:
|
|
- name: gopath
|
|
path: /go
|
|
depends_on:
|
|
- go fmt
|
|
commands:
|
|
- go vet
|
|
|
|
- name: go build
|
|
pull: if-not-exists
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
volumes:
|
|
- name: gopath
|
|
path: /go
|
|
depends_on:
|
|
- go vet
|
|
# wait until the site is output into './public'.
|
|
- hugo-extended
|
|
commands:
|
|
- go build -v -ldflags "-s -w -X main.Version=${DRONE_COMMIT}" .
|
|
|
|
volumes:
|
|
- name: gopath
|
|
temp: {}
|
|
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: docker-compose-build
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
trigger:
|
|
branch: master
|
|
event: pull_request
|
|
|
|
depends_on:
|
|
- build
|
|
|
|
steps:
|
|
- name: hadolint
|
|
image: hadolint/hadolint:v2.9.1-alpine
|
|
commands:
|
|
- hadolint --version
|
|
- hadolint Dockerfile
|
|
|
|
- name: build
|
|
pull: always
|
|
image: tmaier/docker-compose:latest
|
|
volumes:
|
|
- name: s
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
COMPOSE_DOCKER_CLI_BUILD: 1
|
|
DOCKER_BUILDKIT: 1
|
|
commands:
|
|
- docker-compose build --no-cache --pull
|
|
|
|
volumes:
|
|
- name: s
|
|
host:
|
|
path: /var/run/docker.sock
|
|
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: deploy-staging
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
trigger:
|
|
branch:
|
|
- testing
|
|
event:
|
|
exclude: [pull_request, tag]
|
|
|
|
depends_on:
|
|
- build
|
|
|
|
steps:
|
|
- name: hugo-extended
|
|
pull: if-not-exists
|
|
image: immawanderer/fedora-hugo:linux-amd64
|
|
commands:
|
|
- git submodule init
|
|
- git submodule update
|
|
- hugo version
|
|
- hugo --gc=true --minify
|
|
|
|
- name: deploy
|
|
pull: if-not-exists
|
|
image: alpine:3.15.0
|
|
when:
|
|
status:
|
|
- success
|
|
branch:
|
|
- testing
|
|
depends_on:
|
|
- hugo-extended
|
|
environment:
|
|
OL:
|
|
from_secret: hugo_user
|
|
OL_P:
|
|
from_secret: hugo_passwd
|
|
OL_D:
|
|
from_secret: hugo_dir
|
|
commands:
|
|
- apk update
|
|
- apk -U upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
|
|
- apk add --no-cache ca-certificates rsync openssh-client sshpass --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
|
|
- echo $OL_P > nupass
|
|
- export RSYNC_RSH='sshpass -f ./nupass ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
|
|
- rsync -av --delete --chown $OL public/ $OL@dotya.ml:$OL_D
|
|
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: deploy
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
trigger:
|
|
branch:
|
|
- master
|
|
event:
|
|
exclude: [pull_request, tag]
|
|
|
|
environment:
|
|
# ref: https://www.docker.com/blog/faster-builds-in-compose-thanks-to-buildkit-support/
|
|
COMPOSE_DOCKER_CLI_BUILD: 1
|
|
DOCKER_BUILDKIT: 1
|
|
|
|
node:
|
|
r: main
|
|
|
|
depends_on:
|
|
- build
|
|
|
|
environment:
|
|
CGO_ENABLED: 0
|
|
|
|
steps:
|
|
- name: hugo-extended
|
|
pull: if-not-exists
|
|
image: immawanderer/fedora-hugo:linux-amd64
|
|
commands:
|
|
- git submodule init
|
|
- git submodule update
|
|
- hugo version
|
|
- hugo --gc=true --minify
|
|
|
|
- name: rm-intermediate
|
|
pull: if-not-exists
|
|
image: immawanderer/fedora-hugo:linux-amd64
|
|
depends_on:
|
|
- hugo-extended
|
|
commands:
|
|
- rm -rf ./public
|
|
|
|
- name: hadolint
|
|
image: hadolint/hadolint:v2.9.1-alpine
|
|
depends_on:
|
|
- clone
|
|
commands:
|
|
- hadolint --version
|
|
- hadolint Dockerfile
|
|
|
|
- name: go fmt
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
volumes:
|
|
- name: gopath
|
|
path: /go
|
|
depends_on:
|
|
- clone
|
|
commands:
|
|
- go fmt
|
|
|
|
- name: go vet
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
volumes:
|
|
- name: gopath
|
|
path: /go
|
|
depends_on:
|
|
- go fmt
|
|
commands:
|
|
- go vet
|
|
|
|
- name: go build
|
|
image: docker.io/library/golang:1.18.5-alpine3.16
|
|
volumes:
|
|
- name: gopath
|
|
path: /go
|
|
depends_on:
|
|
- go vet
|
|
# wait until the site is output into './public'.
|
|
- hugo-extended
|
|
commands:
|
|
- go build -v -ldflags "-s -w -X main.Version=${DRONE_COMMIT}" .
|
|
|
|
- name: build
|
|
pull: always
|
|
image: tmaier/docker-compose:latest
|
|
depends_on:
|
|
- rm-intermediate
|
|
- hadolint
|
|
- go fmt
|
|
- go vet
|
|
- go build
|
|
volumes:
|
|
- name: s
|
|
path: /var/run/docker.sock
|
|
commands:
|
|
- docker-compose build --no-cache
|
|
when:
|
|
branch: master
|
|
status: success
|
|
|
|
- name: deploy
|
|
pull: always
|
|
image: tmaier/docker-compose:latest
|
|
depends_on:
|
|
- build
|
|
volumes:
|
|
- name: s
|
|
path: /var/run/docker.sock
|
|
commands:
|
|
- docker-compose -p ${DRONE_REPO_NAME} up -d --remove-orphans --scale homepage=4
|
|
when:
|
|
branch: master
|
|
status: success
|
|
|
|
volumes:
|
|
- name: s
|
|
host:
|
|
path: /var/run/docker.sock
|
|
- name: gopath
|
|
temp: {}
|
|
|
|
|
|
---
|
|
kind: pipeline
|
|
name: notifications
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
trigger:
|
|
branch:
|
|
- master
|
|
- testing
|
|
event:
|
|
- push
|
|
- tag
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
depends_on: [deploy, deploy-staging]
|
|
|
|
steps:
|
|
- name: discord
|
|
pull: if-not-exists
|
|
image: appleboy/drone-discord:latest
|
|
settings:
|
|
message: >
|
|
{{#success build.status}}
|
|
✅ [Build #{{build.number}}]({{build.link}}) of `{{repo.name}}` has been successfully deployed.
|
|
event: **`{{build.event}}`**
|
|
commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`
|
|
{{else}}
|
|
❌ [Build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed to deploy.
|
|
event: **`${DRONE_BUILD_EVENT}`**
|
|
failed stage(s): **`${DRONE_FAILED_STAGES}`**
|
|
commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`
|
|
```{{commit.message}}```
|
|
{{/success}}
|
|
webhook_id:
|
|
from_secret: discord_webhook_id
|
|
webhook_token:
|
|
from_secret: discord_webhook_token
|
|
|
|
---
|
|
kind: pipeline
|
|
name: notifications-cron
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
trigger:
|
|
event: cron
|
|
cron: [hourly, nightly]
|
|
status: [success, failure]
|
|
|
|
depends_on: [deploy]
|
|
|
|
steps:
|
|
- name: discord
|
|
pull: always
|
|
image: appleboy/drone-discord:latest
|
|
settings:
|
|
message: >
|
|
{{#success build.status}}
|
|
✅ [Cron build #{{build.number}}]({{build.link}}) of `{{repo.name}}` has been successfully deployed.
|
|
event: **`{{build.event}}`**
|
|
commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`
|
|
{{else}}
|
|
❌ [Cron build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed to deploy.
|
|
event: **`${DRONE_BUILD_EVENT}`**
|
|
failed stage(s): **`${DRONE_FAILED_STAGES}`**
|
|
commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`
|
|
```{{commit.message}}```
|
|
{{/success}}
|
|
webhook_id:
|
|
from_secret: discord_webhook_hourly_id
|
|
webhook_token:
|
|
from_secret: discord_webhook_hourly_token
|