Merge pull request 'feat: Add Garage deploy' (#25) from garage into main

Reviewed-on: https://git.weko.io/resilien/resilien.fr/pulls/25

.dockerignore

@@ -1,4 +0,0 @@
-# Ignore everything
-**
-
-!public

.drone.yml

@@ -1,20 +1,26 @@
 ---
-  # drone encrypt resilien/resilien.fr $REGISTRY_PASSWORD
+# drone encrypt resilien/resilien.fr $AWS_ACCESS_KEY_ID
 kind: secret
-name: REGISTRY_PASSWORD
-data: dYAxgJzu+Ic48OIWSFSy1fIG/Z9UUb7ErEyN+3KyI3DaVl1HKWIjdhd6HQZNcgjyKqxZh+smR7CeklVTO2cJhAfQfXIu8ENfGW1QEiFM
+name: STAGING_AWS_ACCESS_KEY_ID
+data: FfmGMdepp8r8bXErlvn8p+QijBfkTtHHDpyMLEq/MMvF21k5IPgasU6DBSYQmSy3w2deAE/n
 
 ---
-# drone encrypt resilien/resilien.fr $REGISTRY_USER
+# drone encrypt resilien/resilien.fr $AWS_SECRET_ACCESS_KEY
 kind: secret
-name: REGISTRY_USER
-data: Y/LGloHcxShJGmqXaGvFJYLSCDbG7wWZap8oywddPdJfcw==
+name: STAGING_AWS_SECRET_ACCESS_KEY
+data: KfVK2Dmpj2Pprt9boMvOMWYY3tq6k5d+SF/EpnnZQfK5z7NGaTU8CzMC7m3YcHh+Z7OzTNMK7nbzgoQriLNd5EFfVwvGf2TFW+qSByYkrBOzAYHy/GD4Ejn6mLs=
 
 ---
-# drone encrypt resilien/resilien.fr "{\"auths\":{\"https://registry.weko.io\":{\"auth\":\"$(echo -n "$REGISTRY_USER:$REGISTRY_PASSWORD" | base64)\",\"email\":\"$REGISTRY_USER\"}}}"
+# drone encrypt resilien/resilien.fr $AWS_ACCESS_KEY_ID
 kind: secret
-name: REGISTRY_CONFIG
-data: ICKt0HnBLKDrCNUH1xJnOKCwOMn/R+xMqtO8AxQ8ZorJO/J1O3hUFx3gYH6uKe3y3qa73zGPjSHnTGFv43eGBS0K8L0qQtXdLqIKTOQiIMK9CENN+w8uULCKSls01XHv7zY0bGR5FjmniXCLNYHiWHnJOi8xbAkDorhy6GwhBBpsumsZ6uzA5I0NfHTs+gplvQh6H+6Dmh03ygx39pMfE+P1F2D5VS9OiieS
+name: PRODUCTION_AWS_ACCESS_KEY_ID
+data: IHBJJpNYL76/4+h3eJQF0dxuHlybyNU7ruM1OOjkM8W1N++IG8FGtFTVi3mHVu1h4DHgc+ux
+
+---
+# drone encrypt resilien/resilien.fr $AWS_SECRET_ACCESS_KEY
+kind: secret
+name: PRODUCTION_AWS_SECRET_ACCESS_KEY
+data: RciAFkEXLF+Czpk5EclFKU/Nq9ivYoBv5xR96LURauZWLJacfx/o1Pr+1neK+W7R6XJ80nYqNySPex3cce9QjEc3ijr+FVXAHvqZbC2QTYfXv56iiruTljBznaU=
 
 ---
 kind: pipeline
@@ -40,7 +46,7 @@ steps:
   - (cd themes/hugo-theme-lowtech && npm i)
 
 - name: build website
-  image: jakejarvis/hugo-extended
+  image: klakegg/hugo:0.101.0-ext-debian-ci
   commands:
     - hugo --minify --environment production
 
@@ -52,20 +58,15 @@ steps:
   commands:
   - node themes/hugo-theme-lowtech/scripts/typo
 
