From ecc197f08c8c6a454014ad00c4e0d1c8a4cbf37a Mon Sep 17 00:00:00 2001 From: Kevin Date: Mon, 12 Feb 2024 00:28:10 +0100 Subject: [PATCH] CI: Vault variables (#5) * Streamline publish and deploy w/ variables from local vault * Publish should wait for build * Updated Dockerfile to include compiling step within itself Previously it dependent on /build folder existing in project folder, this was done by CI pipeline sharing project directory between build and publish steps. This is no separated and Dockerfile compiles and serves. --- .drone.yml | 93 +++++++++++++++++++++++++++++++++++++++--------------- Dockerfile | 12 ++++++- 2 files changed, 79 insertions(+), 26 deletions(-) diff --git a/.drone.yml b/.drone.yml index d6ce662..3e87153 100644 --- a/.drone.yml +++ b/.drone.yml @@ -23,27 +23,41 @@ steps: commands: - yarn build +--- +kind: pipeline +type: docker +name: Publish + +platform: + os: linux + arch: amd64 + +steps: - name: Publish to ghcr image: plugins/docker settings: registry: ghcr.io - repo: ghcr.io/kevinmidboe/k9e.no + repo: ghcr.io/kevinmidboe/${DRONE_REPO_NAME} dockerfile: Dockerfile username: from_secret: GITHUB_USERNAME password: - from_secret: GITHUB_PASSWORD + from_secret: GHCR_UPLOAD_TOKEN tags: - latest - ${DRONE_COMMIT_SHA} - when: - event: - include: - - push - exclude: - - pull_request - branch: - - main + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main + +depends_on: + - Build --- kind: pipeline @@ -55,31 +69,60 @@ platform: arch: amd64 steps: + - name: Prepare kubernetes environment + image: alpine/k8s:1.25.15 + environment: + VAULT_TOKEN: + from_secret: VAULT_TOKEN + VAULT_HOST: + from_secret: VAULT_HOST + commands: + - mkdir -p /root/.kube + - echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env + - echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/_infra + | jq -r ".data.data.KUBE_CONFIG" > /root/.kube/config' + - 'curl -s + -H "X-Vault-Token: $VAULT_TOKEN" + $VAULT_HOST/v1/schleppe/data/kazan/_infra + | jq -cr ".data.data | .[\"ghcr-login-secret\"] | @base64" > /root/.kube/dockerconfig.json' + - echo "DOCKER_CONFIG=$(cat /root/.kube/dockerconfig.json)" >> /root/.kube/.env + - sed -i '/^$/!s/^/export /' /root/.kube/.env + volumes: + - name: kube-config + path: /root/.kube + - name: Deploy to kubernetes image: alpine/k8s:1.25.15 commands: - - mkdir -p /root/.kube - - echo $KUBE_CONFIG | base64 -di > /root/.kube/config - - export IMAGE=ghcr.io/kevinmidboe/k9e.no:${DRONE_COMMIT_SHA} + - source /root/.kube/.env > /dev/null 2>&1 - cat .kubernetes/*.yml | envsubst | kubectl --kubeconfig=/root/.kube/config apply -f - - environment: - KUBE_CONFIG: - from_secret: KUBE_CONFIG - when: - event: - include: - - push - exclude: - - pull_request - branch: - - main + volumes: + - name: kube-config + path: /root/.kube + +trigger: + event: + include: + - push + exclude: + - pull_request + branch: + - main depends_on: - Build + - Publish + +volumes: + - name: kube-config + temp: {} --- kind: signature -hmac: 21637711852b1b5a29ae8fb084cc536daa06f6223a6c3d8a622fdbd2b2df527b +hmac: 03e25f2d7d7c020ae68bf05137456105df022f967c02709740cf892a94ac8620 ... diff --git a/Dockerfile b/Dockerfile index 99969b2..770a9be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,16 @@ + +# Build the project +FROM node:lts-iron as builder + +ADD . . + +RUN yarn +RUN yarn build +# RUN make test + FROM nginx:alpine WORKDIR /app COPY ./nginx.conf /etc/nginx/nginx.conf -COPY ./build . +COPY --from=builder ./build .