KevinMidboe/k9e.no
1
0
Fork 0
mirror of https://github.com/KevinMidboe/k9e.no.git synced 2025-10-29 01:30:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

CI: Vault variables (#5)

Browse Source 
* Streamline publish and deploy w/ variables from local vault

* Publish should wait for build

* Updated Dockerfile to include compiling step within itself

Previously it dependent on /build folder existing in project folder,
this was done by CI pipeline sharing project directory between build and
publish steps. This is no separated and Dockerfile compiles and serves.
This commit is contained in:
Kevin
2024-02-12 00:28:10 +01:00
committed by Kevin Midboe
parent ab8f42f101
commit ecc197f08c
2 changed files with 79 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
.drone.yml
View File

@@ -23,27 +23,41 @@ steps:
commands: commands:
- yarn build - yarn build
---
kind: pipeline
type: docker
name: Publish
platform:
os: linux
arch: amd64
steps:
- name: Publish to ghcr - name: Publish to ghcr
image: plugins/docker image: plugins/docker
settings: settings:
registry: ghcr.io registry: ghcr.io
repo: ghcr.io/kevinmidboe/k9e.no repo: ghcr.io/kevinmidboe/${DRONE_REPO_NAME}
dockerfile: Dockerfile dockerfile: Dockerfile
username: username:
from_secret: GITHUB_USERNAME from_secret: GITHUB_USERNAME
password: password:
from_secret: GITHUB_PASSWORD from_secret: GHCR_UPLOAD_TOKEN
tags: tags:
- latest - latest
- ${DRONE_COMMIT_SHA} - ${DRONE_COMMIT_SHA}
when:
event: trigger:
include: event:
- push include:
exclude: - push
- pull_request exclude:
branch: - pull_request
- main branch:
- main
depends_on:
- Build
--- ---
kind: pipeline kind: pipeline
@@ -55,31 +69,60 @@ platform:
arch: amd64 arch: amd64
steps: steps:
- name: Prepare kubernetes environment
image: alpine/k8s:1.25.15
environment:
VAULT_TOKEN:
from_secret: VAULT_TOKEN
VAULT_HOST:
from_secret: VAULT_HOST
commands:
- mkdir -p /root/.kube
- echo "IMAGE=ghcr.io/kevinmidboe/${DRONE_REPO_NAME}:${DRONE_COMMIT_SHA}" > /root/.kube/.env
- echo "NAMESPACE=${DRONE_REPO_NAME}" >> /root/.kube/.env
- 'curl -s
-H "X-Vault-Token: $VAULT_TOKEN"
$VAULT_HOST/v1/schleppe/data/kazan/_infra
| jq -r ".data.data.KUBE_CONFIG" > /root/.kube/config'
- 'curl -s
-H "X-Vault-Token: $VAULT_TOKEN"
$VAULT_HOST/v1/schleppe/data/kazan/_infra
| jq -cr ".data.data | .[\"ghcr-login-secret\"] | @base64" > /root/.kube/dockerconfig.json'
- echo "DOCKER_CONFIG=$(cat /root/.kube/dockerconfig.json)" >> /root/.kube/.env
- sed -i '/^$/!s/^/export /' /root/.kube/.env
volumes:
- name: kube-config
path: /root/.kube
- name: Deploy to kubernetes - name: Deploy to kubernetes
image: alpine/k8s:1.25.15 image: alpine/k8s:1.25.15
commands: commands:
- mkdir -p /root/.kube - source /root/.kube/.env > /dev/null 2>&1
- echo $KUBE_CONFIG | base64 -di > /root/.kube/config
- export IMAGE=ghcr.io/kevinmidboe/k9e.no:${DRONE_COMMIT_SHA}
- cat .kubernetes/*.yml - cat .kubernetes/*.yml
| envsubst | envsubst
| kubectl --kubeconfig=/root/.kube/config apply -f - | kubectl --kubeconfig=/root/.kube/config apply -f -
environment: volumes:
KUBE_CONFIG: - name: kube-config
from_secret: KUBE_CONFIG path: /root/.kube
when:
event: trigger:
include: event:
- push include:
exclude: - push
- pull_request exclude:
branch: - pull_request
- main branch:
- main
depends_on: depends_on:
- Build - Build
- Publish
volumes:
- name: kube-config
temp: {}
--- ---
kind: signature kind: signature
hmac: 21637711852b1b5a29ae8fb084cc536daa06f6223a6c3d8a622fdbd2b2df527b hmac: 03e25f2d7d7c020ae68bf05137456105df022f967c02709740cf892a94ac8620
... ...

12
Dockerfile
View File

@@ -1,6 +1,16 @@
# Build the project
FROM node:lts-iron as builder
ADD . .
RUN yarn
RUN yarn build
# RUN make test
FROM nginx:alpine FROM nginx:alpine
WORKDIR /app WORKDIR /app
COPY ./nginx.conf /etc/nginx/nginx.conf COPY ./nginx.conf /etc/nginx/nginx.conf
COPY ./build . COPY --from=builder ./build .