Merge pull request 'feat: Add Garage deploy' (#25) from garage into main

Reviewed-on: https://git.weko.io/resilien/resilien.fr/pulls/25
2022-12-05 12:38:31 +01:00 · 2022-12-05 12:38:31 +01:00 · fefd4b5172
parent 275cb79cf2 591bcdc844
commit fefd4b5172
8 changed files with 47 additions and 109 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,4 +0,0 @@
 # Ignore everything
 **
 !public
--- a/.drone.yml
+++ b/.drone.yml
@ -1,20 +1,26 @@
 ---
-  # drone encrypt resilien/resilien.fr $REGISTRY_PASSWORD
+# drone encrypt resilien/resilien.fr $AWS_ACCESS_KEY_ID
 kind: secret
-name: REGISTRY_PASSWORD
+name: STAGING_AWS_ACCESS_KEY_ID
-data: dYAxgJzu+Ic48OIWSFSy1fIG/Z9UUb7ErEyN+3KyI3DaVl1HKWIjdhd6HQZNcgjyKqxZh+smR7CeklVTO2cJhAfQfXIu8ENfGW1QEiFM
+data: FfmGMdepp8r8bXErlvn8p+QijBfkTtHHDpyMLEq/MMvF21k5IPgasU6DBSYQmSy3w2deAE/n
 ---
-# drone encrypt resilien/resilien.fr $REGISTRY_USER
+# drone encrypt resilien/resilien.fr $AWS_SECRET_ACCESS_KEY
 kind: secret
-name: REGISTRY_USER
+name: STAGING_AWS_SECRET_ACCESS_KEY
-data: Y/LGloHcxShJGmqXaGvFJYLSCDbG7wWZap8oywddPdJfcw==
+data: KfVK2Dmpj2Pprt9boMvOMWYY3tq6k5d+SF/EpnnZQfK5z7NGaTU8CzMC7m3YcHh+Z7OzTNMK7nbzgoQriLNd5EFfVwvGf2TFW+qSByYkrBOzAYHy/GD4Ejn6mLs=
 ---
-# drone encrypt resilien/resilien.fr "{\"auths\":{\"https://registry.weko.io\":{\"auth\":\"$(echo -n "$REGISTRY_USER:$REGISTRY_PASSWORD" | base64)\",\"email\":\"$REGISTRY_USER\"}}}"
+# drone encrypt resilien/resilien.fr $AWS_ACCESS_KEY_ID
 kind: secret
-name: REGISTRY_CONFIG
+name: PRODUCTION_AWS_ACCESS_KEY_ID
-data: ICKt0HnBLKDrCNUH1xJnOKCwOMn/R+xMqtO8AxQ8ZorJO/J1O3hUFx3gYH6uKe3y3qa73zGPjSHnTGFv43eGBS0K8L0qQtXdLqIKTOQiIMK9CENN+w8uULCKSls01XHv7zY0bGR5FjmniXCLNYHiWHnJOi8xbAkDorhy6GwhBBpsumsZ6uzA5I0NfHTs+gplvQh6H+6Dmh03ygx39pMfE+P1F2D5VS9OiieS
+data: IHBJJpNYL76/4+h3eJQF0dxuHlybyNU7ruM1OOjkM8W1N++IG8FGtFTVi3mHVu1h4DHgc+ux
 ---
 # drone encrypt resilien/resilien.fr $AWS_SECRET_ACCESS_KEY
 kind: secret
 name: PRODUCTION_AWS_SECRET_ACCESS_KEY
 data: RciAFkEXLF+Czpk5EclFKU/Nq9ivYoBv5xR96LURauZWLJacfx/o1Pr+1neK+W7R6XJ80nYqNySPex3cce9QjEc3ijr+FVXAHvqZbC2QTYfXv56iiruTljBznaU=
 ---
 kind: pipeline
@ -40,7 +46,7 @@ steps:
  - (cd themes/hugo-theme-lowtech && npm i)
 - name: build website
-  image: jakejarvis/hugo-extended
+  image: klakegg/hugo:0.101.0-ext-debian-ci
  commands:
    - hugo --minify --environment production
@ -52,20 +58,15 @@ steps:
  commands:
  - node themes/hugo-theme-lowtech/scripts/typo
- name: build and push docker image on registry
+- name: deploy
-  image: plugins/docker
+  image: klakegg/hugo:0.101.0-ext-debian-ci
-  settings:
+  environment:
-    username:
+    AWS_ACCESS_KEY_ID:
-      from_secret: REGISTRY_USER
+      from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
-    password:
+    AWS_SECRET_ACCESS_KEY:
-      from_secret: REGISTRY_PASSWORD
+      from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
-    repo: registry.weko.io/resilien_fr
+  commands:
-    registry: registry.weko.io
+    - hugo deploy --environment production
    tags:
      - latest
 image_pull_secrets:
 - REGISTRY_CONFIG
 trigger:
  event:
@ -102,7 +103,7 @@ steps:
  - (cd themes/hugo-theme-lowtech && npm i)
 - name: build website
-  image: jakejarvis/hugo-extended