-- name: build and push docker image on registry
-  image: plugins/docker
-  settings:
-    username:
-      from_secret: REGISTRY_USER
-    password:
-      from_secret: REGISTRY_PASSWORD
-    repo: registry.weko.io/resilien_fr
-    registry: registry.weko.io
-    tags:
-      - latest
-
-image_pull_secrets:
-- REGISTRY_CONFIG
+- name: deploy
+  image: klakegg/hugo:0.101.0-ext-debian-ci
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
+  commands:
+    - hugo deploy --environment production
 
 trigger:
   event:
@@ -102,7 +103,7 @@ steps:
   - (cd themes/hugo-theme-lowtech && npm i)
 
 - name: build website
-  image: jakejarvis/hugo-extended
+  image: klakegg/hugo:0.101.0-ext-debian-ci
   commands:
     - hugo --minify --buildDrafts --buildFuture --environment staging
 
@@ -114,20 +115,15 @@ steps:
   commands:
   - node themes/hugo-theme-lowtech/scripts/typo
 
-- name: push docker image on registry
-  image: plugins/docker
-  settings:
-    username:
-      from_secret: REGISTRY_USER
-    password:
-      from_secret: REGISTRY_PASSWORD
-    repo: registry.weko.io/resilien_fr
-    registry: registry.weko.io
-    tags:
-      - staging
-
-image_pull_secrets:
-- REGISTRY_CONFIG
+- name: deploy
+  image: klakegg/hugo:0.101.0-ext-debian-ci
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: STAGING_AWS_ACCESS_KEY_ID
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: STAGING_AWS_SECRET_ACCESS_KEY
+  commands:
+    - hugo deploy --environment staging
 
 trigger:
   event:

.env

@@ -1,4 +0,0 @@
-DOCKER_CONTEXT=vert.weko.resilien
-NAME=vert.weko.resilien
-URL=resilien.fr
-STATS_CONTAINER=resilien-stats

Dockerfile

@@ -1,4 +0,0 @@
-FROM registry.weko.io/nginx-lowtech:0.1.0
-
-# Copie des sources du site
-COPY public /usr/share/nginx/html

config/production/config.yml

@@ -1 +1,7 @@
 baseURL: https://resilien.fr/
+
+deployment:
+  targets:
+    - name: production
+      URL: >-
+        s3://resilien.fr?endpoint=http://10.20.20.10:3900&disableSSL=true&s3ForcePathStyle=true&region=garage

config/staging/config.yml

@@ -1 +1,7 @@
 baseURL: https://staging.resilien.fr/
+
+deployment:
+  targets:
+    - name: staging
+      URL: >-
+        s3://staging.resilien.fr?endpoint=http://10.20.20.10:3900&disableSSL=true&s3ForcePathStyle=true&region=garage

docker-compose.prod.yml

@@ -1,38 +0,0 @@
-version: "3.8"
-
-volumes:
-  resilien-log:
-    name: resilien-log
-  resilien-stats:
-    name: resilien-stats
-
-services:
-  resilien-prod:
-    container_name: resilien-prod
-    build: .
-    image: registry.weko.io/resilien_fr:latest
-    restart: always
-    labels:
-      traefik.enable: "true"
-      traefik.http.routers.resilien.rule: "Host(`${URL}`)"
-      traefik.http.routers.resilien.entrypoints: "web"
-      com.centurylinklabs.watchtower.enable: true
-    volumes:
-      - resilien-log:/var/log/nginx
-      - resilien-stats:/usr/share/nginx/html/stats
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-
-  resilien-stats:
-    container_name: resilien-stats
-    image: registry.weko.io/goaccess:1.5.1
-    restart: always
-    volumes:
-      - resilien-log:/var/log/nginx
-      - resilien-stats:/usr/share/nginx/html/stats
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-
-networks:
-  default:
-    name: traefik

docker-compose.staging.yml

@@ -1,20 +0,0 @@
-version: "3.8"
-
-networks:
-  default:
-    name: traefik
-
-services:
-  resilien-staging:
-    container_name: resilien-staging
-    build: .
-    image: registry.weko.io/resilien_fr:staging
-    restart: always
-    labels:
-      traefik.enable: "true"
-      traefik.http.routers.resilien-staging.rule: "Host(`staging.${URL}`)"
-      traefik.http.routers.resilien-staging.entrypoints: "web"
-      com.centurylinklabs.watchtower.enable: true
-    volumes:
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro