Merge pull request marcel-dempers#9 from marcel-dempers/drone-ci

marcel-dempers · web-flow · commit bc96847851d2 · 2020-05-20T13:08:41.000Z
drone-ci-video
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -1,33 +1,34 @@
-name: Docker Series Builds
+# name: Docker Series Builds
 
-on: [push]
+# #uncomment to enable push trigger
+# #on: [push]
 
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: docker login
-      env:
-        DOCKER_USER: ${{ secrets.DOCKER_USER }}   
-        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}  
-      run: |
-        docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
-    - name: docker build csharp
-      run: |
-        docker build ./c# -t aimvector/csharp:1.0.0
-    - name: docker build nodejs
-      run: |
-        docker build ./nodejs -t aimvector/nodejs:1.0.0
-    - name: docker build python
-      run: |
-        docker build ./python -t aimvector/python:1.0.0
-    - name: docker build golang
-      run: |
-        docker build ./golang -t aimvector/golang:1.0.0
-    - name: docker push
-      run: |
-        docker push aimvector/csharp:1.0.0
-        docker push aimvector/nodejs:1.0.0
-        docker push aimvector/golang:1.0.0
-        docker push aimvector/python:1.0.0
+# jobs:
+#   build:
+#     runs-on: ubuntu-latest
+#     steps:
+#     - uses: actions/checkout@v2
+#     - name: docker login
+#       env:
+#         DOCKER_USER: ${{ secrets.DOCKER_USER }}   
+#         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}  
+#       run: |
+#         docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
+#     - name: docker build csharp
+#       run: |
+#         docker build ./c# -t aimvector/csharp:1.0.0
+#     - name: docker build nodejs
+#       run: |
+#         docker build ./nodejs -t aimvector/nodejs:1.0.0
+#     - name: docker build python
+#       run: |
+#         docker build ./python -t aimvector/python:1.0.0
+#     - name: docker build golang
+#       run: |
+#         docker build ./golang -t aimvector/golang:1.0.0
+#     - name: docker push
+#       run: |
+#         docker push aimvector/csharp:1.0.0
+#         docker push aimvector/nodejs:1.0.0
+#         docker push aimvector/golang:1.0.0
+#         docker push aimvector/python:1.0.0
diff --git a/drone-ci/drone.yml b/drone-ci/drone.yml
@@ -0,0 +1,32 @@
+---
+kind: pipeline
+type: kubernetes
+name: default
+
+steps:
+- name: build-push
+  image: docker:dind
+  volumes:
+  - name: dockersock
+    path: /var/run
+  environment:
+    DOCKER_USER:
+      from_secret: DOCKER_USER
+    DOCKER_PASSWORD:
+      from_secret: DOCKER_PASSWORD
+  commands:
+  - sleep 5 ## give docker enough time to start
+  - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
+  - docker build ./golang -t aimvector/golang:1.0.0
+  - docker push aimvector/golang:1.0.0
+
+services:
+- name: docker
+  image: docker:dind
+  privileged: true
+  volumes:
+  - name: dockersock
+    path: /var/run
+volumes:
+- name: dockersock
+  temp: {}
diff --git a/drone-ci/postgres/postgres.yaml b/drone-ci/postgres/postgres.yaml
@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: postgres-config
+  labels:
+    app: postgres
+data:
+  POSTGRES_DB: postgresdb
+  POSTGRES_USER: postgresadmin
+  POSTGRES_PASSWORD: admin123
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres
+spec:
+  serviceName: "postgres"
+  selector:
+    matchLabels:
+      app: postgres
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:10.4
+          imagePullPolicy: "IfNotPresent"
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - configMapRef:
+                name: postgres-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  labels:
+    app: postgres
+spec:
+  selector:
+    app: postgres
+  ports:
+    - protocol: TCP
+      name: http
+      port: 5432
+      targetPort: 5432
diff --git a/drone-ci/runner/dronerunner-rbac.yaml b/drone-ci/runner/dronerunner-rbac.yaml
@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: drone
+  name: drone-runner
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone-runner
+  namespace: drone
+subjects:
