---
kind: pipeline
type: docker
name: Build & deploy

platform:
  os: linux
  arch: amd64

clone:
  disable: true

# TODO
# grep on ssl_certificate and create fake certificates
# for nginx -p $DRONE_WORKSPACE -c $DRONE_WORKSPACE/nginx.conf

environment:
  NGINX_VERSION: 1.24.0

steps:
  - name: Clone w/ submodules
    image: alpine/git
    commands:
      - git clone $DRONE_REPO_LINK .
      - git checkout $DRONE_COMMIT
      - git submodule update --init --recursive

  - name: Verify config
    image: ubuntu/nginx:1.24-23.10_beta
    commands:
      - apt update
      - apt install openssl
      - cd $DRONE_WORKSPACE
      - mkdir .ssl
      - openssl req
        -x509
        -nodes
        -days 1
        -newkey rsa:4096
        -keyout .ssl/ssl-cert-snakeoil.key
        -out .ssl/ssl-cert-snakeoil.pem
        -batch

      - echo "Creating letsencrypt folders";
        grep -ro 'ssl_certificate[^;]*;' sites-available snippets | awk -F' ' '{print $2}' RS=';' |
        while read -r file; do if [ ! -z $file ]; then mkdir -p $(dirname $file); fi; done

      - echo "Creating snakeoil symlinks for ssl_cert references in nginx configs";
        grep -ro 'ssl_certificate [^;]*;' sites-available snippets |
        awk -F ' ' '{print $2}' RS=';' |
        while read -r file; do if [ ! -z $file ]; then ln -sf $PWD/.ssl/ssl-cert-snakeoil.pem $file; fi; done

      - echo "Creating snakeoil symlinks for ssl_cert_key references in nginx configs";
        grep -ro 'ssl_certificate_key [^;]*;' sites-available snippets |
        awk -F ' ' '{print $2}' RS=';' |
        while read -r file; do if [ ! -z $file ]; then ln -sf $PWD/.ssl/ssl-cert-snakeoil.key $file; fi; done

      - nginx -p $DRONE_WORKSPACE -c $DRONE_WORKSPACE/nginx.conf -t

  - name: Compile
    image: ubuntu/nginx:1.24-23.10_beta
    commands:
      - mkdir -p /tmp/nginx-build
      - apt update
      - apt install -y
        wget
        build-essential
        libpcre3
        libpcre3-dev
        zlib1g
        zlib1g-dev
        libssl-dev
        tree
      - cd /tmp
      - wget "http://nginx.org/download/nginx-$${NGINX_VERSION}.tar.gz"
      - tar -xvzf nginx-$${NGINX_VERSION}.tar.gz
      - cd nginx-$${NGINX_VERSION}
      - ./configure
        --prefix=/tmp/nginx-build
        --add-dynamic-module=$DRONE_WORKSPACE/modules-available/headers-more-nginx-module
        --with-compat
      - make
      - make install
      - cd $DRONE_WORKSPACE
      - mv /tmp/nginx-build/modules/* modules
      - tree -I modules-available

  - name: Verify config post build
    image: ubuntu/nginx:1.24-23.10_beta
    commands:
      - nginx -t

  - name: Setup credentials
    image: alpine:3.18.4
    commands:
      - mkdir .ssh
      - echo $NGINX_DEPLOY_KEY | base64 -di > .ssh/id_ed25519
      - echo "" >> .ssh/id_ed25519
      - chmod 600 .ssh/id_ed25519
#      - apk update
#      - apk add openssh-client
#      - eval $(ssh-agent -s)
#      - cat .ssh/id_ed25519 | tr -d '\r' | ssh-add - > /dev/null
#      - touch .ssh/known_hosts
#      - ssh-keyscan $NGINX_HOST >> .ssh/known_hosts
    environment:
      NGINX_DEPLOY_KEY:
        from_secret: NGINX_DEPLOY_KEY

  - name: Deploy
    image: alpine:3.18.4
    commands:
      - apk update
      - apk add rsync openssh
      - rsync
        -av
        -e "ssh -i .ssh/id_ed25519 -o StrictHostKeyChecking=no"
        --exclude available-modules
        modules $NGINX_USER@$NGINX_HOST:/etc/nginx/
    environment:
      NGINX_USER:
        from_secret: NGINX_USER
      NGINX_HOST:
        from_secret: NGINX_HOST


---
kind: signature
hmac: 03972a40959e14601d6c922c10f2d96f77f84f1ea88cc49e40aa0c69c755266b

...