From e3e22e540cbe3f5bdf76ddbd24ee20217eb01177 Mon Sep 17 00:00:00 2001 From: Manuel Thalmann Date: Thu, 7 Nov 2024 18:33:16 +0100 Subject: [PATCH] Add scripts for installing `drone` --- .../docker/services/drone/.dockerignore | 1 + .../docker/services/drone/ci.Dockerfile | 7 + .../services/drone/docker-compose.secrets.yml | 0 .../drone/docker-compose.templates.yml | 35 +++++ .../Software/docker/services/drone/main.fish | 141 ++++++++++++++++++ .../Software/docker/services/service.fish | 31 ++-- 6 files changed, 204 insertions(+), 11 deletions(-) create mode 100644 scripts/Common/Software/docker/services/drone/.dockerignore create mode 100644 scripts/Common/Software/docker/services/drone/ci.Dockerfile create mode 100644 scripts/Common/Software/docker/services/drone/docker-compose.secrets.yml create mode 100644 scripts/Common/Software/docker/services/drone/docker-compose.templates.yml create mode 100644 scripts/Common/Software/docker/services/drone/main.fish diff --git a/scripts/Common/Software/docker/services/drone/.dockerignore b/scripts/Common/Software/docker/services/drone/.dockerignore new file mode 100644 index 00000000..8fce6030 --- /dev/null +++ b/scripts/Common/Software/docker/services/drone/.dockerignore @@ -0,0 +1 @@ +data/ diff --git a/scripts/Common/Software/docker/services/drone/ci.Dockerfile b/scripts/Common/Software/docker/services/drone/ci.Dockerfile new file mode 100644 index 00000000..face3092 --- /dev/null +++ b/scripts/Common/Software/docker/services/drone/ci.Dockerfile @@ -0,0 +1,7 @@ +FROM tetafro/golang-gcc AS builder +RUN apk add -U --no-cache git +RUN git clone -b "v2.20.0" --depth=1 https://github.com/drone/drone.git +RUN cd drone && go build -trimpath -ldflags='-w -s' -tags nolimit -o /usr/local/bin/drone-server ./cmd/drone-server + +FROM drone/drone +COPY --from=builder /usr/local/bin/drone-server /bin/ diff --git a/scripts/Common/Software/docker/services/drone/docker-compose.secrets.yml b/scripts/Common/Software/docker/services/drone/docker-compose.secrets.yml new file mode 100644 index 00000000..e69de29b diff --git a/scripts/Common/Software/docker/services/drone/docker-compose.templates.yml b/scripts/Common/Software/docker/services/drone/docker-compose.templates.yml new file mode 100644 index 00000000..a671b0fe --- /dev/null +++ b/scripts/Common/Software/docker/services/drone/docker-compose.templates.yml @@ -0,0 +1,35 @@ +services: + ci-template: + build: + context: . + dockerfile: ci.Dockerfile + extends: + file: docker-compose.secrets.yml + service: template + restart: unless-stopped + env_file: + - server.common.env + docker-template: + image: drone/drone-runner-docker + restart: unless-stopped + extends: + file: docker-compose.secrets.yml + service: template + depends_on: [] + env_file: + - runner.common.env + environment: + DRONE_RUNNER_NAME: docker-runner + volumes: + - /var/run/docker.sock:/var/run/docker.sock + ssh-template: + image: drone/drone-runner-ssh + restart: unless-stopped + extends: + file: docker-compose.secrets.yml + service: template + depends_on: [] + env_file: + - runner.common.env + environment: + DRONE_RUNNER_NAME: ssh-runner diff --git a/scripts/Common/Software/docker/services/drone/main.fish b/scripts/Common/Software/docker/services/drone/main.fish new file mode 100644 index 00000000..32d042dc --- /dev/null +++ b/scripts/Common/Software/docker/services/drone/main.fish @@ -0,0 +1,141 @@ +#!/bin/env fish +begin + set -l dir (status dirname) + set -l source "$dir/docker-compose.templates.yml" + source "$dir/../service.fish" + + set -l environments \ + forgejo mydrone "" \ + github drone "" + + function installSW -V dir -V environments -V source + set -l root (getServiceRoot $argv) + set -l config "$root/docker-compose.yml" + set -l secrets (getServiceSecretsConfig $argv) + set -l ciTemplate (yq (getServiceKey ci-template) "$source") + set -l dockerTemplate (yq (getServiceKey docker-template) "$source") + set -l sshTemplate (yq (getServiceKey ssh-template) "$source") + initializeServiceInstallation $argv + echo "{}" | sudo tee "$config" >/dev/null + echo "{}" | sudo tee "$secrets" >/dev/null + + cp "$dir"/{ci.Dockerfile,.dockerignore} "$root" + echo "DRONE_JSONNET_ENABLED=true" | sudo tee "$root/server.common.env" >/dev/null + echo "DRONE_RUNNER_CAPACITY=2" | sudo tee "$root/runner.common.env" >/dev/null + + for i in (seq 1 3 (count $environments)) + set -l name $environments[$i] + set -l domain $environments[(math $i + 2)] + set -l subdomain $environments[(math $i + 1)] + set -l user $environments[(math $i + 3)] + set -l secret (openssl rand -hex 16) + set -l runners ssh docker + set -l services ci $runners + set -l tmpConfig (mktemp) + set -l tmpSecrets (mktemp) + set -l ciName "$name-ci" + set -l sshName "$name-ssh-runner" + set -l dockerName "$name-docker-runner" + set -l ciEnv + set -l sshEnv + set -l dockerEnv + + cp "$config" "$tmpConfig" + cp "$secrets" "$tmpSecrets" + + for serviceName in $services + set -l file (mktemp) + set -l nameVar "$serviceName""Name" + set -l serviceKey ".services.