+- kind: ServiceAccount
+  name: drone-runner
+  namespace: drone
+roleRef:
+  kind: Role
+  name: drone-runner
+  apiGroup: rbac.authorization.k8s.io
diff --git a/drone-ci/runner/dronerunner.yaml b/drone-ci/runner/dronerunner.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-runner
+  labels:
+    app.kubernetes.io/name: drone-runner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: drone
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: drone
+    spec:
+      serviceAccountName: drone-runner
+      containers:
+      - name: runner
+        image: drone/drone-runner-kube:latest
+        ports:
+        - containerPort: 3000
+        env:
+        - name: DRONE_NAMESPACE_DEFAULT
+          value: drone
+        - name: DRONE_SERVICE_ACCOUNT_DEFAULT
+          value: drone-runner
+        - name: DRONE_RPC_HOST
+          value: droneserver.drone
+        - name: DRONE_RPC_PROTO
+          value: http
+        - name: DRONE_RPC_SECRET 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_RPC_SECRET
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: drone-runner
+  labels:
+    app.kubernetes.io/name: drone-runner
diff --git a/drone-ci/server/droneserver-deployment.yaml b/drone-ci/server/droneserver-deployment.yaml
@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drone-server
+  labels:
+    app: drone-server
+  annotations:
+spec:
+  selector:
+    matchLabels:
+      app: drone-server
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: drone-server
+    spec:
+      containers:
+      - name: drone-server
+        image: drone/drone:1.6.5
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+        - containerPort: 443
+        env:
+        - name: DRONE_USER_CREATE 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_USER_CREATE
+        - name: DRONE_DATABASE_DRIVER
+          value: postgres
+        - name: DRONE_DATABASE_DATASOURCE 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_DATABASE_DATASOURCE
+        - name: DRONE_SERVER_PROTO
+          value: https
+        - name: DRONE_SERVER_HOST 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_SERVER_HOST
+        - name: DRONE_GITHUB_CLIENT_ID 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_GITHUB_CLIENT_ID
+        - name: DRONE_GITHUB_CLIENT_SECRET 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_GITHUB_CLIENT_SECRET
+        - name: DRONE_RPC_SECRET 
+          valueFrom:
+            secretKeyRef:
+              name: drone-server-secret
+              key: DRONE_RPC_SECRET
diff --git a/drone-ci/server/droneserver-ingress.yaml b/drone-ci/server/droneserver-ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: drone-server
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/frontend-entry-points: http,https
+    traefik.ingress.kubernetes.io/redirect-entry-point: https
+    traefik.ingress.kubernetes.io/redirect-permanent: "true"
+spec:
+  rules:
+  - host: drone.marceldempers.dev
+    http:
+      paths:
+      - backend:
+          serviceName: droneserver
+          servicePort: 80
+        path: /
diff --git a/drone-ci/server/droneserver-secret.yaml b/drone-ci/server/droneserver-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: drone-server-secret
+type: Opaque
+data:
+  DRONE_GITHUB_CLIENT_ID: xxxxxxx     #Get this from GitHub OAUTH
+  DRONE_GITHUB_CLIENT_SECRET: xxxxxxx #Get this from GitHub OAUTH
+  DRONE_RPC_SECRET: xxxxxxx           #openssl rand -hex 16
+  DRONE_DATABASE_DATASOURCE: xxxxxxx  #postgres://postgresadmin:admin123@postgres:5432/postgresdb?sslmode=disable
+  DRONE_USER_CREATE: xxxxxxx          #username:marcel-dempers,admin:true
+  DRONE_SERVER_HOST: xxxxxxx          #drone.marceldempers.dev
diff --git a/drone-ci/server/droneserver-service.yaml b/drone-ci/server/droneserver-service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: droneserver
+  labels:
+    app: drone-server
+spec:
+  type: ClusterIP
+  selector:
+    app: drone-server
+  ports:
+    - protocol: TCP
+      name: http
+      port: 80
+      targetPort: 80
+    - protocol: TCP
+      name: https
+      port: 443
+      targetPort: 443
