148 lines
3.4 KiB
YAML
148 lines
3.4 KiB
YAML
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: validate
|
|
|
|
steps:
|
|
- name: yamllint
|
|
image: sdesbure/yamllint:latest
|
|
commands:
|
|
- yamllint -c ./cicd/.yamllint.yaml .
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: build
|
|
|
|
depends_on:
|
|
- validate
|
|
|
|
steps:
|
|
- name: build and push image
|
|
image: quay.io/buildah/stable
|
|
privileged: true
|
|
network_mode: host
|
|
environment:
|
|
REGISTRY_HOST: "harbor.lan.theautomation.nl/k8s"
|
|
CONTAINERFILE: "./deploy/container/Containerfile"
|
|
STORAGE_DRIVER: "overlay"
|
|
FORMAT: "docker"
|
|
CONTEXT: "."
|
|
TLSVERIFY: "false"
|
|
USERNAME: "robot-drone"
|
|
PASSWORD:
|
|
from_secret: harbor_registry_drone_password
|
|
commands:
|
|
- |
|
|
echo "Build image..."
|
|
buildah --build-arg BUILD_UID=1000 --build-arg BUILD_GID=1000 --storage-driver=$${STORAGE_DRIVER} bud --format=$${FORMAT} \
|
|
--tls-verify=$${TLSVERIFY} -f $${CONTAINERFILE} \
|
|
-t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
|
|
-t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
|
|
- |
|
|
echo "Push image with latest tag..."
|
|
buildah push --creds=$${USERNAME}:$${PASSWORD} \
|
|
--tls-verify=$${TLSVERIFY} \
|
|
$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
|
|
docker://$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest
|
|
- |
|
|
echo "Push image with buildnumber tag..."
|
|
buildah push --creds=$${USERNAME}:$${PASSWORD} \
|
|
--tls-verify=$${TLSVERIFY} \
|
|
--digestfile=/tmp/image-digest \
|
|
$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
|
|
docker://$${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: deploy
|
|
|
|
depends_on:
|
|
- build
|
|
|
|
steps:
|
|
- name: upgrade k8s manifest
|
|
image: alpine:3
|
|
network_mode: host
|
|
environment:
|
|
REGISTRY_NAME: "k8s"
|
|
commands:
|
|
- sed -i -e
|
|
"s%/$${REGISTRY_NAME}/$${DRONE_REPO_NAME}:.*%/$${REGISTRY_NAME}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER}\"%1"
|
|
./deploy/k8s/manifest.yaml
|
|
|
|
- name: push k8s manifest
|
|
image: appleboy/drone-git-push:1-linux-amd64
|
|
settings:
|
|
remote_name: "git@github.com:${DRONE_REPO}"
|
|
branch: ${DRONE_BRANCH}
|
|
force: false
|
|
commit: true
|
|
commit_message: "[bot] [skip ci] bump image tag"
|
|
author_name: ci-bot
|
|
ssh_key:
|
|
from_secret: github_ssh_key
|
|
|
|
- name: apply k8s manifest
|
|
image: bitnami/kubectl
|
|
volumes:
|
|
- name: kubeconfig
|
|
path: /.kube
|
|
network_mode: host
|
|
commands:
|
|
- cat ./deploy/k8s/manifest.yaml
|
|
- kubectl apply -f ./deploy/k8s/manifest.yaml
|
|
|
|
volumes:
|
|
- name: kubeconfig
|
|
host:
|
|
path: /var/lib/.kube
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: notify
|
|
|
|
depends_on:
|
|
- deploy
|
|
|
|
trigger:
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
steps:
|
|
- name: slack
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: slack_webhook_url
|
|
channel: cicd
|
|
template: >
|
|
{{#success build.status}}
|
|
Build and deploy {{build.number}} of {{repo.name}} succeeded.
|
|
{{else}}
|
|
Build and deploy {{build.number}} of {{repo.name}} failed.
|
|
{{/success}}
|
|
|
|
---
|
|
kind: secret
|
|
name: harbor_registry_drone_password
|
|
get:
|
|
path: harbor-registry-drone-password
|
|
name: harbor-robot-password
|
|
|
|
---
|
|
kind: secret
|
|
name: github_ssh_key
|
|
get:
|
|
path: github-ssh-keys
|
|
name: id_rsa
|
|
|
|
---
|
|
kind: secret
|
|
name: slack_webhook_url
|
|
get:
|
|
path: slack-webhook-url
|
|
name: url
|