[\"$$nameVar\"]" + set "$serviceName""Key" "$serviceKey" + set "$serviceName""Env" "$serviceKey.environment" + end + + CI_NAME=$ciName \ + SECRET_ENV="$name.secret.env" \ + RUNNER_ENV="$name.runner.env" begin + begin + printf "%s\n" \ + DRONE_RPC_PROTO=http \ + "DRONE_RPC_HOST=$name-ci" + end | sudo tee "$root/$RUNNER_ENV" >/dev/null + + echo "DRONE_RPC_SECRET=$secret" | sudo tee "$root/$SECRET_ENV" >/dev/null + + yq "$ciKey = $ciTemplate" "$tmpConfig" | \ + ENTRY="./data/$name:/data" yq "$ciKey.volumes = [ env.ENTRY ]" | \ + yq "$ciKey.env_file |= . + [ env.SECRET_ENV ]" | \ + PROTO=https yq "$ciEnv.DRONE_SERVER_PROTO = env.PROTO" | \ + HOST=(getServiceDomain "$subdomain" "$domain") yq "$ciEnv.DRONE_SERVER_HOST = env.HOST" | \ + yq "$dockerKey = $dockerTemplate" | \ + yq "$sshKey = $sshTemplate" | \ + yq "$dockerKey.depends_on = [ env.CI_NAME ]" | \ + yq -y "." | \ + sudo tee "$config" >/dev/null + + for key in $dockerKey $sshKey + set -l file (mktemp) + + yq "$key.depends_on = [ env.CI_NAME ]" "$config" | \ + yq "$key.env_file |= . + [ env.RUNNER_ENV, env.SECRET_ENV ]" | \ + yq -y "." | \ + tee "$file" >/dev/null + + sudo cp "$file" "$config" + rm "$file" + end + + PORT="127.0.0.1:1337:80" yq "$ciKey.ports = [ env.PORT ]" "$tmpSecrets" | \ + yq -y "." | \ + sudo tee "$secrets" >/dev/null + end + end + + set -l services (yq --raw-output0 ".services | keys[]" "$config" | string split0) + + for service in $services + set -l file (mktemp) + set -l key "$(getServiceKey "$service").extends" + + cat "$config" | if string match "*-ci" "$service" >/dev/null + SERVICE="$service" yq "$key.service |= env.SERVICE" "$config" + else + yq "del($key)" "$config" + end | \ + yq -y "." | \ + tee "$file" >/dev/null + + sudo cp "$file" "$config" + rm "$file" + end + + installDockerService $argv + end + + function configureSW -V dir + configureDockerService $argv + end + + function getServiceServers -V environments + argparse -i "name=" -- $argv + set -l name "$_flag_name" + + for i in (seq 1 3 (count $environments)) + set -l domain $environments[(math $i + 2)] + set -l subdomain $environments[(math $i + 1)] + printf "%s\0" "$subdomain" "$domain" + end + end + + function getServiceLocations -a index -V environments + set -l i (math (math (math $index - 1) / 2 "*" 3) + 1) + set -l name $environments[$i] + printf "%s\0" "$name-ci" / + end + + function getBackupArgs + printf "%s\n" --hidden --no-ignore "data|\.secrets?\." (getServiceRoot $argv) + end + + runInstaller --force $argv +end diff --git a/scripts/Common/Software/docker/services/service.fish b/scripts/Common/Software/docker/services/service.fish index a5ca5029..dd3917ab 100644 --- a/scripts/Common/Software/docker/services/service.fish +++ b/scripts/Common/Software/docker/services/service.fish @@ -21,6 +21,10 @@ begin echo "$root/$(getServiceName $argv)" end + function getServiceKey -a name + echo ".services.[$(echo "{}" | NAME="$name" jq "env.NAME")]" + end + function __getServiceNginxConfig -V nginxRoot echo "$nginxRoot/$(getServiceName $argv).conf" end @@ -30,7 +34,19 @@ begin end function __getServicePortKey -V secretsFile -a name - echo ".services.$name.ports[0]" + echo "$(getServiceKey "$name").ports[0]" + end + + function getServiceDomain -a subdomain domain + if [ -z "$domain" ] + set domain (getMachineFQDN) + end + + if [ -n "$subdomain" ] + set domain "$subdomain.$domain" + end + + echo "$domain" end function initializeServiceInstallation -V nginxRoot @@ -71,14 +87,7 @@ begin set -l domain $servers[(math $i + 1)] set -l subdomain $servers[(math $i)] set -l locations (getServiceLocations $i $argv | string split0) - - if [ -z "$domain" ] - set domain (getMachineFQDN) - end - - if [ -n "$subdomain" ] - set domain "$subdomain.$domain" - end + set domain (getServiceDomain "$subdomain" "$domain") begin printf "%s\n" \ @@ -109,7 +118,7 @@ begin sudo systemctl restart nginx end - function getBackupArgs -V root - printf "%s\n" --hidden --no-ignore . --exclude "docker-compose.yml" "$root" + function getBackupArgs + printf "%s\n" --hidden --no-ignore . --exclude "docker-compose.yml" (getServiceRoot $argv) end end