From 94d2c22fc582db9d15efccf3333aa7a52d9d688b Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sun, 19 May 2019 01:44:23 +0200 Subject: [PATCH] add gitea oauth variables --- .drone.jsonnet | 112 ++++++++++++++++++++++ .drone.yml | 83 ++++++++++++---- defaults/main.yml | 9 +- templates/services/droneci-compose.yml.j2 | 10 +- 4 files changed, 193 insertions(+), 21 deletions(-) create mode 100644 .drone.jsonnet diff --git a/.drone.jsonnet b/.drone.jsonnet new file mode 100644 index 0000000..a5bca5b --- /dev/null +++ b/.drone.jsonnet @@ -0,0 +1,112 @@ +local AnsibleVersions(version="latest", package="ansible") = { + name: "ansible-" + version, + image: "python:3.7", + pull: "always", + environment: { + PY_COLORS: 1 + }, + commands: [ + "pip install " + package + " ansible-later~=0.2.0 -qq", + "git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy", + "ansible-later -c ~/policy/config.yml" + ], + depends_on: [ + "clone", + ], +}; + +local PipelineLinting = { + kind: "pipeline", + name: "linting", + platform: { + os: "linux", + arch: "amd64", + }, + steps: [ + AnsibleVersions(version="latest", package="ansible"), + AnsibleVersions(version="master", package="git+https://github.com/ansible/ansible.git@devel"), + ], + trigger: { + ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"], + }, +}; + +local PipelineDeployment = { + kind: "pipeline", + name: "deployment", + platform: { + os: "linux", + arch: "amd64", + }, + workspace: { + base: "/drone/src", + path: "xoxys.nginx" + }, + steps: [ + { + name: "molecule", + image: "xoxys/molecule:ec2-linux-amd64", + pull: "always", + environment: { + ANSIBLE_ROLES_PATH: "/drone/src", + AWS_ACCESS_KEY_ID: { "from_secret": "aws_access_key_id" }, + AWS_SECRET_ACCESS_KEY: { "from_secret": "aws_secret_access_key" }, + AWS_REGION: "eu-central-1", + MOLECULE_CUSTOM_MODULES_REPO: "https://gitea.rknet.org/ansible/custom_modules", + MOLECULE_CUSTOM_FILTERS_REPO: "https://gitea.rknet.org/ansible/custom_filters", + PY_COLORS: 1 + }, + commands: [ + "/bin/bash /docker-entrypoint.sh", + "molecule create --scenario-name ec2-centos-7", + "molecule converge --scenario-name ec2-centos-7", + "molecule verify --scenario-name ec2-centos-7", + "molecule destroy --scenario-name ec2-centos-7", + ], + }, + ], + depends_on: [ + "linting", + ], + trigger: { + ref: ["refs/heads/master", "refs/tags/**"], + }, +}; + +local PipelineNotifications = { + kind: "pipeline", + name: "notifications", + platform: { + os: "linux", + arch: "amd64", + }, + clone: { + disable: true, + }, + steps: [ + { + name: "matrix", + image: "plugins/matrix", + settings: { + homeserver: "https://matrix.rknet.org", + roomid: "MtidqQXWWAtQcByBhH:rknet.org", + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}", + username: { "from_secret": "matrix_username" }, + password: { "from_secret": "matrix_password" }, + }, + }, + ], + // depends_on: [ + // "deployment", + // ], + trigger: { + status: [ "success", "failure" ], + ref: ["refs/heads/master", "refs/tags/**"], + }, +}; + +[ + PipelineLinting, + // PipelineDeployment, + PipelineNotifications, +] diff --git a/.drone.yml b/.drone.yml index 289d224..e4f6557 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,22 +1,71 @@ --- kind: pipeline -name: default +name: linting + +platform: + os: linux + arch: amd64 steps: - - name: ansible-latest - image: python:2.7 - pull: always - commands: - - pip install ansible ansible-later -q - - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - depends_on: [ clone ] +- name: ansible-latest + pull: always + image: python:3.7 + commands: + - pip install ansible ansible-later~=0.2.0 -qq + - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy + - ansible-later -c ~/policy/config.yml + environment: + PY_COLORS: 1 + depends_on: + - clone - - name: ansible-master - image: python:2.7 - pull: always - commands: - - pip install ansible ansible-later -q - - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - depends_on: [ clone ] +- name: ansible-master + pull: always + image: python:3.7 + commands: + - "pip install git+https://github.com/ansible/ansible.git@devel ansible-later~=0.2.0 -qq" + - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy + - ansible-later -c ~/policy/config.yml + environment: + PY_COLORS: 1 + depends_on: + - clone + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + - "refs/pull/**" + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +clone: + disable: true + +steps: +- name: matrix + image: plugins/matrix + settings: + homeserver: https://matrix.rknet.org + password: + from_secret: matrix_password + roomid: MtidqQXWWAtQcByBhH:rknet.org + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}" + username: + from_secret: matrix_username + +trigger: + ref: + - refs/heads/master + - "refs/tags/**" + status: + - success + - failure + +... diff --git a/defaults/main.yml b/defaults/main.yml index 2ec1154..75ab533 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,7 @@ droneci_secret: myveryownsecret droneci_restart_policy: always +droneci_server_container_name: drone-server droneci_server_image: "drone/drone:{{ droneci_version }}" droneci_server_exposed_port: 8080 droneci_server_exposed_ip: 127.0.0.1 @@ -17,8 +18,9 @@ droneci_server_exposed_ip: 127.0.0.1 # droneci_server_extra_hosts: [] droneci_server_privileged: False +droneci_agent_container_name: drone-agent droneci_agent_image: "drone/agent:{{ droneci_version }}" -dronevi_agent_capacity: 2 +droneci_agent_capacity: 2 # droneci_agent_memory_limit: 512m # defaults to not set # droneci_agent_memory_reservation: 256m # defaults to not set droneci_agent_privileged: False @@ -60,7 +62,10 @@ droneci_postgres_user: droneci_gitea_enabled: False droneci_gitea_server: http://my-git.example.com -droneci_gitea_skip_verify_enabled: False +droneci_gitea_skip_verify: False +# To enable gitea oauth set both +# droneci_gitea_oauth_client_id: 1111-222-33333-44444 # defaults to not set +# droneci_gitea_oauth_client_secret: 1234abcd5678efgh # defaults to not set droneci_tls_cert_path: droneci.pem droneci_tls_key_path: droneci.pem diff --git a/templates/services/droneci-compose.yml.j2 b/templates/services/droneci-compose.yml.j2 index 620d4c0..d398422 100644 --- a/templates/services/droneci-compose.yml.j2 +++ b/templates/services/droneci-compose.yml.j2 @@ -4,6 +4,7 @@ version: '2' services: droneserver: + container_name: {{ droneci_server_container_name }} image: {{ droneci_server_image }} ports: - {{ droneci_server_exposed_ip + ':' if droneci_server_exposed_ip is defined else '' }}{{ droneci_server_exposed_port }}:80 @@ -38,7 +39,11 @@ services: {% endif %} {% if droneci_gitea_enabled %} - DRONE_GITEA_SERVER={{ droneci_gitea_server }} - - DRONE_GITEA_SKIP_VERIFY={{ droneci_gitea_skip_verify_enabled | lower }} + - DRONE_GITEA_SKIP_VERIFY={{ droneci_gitea_skip_verify | lower }} + {% if droneci_gitea_oauth_client_id is defined and droneci_gitea_oauth_client_secret is defined %} + DRONE_GITEA_CLIENT_ID={{ droneci_gitea_oauth_client_id }} + DRONE_GITEA_CLIENT_SECRET={{ droneci_gitea_oauth_client_secret }} + {% endif %} {% endif %} {% if droneci_http_proxy is defined %} - HTTP_PROXY={{ droneci_http_proxy | join(',') }} @@ -58,6 +63,7 @@ services: {% endif %} droneagent: + container_name: {{ droneci_agent_container_name }} image: {{ droneci_agent_image }} depends_on: - droneserver @@ -69,7 +75,7 @@ services: environment: - DRONE_RPC_SERVER=http://droneserver - DRONE_RPC_SECRET={{ droneci_secret }} - - DRONE_RUNNER_CAPACITY={{ dronevi_agent_capacity }} + - DRONE_RUNNER_CAPACITY={{ droneci_agent_capacity }} # TODO: temp static value, needs to be replaced by a custom fact - DOCKER_API_VERSION=1.26 {% if droneci_agent_memory_limit is defined %}