blog.lazkani.io/.drone.yml

---
kind: pipeline
name: generate-blog

clone:
  depth: 1

steps:
- name: update-submodules
  image: alpine/git
  commands:
   - git submodule update --init --recursive

- name: generate-blog
  image: plugins/hugo
  settings:
    hugo_version: 0.84.4
    validate: true
    pull: always
  depends_on:
    - update-submodules

- name: clean-up-images
  image: alpine
  commands:
    - rm -rf public/images/*
  depends_on:
    - generate-blog

- name: test-build-container
  image: plugins/docker
  settings:
    registry: scm.project42.io
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
    repo: scm.project42.io/elia/blog
    dry_run: true
    squash: true
    purge: false
    tags:
    - "${DRONE_COMMIT_SHA:0:8}"
  depends_on:
    - clean-up-images

- name: trivy-scan
  image: docker.io/aquasec/trivy:latest
  volumes:
    - name: dockersock
      path: /var/run/docker.sock
  commands:
    - docker build -t "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" .
    - trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
    - trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
    - docker rmi "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
  depends_on:
    - test-build-container

volumes:
- name: dockersock
  host:
    path: /var/run/docker.sock

- name: build-container
  image: plugins/docker
  settings:
    registry: scm.project42.io
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
    repo: scm.project42.io/elia/blog
    dry_run: false
    squash: true
    tags:
    - latest
    - "${DRONE_COMMIT_SHA:0:8}"
  when:
    event:
    - promote
    target:
    - production

---
kind: pipeline
name: deploy-blog

clone:
  depth: 1

steps:
  - name: syntax-check
    image: plugins/ansible:latest
    settings:
      playbook: ansible/site.yml
      inventory: ansible/inventory/hcloud.yml
      requirements: ansible/requirements.txt
      tags: blog
      check: true
      diff: true
      syntax_check: true
      extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
    environment:
      HCLOUD_TOKEN:
        from_secret: hcloud_token

  - name: dry-run
    image: plugins/ansible:latest
    settings:
      playbook: ansible/site.yml
      inventory: ansible/inventory/hcloud.yml
      requirements: ansible/requirements.txt
      tags: blog
      check: true
      diff: true
      syntax_check: false
      extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8},check_mode=true"
      private_key:
        from_secret: ansible_private_key
      user:
        from_secret: ansible_user
    environment:
      HCLOUD_TOKEN:
        from_secret: hcloud_token

  - name: deploy
    image: plugins/ansible:latest
    settings:
      playbook: ansible/site.yml
      inventory: ansible/inventory/hcloud.yml
      requirements: ansible/requirements.txt
      tags: blog
      check: false
      diff: true
      syntax_check: false
      extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
      private_key:
        from_secret: ansible_private_key
      user:
        from_secret: ansible_user
    environment:
      HCLOUD_TOKEN:
        from_secret: hcloud_token
    when:
      event:
      - promote
      target:
      - production

depends_on:
  - generate-blog
chore(): Adding rudimentary pipeline 2021-07-04 06:22:25 +00:00			`---`
			`kind: pipeline`
chore(): Migrates deployment to ansible 2023-07-01 16:21:19 +00:00			`name: generate-blog`
chore(): Adding rudimentary pipeline 2021-07-04 06:22:25 +00:00
fix(): No need for a full history lesson 2021-07-04 07:54:30 +00:00			`clone:`
			`depth: 1`

chore(): Adding rudimentary pipeline 2021-07-04 06:22:25 +00:00			`steps:`
chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00			`- name: update-submodules`
fix(): Adds step to pull the theme 2021-07-04 06:35:32 +00:00			`image: alpine/git`
			`commands:`
			`- git submodule update --init --recursive`

chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00			`- name: generate-blog`
chore(): Adding rudimentary pipeline 2021-07-04 06:22:25 +00:00			`image: plugins/hugo`
			`settings:`
			`hugo_version: 0.84.4`
			`validate: true`
fix(): Testing if pull will pull modules 2021-07-04 06:24:48 +00:00			`pull: always`
fix(): Adds pipeline dependency to stop parallelism 2023-07-02 22:05:28 +00:00			`depends_on:`
			`- update-submodules`
enhance(): Adds the deploy phase 2021-07-04 06:59:25 +00:00
chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00			`- name: clean-up-images`
			`image: alpine`
enhance(): Adds the deploy phase 2021-07-04 06:59:25 +00:00			`commands:`
fix(): We don't need no favicon \o/ 2021-07-04 08:34:04 +00:00			`- rm -rf public/images/*`
fix(): Adds pipeline dependency to stop parallelism 2023-07-02 22:05:28 +00:00			`depends_on:`
			`- generate-blog`
enhance(): Adds the deploy phase 2021-07-04 06:59:25 +00:00
chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00			`- name: test-build-container`
			`image: plugins/docker`
			`settings:`
			`registry: scm.project42.io`
			`username:`
			`from_secret: registry_username`
			`password:`
			`from_secret: registry_password`
			`repo: scm.project42.io/elia/blog`
			`dry_run: true`
			`squash: true`
test(): Testing with Trivy container scanning 2023-07-02 21:49:21 +00:00			`purge: false`
chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00			`tags:`
			`- "${DRONE_COMMIT_SHA:0:8}"`
fix(): Adds pipeline dependency to stop parallelism 2023-07-02 22:05:28 +00:00			`depends_on:`
			`- clean-up-images`
chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00
test(): Testing with Trivy container scanning 2023-07-02 21:49:21 +00:00			`- name: trivy-scan`
			`image: docker.io/aquasec/trivy:latest`
fix(): Mounts docker socket 2023-07-02 22:01:08 +00:00			`volumes:`
			`- name: dockersock`
			`path: /var/run/docker.sock`
test(): Testing with Trivy container scanning 2023-07-02 21:49:21 +00:00			`commands:`
fix(): Builds the container to scan 2023-07-02 22:14:46 +00:00			`- docker build -t "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" .`
test(): Testing with Trivy container scanning 2023-07-02 21:49:21 +00:00			`- trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"`
			`- trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"`
fix(): Builds the container to scan 2023-07-02 22:14:46 +00:00			`- docker rmi "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"`
test(): Testing with Trivy container scanning 2023-07-02 21:49:21 +00:00			`depends_on:`
			`- test-build-container`

fix(): Mounts docker socket 2023-07-02 22:01:08 +00:00			`volumes:`
			`- name: dockersock`
			`host:`
			`path: /var/run/docker.sock`

chore(): Building blog container for deployment 2023-07-01 15:47:58 +00:00			`- name: build-container`
			`image: plugins/docker`
			`settings:`
			`registry: scm.project42.io`
			`username:`
			`from_secret: registry_username`
			`password:`
			`from_secret: registry_password`
			`repo: scm.project42.io/elia/blog`
			`dry_run: false`
			`squash: true`
			`tags:`
			`- latest`
			`- "${DRONE_COMMIT_SHA:0:8}"`
			`when:`
			`event:`
			`- promote`
			`target:`
			`- production`
chore(): Migrates deployment to ansible 2023-07-01 16:21:19 +00:00
			`---`
			`kind: pipeline`
			`name: deploy-blog`

			`clone:`
			`depth: 1`

			`steps:`
			`- name: syntax-check`
			`image: plugins/ansible:latest`
			`settings:`
			`playbook: ansible/site.yml`
			`inventory: ansible/inventory/hcloud.yml`
			`requirements: ansible/requirements.txt`
			`tags: blog`
			`check: true`
			`diff: true`
			`syntax_check: true`
			`extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"`
			`environment:`
			`HCLOUD_TOKEN:`
			`from_secret: hcloud_token`

			`- name: dry-run`
			`image: plugins/ansible:latest`
			`settings:`
			`playbook: ansible/site.yml`
			`inventory: ansible/inventory/hcloud.yml`
			`requirements: ansible/requirements.txt`
			`tags: blog`
			`check: true`
			`diff: true`
			`syntax_check: false`
fix(): Adds failsafe to the check mode This fixes the first deployment problem. 2023-07-01 17:08:30 +00:00			`extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8},check_mode=true"`
fix(): Adds ansible credentials to the pipeline 2023-07-01 16:29:55 +00:00			`private_key:`
			`from_secret: ansible_private_key`
			`user:`
			`from_secret: ansible_user`
chore(): Migrates deployment to ansible 2023-07-01 16:21:19 +00:00			`environment:`
			`HCLOUD_TOKEN:`
			`from_secret: hcloud_token`

			`- name: deploy`
			`image: plugins/ansible:latest`
			`settings:`
			`playbook: ansible/site.yml`
			`inventory: ansible/inventory/hcloud.yml`
			`requirements: ansible/requirements.txt`
			`tags: blog`
			`check: false`
			`diff: true`
			`syntax_check: false`
			`extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"`
fix(): Adds ansible credentials to the pipeline 2023-07-01 16:29:55 +00:00			`private_key:`
			`from_secret: ansible_private_key`
			`user:`
			`from_secret: ansible_user`
chore(): Migrates deployment to ansible 2023-07-01 16:21:19 +00:00			`environment:`
			`HCLOUD_TOKEN:`
			`from_secret: hcloud_token`
			`when:`
			`event:`
			`- promote`
			`target:`
			`- production`

			`depends_on:`
			`- generate-blog`