+  image: klakegg/hugo:0.101.0-ext-debian-ci
  commands:
    - hugo --minify --buildDrafts --buildFuture --environment staging
@ -114,20 +115,15 @@ steps:
  commands:
  - node themes/hugo-theme-lowtech/scripts/typo
- name: push docker image on registry
+- name: deploy
-  image: plugins/docker
+  image: klakegg/hugo:0.101.0-ext-debian-ci
-  settings:
+  environment:
-    username:
+    AWS_ACCESS_KEY_ID:
-      from_secret: REGISTRY_USER
+      from_secret: STAGING_AWS_ACCESS_KEY_ID
-    password:
+    AWS_SECRET_ACCESS_KEY:
-      from_secret: REGISTRY_PASSWORD
+      from_secret: STAGING_AWS_SECRET_ACCESS_KEY
-    repo: registry.weko.io/resilien_fr
+  commands:
-    registry: registry.weko.io
+    - hugo deploy --environment staging
    tags:
      - staging
 image_pull_secrets:
 - REGISTRY_CONFIG
 trigger:
  event:
--- a/.env
+++ b/.env
@ -1,4 +0,0 @@
 DOCKER_CONTEXT=vert.weko.resilien
 NAME=vert.weko.resilien
 URL=resilien.fr
 STATS_CONTAINER=resilien-stats
--- a/4
+++ b/4
@ -1,4 +0,0 @@
 FROM registry.weko.io/nginx-lowtech:0.1.0
 # Copie des sources du site
 COPY public /usr/share/nginx/html
--- a/config/production/config.yml
+++ b/config/production/config.yml
@ -1 +1,7 @@
 baseURL: https://resilien.fr/
 deployment:
  targets:
    - name: production
      URL: >-
        s3://resilien.fr?endpoint=http://10.20.20.10:3900&disableSSL=true&s3ForcePathStyle=true&region=garage
--- a/config/staging/config.yml
+++ b/config/staging/config.yml
@ -1 +1,7 @@
 baseURL: https://staging.resilien.fr/
 deployment:
  targets:
    - name: staging
      URL: >-
        s3://staging.resilien.fr?endpoint=http://10.20.20.10:3900&disableSSL=true&s3ForcePathStyle=true&region=garage
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -1,38 +0,0 @@
 version: "3.8"
 volumes:
  resilien-log:
    name: resilien-log
  resilien-stats:
    name: resilien-stats
 services:
  resilien-prod:
    container_name: resilien-prod
    build: .
    image: registry.weko.io/resilien_fr:latest
    restart: always
    labels:
      traefik.enable: "true"
      traefik.http.routers.resilien.rule: "Host(`${URL}`)"
      traefik.http.routers.resilien.entrypoints: "web"
      com.centurylinklabs.watchtower.enable: true
    volumes:
      - resilien-log:/var/log/nginx
      - resilien-stats:/usr/share/nginx/html/stats
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
  resilien-stats:
    container_name: resilien-stats
    image: registry.weko.io/goaccess:1.5.1
    restart: always
    volumes:
      - resilien-log:/var/log/nginx
      - resilien-stats:/usr/share/nginx/html/stats
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
 networks:
  default:
    name: traefik
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@ -1,20 +0,0 @@
 version: "3.8"
 networks:
  default:
    name: traefik
 services:
  resilien-staging:
    container_name: resilien-staging
    build: .
    image: registry.weko.io/resilien_fr:staging
    restart: always
    labels:
      traefik.enable: "true"
      traefik.http.routers.resilien-staging.rule: "Host(`staging.${URL}`)"
      traefik.http.routers.resilien-staging.entrypoints: "web"
      com.centurylinklabs.watchtower.enable: true
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro