diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..0621ecc --- /dev/null +++ b/.drone.yml @@ -0,0 +1,77 @@ +kind: pipeline +name: deploy +steps: +- name: docker + image: plugins/docker + settings: + registry: git.ar21.de + username: + from_secret: REGISTRY_USER + password: + from_secret: REGISTRY_PASS + repo: git.ar21.de/secondhemd/shbot + tags: latest + when: + branch: + - master +- name: docker-build + image: plugins/docker + settings: + registry: git.ar21.de + username: + from_secret: REGISTRY_USER + password: + from_secret: REGISTRY_PASS + repo: git.ar21.de/secondhemd/shbot + tags: latest + dry_run: true + when: + branch: + exclude: + - master +- name: dev docker + image: plugins/docker + settings: + registry: git.ar21.de + username: + from_secret: REGISTRY_USER + password: + from_secret: REGISTRY_PASS + repo: git.ar21.de/secondhemd/shbot + tags: dev + when: + branch: + - dev +- name: deploy + image: appleboy/drone-ssh + settings: + host: + - s.ar21.de + username: root + key: + from_secret: DEPLOY_SSH_KEY + port: 22 + command_timeout: 2m + script: + - cd ~/compose/shbot && docker compose pull shbot && docker compose up -d shbot + when: + branch: + - master +- name: deploy dev + image: appleboy/drone-ssh + settings: + host: + - s.ar21.de + username: root + key: + from_secret: DEPLOY_SSH_KEY + port: 22 + command_timeout: 2m + script: + - cd /root && docker compose -f shbot-dev.yaml pull shbot-dev && docker compose -f shbot-dev.yaml up -d shbot-dev + when: + branch: + - dev +when: + event: + - push \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..93171ee --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,91 @@ +stages: # List of stages for jobs, and their order of execution + - build + - test + - deploy + +docker-build-push: + # Use the official docker image. + image: docker:latest + stage: build + services: + - docker:dind + before_script: + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + script: + - docker build --pull -t "$CI_REGISTRY_IMAGE" . + - docker push "$CI_REGISTRY_IMAGE" + allow_failure: false + only: + - master + +docker-build-push-dev: + # Use the official docker image. + image: docker:latest + stage: build + services: + - docker:dind + before_script: + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + script: + - docker build --pull -t "$CI_REGISTRY_IMAGE:dev" . + - docker push "$CI_REGISTRY_IMAGE:dev" + allow_failure: false + only: + - dev + - merge_requests + +docker-build: + image: docker:latest + stage: build + services: + - docker:dind + before_script: + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + script: + - docker build --pull -t "$CI_REGISTRY_IMAGE" . + allow_failure: false + except: + - master + - dev + - merge_requests + +include: + - template: Security/Container-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml +container_scanning: + variables: + DOCKER_IMAGE: "$CI_REGISTRY_IMAGE${tag}" + stage: test + allow_failure: false + +deploy_dev: + stage: deploy + image: debian + before_script: + - apt-get update -qq + - 'which ssh-agent || ( apt-get install -qq openssh-client )' + - eval $(ssh-agent -s) + - ssh-add <(echo "$SSH_PRIVATE_KEY") + - mkdir -p ~/.ssh + - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' + script: + - ssh $SSH_SERVER "cd /root && docker-compose -f shbot-dev.yaml pull shbot-dev && docker-compose -f shbot-dev.yaml up -d shbot-dev && exit" + only: + - dev + - merge_requests + +deploy_staging: + stage: deploy + image: debian + before_script: + - apt-get update -qq + - 'which ssh-agent || ( apt-get install -qq openssh-client )' + - eval $(ssh-agent -s) + - ssh-add <(echo "$SSH_PRIVATE_KEY") + - mkdir -p ~/.ssh + - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' + script: + - ssh $SSH_SERVER "cd /root && docker-compose pull shbot && docker-compose up -d shbot && exit" + only: + - master + \ No newline at end of file diff --git a/.woodpecker/.build.yaml b/.woodpecker/.build.yaml deleted file mode 100644 index 32ff27f..0000000 --- a/.woodpecker/.build.yaml +++ /dev/null @@ -1,42 +0,0 @@ -steps: -- name: docker - image: woodpeckerci/plugin-docker-buildx - settings: - registry: git.ar21.de - username: - from_secret: REGISTRY_USER - password: - from_secret: REGISTRY_PASS - repo: git.ar21.de/secondhemd/shbot - tags: latest - when: - - branch: master - event: [push, manual] -- name: docker-build - image: woodpeckerci/plugin-docker-buildx - settings: - registry: git.ar21.de - username: - from_secret: REGISTRY_USER - password: - from_secret: REGISTRY_PASS - repo: git.ar21.de/secondhemd/shbot - tags: latest - dry_run: true - when: - - branch: - exclude: [master, dev] - event: [push, manual] -- name: dev docker - image: woodpeckerci/plugin-docker-buildx - settings: - registry: git.ar21.de - username: - from_secret: REGISTRY_USER - password: - from_secret: REGISTRY_PASS - repo: git.ar21.de/secondhemd/shbot - tags: dev - when: - - branch: dev - event: [push, manual] diff --git a/.woodpecker/.deploy.yaml b/.woodpecker/.deploy.yaml deleted file mode 100644 index fb99a19..0000000 --- a/.woodpecker/.deploy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -skip_clone: true -steps: -- name: deploy - image: appleboy/drone-ssh - settings: - host: - - s.ar21.de - username: root - key: - from_secret: DEPLOY_SSH_KEY - port: 22 - command_timeout: 2m - script: - - cd ~/compose/shbot && docker compose pull shbot && docker compose up -d shbot - when: - - branch: master - event: [push, manual] -- name: deploy dev - image: appleboy/drone-ssh - settings: - host: - - s.ar21.de - username: root - key: - from_secret: DEPLOY_SSH_KEY - port: 22 - command_timeout: 2m - script: - - cd /root && docker compose -f shbot-dev.yaml pull shbot-dev && docker compose -f shbot-dev.yaml up -d shbot-dev - when: - - branch: dev - event: [push, manual] -depends_on: - - build