Merge pull request #1 from Diesel-Net/development

Copy over files from drone-legacy repo

.ansible/ansible.cfg

@@ -0,0 +1,5 @@
+[defaults]
+stdout_callback = debug
+host_key_checking = False
+retry_files_enabled = False
+callback_whitelist = profile_tasks

.ansible/configure_cron_jobs.yaml

@@ -0,0 +1,5 @@
+# ansible-playbook configure_cron_jobs.yaml -i inventory/prod/hosts --vault-id ~/.tokens/vault.txt
+
+- hosts: drone
+  roles:
+    - configure_cron_jobs

.ansible/configure_repositories.yaml

@@ -0,0 +1,5 @@
+# ansible-playbook configure_repositories.yaml -i inventory/prod/hosts --vault-id ~/.tokens/master_id
+
+- hosts: drone
+  roles:
+    - configure_repositories

.ansible/configure_secrets.yaml

@@ -0,0 +1,5 @@
+# ansible-playbook configure_secrets.yaml -i inventory/prod/hosts --vault-id ~/.tokens/master_id
+
+- hosts: drone
+  roles:
+    - configure_secrets

.ansible/deploy.yaml

@@ -0,0 +1,5 @@
+# ansible-playbook deploy.yaml -i inventory/prod/hosts --vault-id ~/.tokens/master_id
+
+- hosts: drone
+  roles:
+    - setup

.ansible/files/requirements.txt

@@ -0,0 +1,2 @@
+jmespath==0.10.0
+dnspython==2.1.0

.ansible/group_vars/all/directories.yaml

@@ -0,0 +1,9 @@
+directories_home: /home/{{ ansible_user }}
+directories_app_data: '{{ directories_home }}/.diesel/{{ env_codename }}'
+directories_temp: /usr/share/tmp
+directories_drone_data: '{{ directories_app_data }}/data'
+directories_drone_runner: '{{ directories_app_data }}/runner'
+directories_drone_runner_env: '{{ directories_drone_runner }}/env'
+directories_drone_runner_git: '{{ directories_drone_runner }}/git'
+directories_drone_runner_git_ssh: '{{ directories_drone_runner }}/git/.ssh'
+directories_drone_docker: '{{ directories_app_data }}/docker'

.ansible/group_vars/all/docker.yaml

@@ -0,0 +1,7 @@
+docker_stack: drone
+docker_network: diesel_net
+
+docker_environment: 
+  REQUESTS_CA_BUNDLE: /etc/ssl/certs/
+  SSL_CERT_FILE: /etc/ssl/certs/
+  WEBSOCKET_CLIENT_CA_BUNDLE: /etc/ssl/certs/

.ansible/roles/configure_cron_jobs/tasks/handler.yaml

@@ -0,0 +1,47 @@
+- name: 'Get current cron jobs for {{ repo.name }}'
+  uri:
+    method: GET
+    url: https://{{ proxy_domain_external }}/api/repos/{{ github_owner }}/{{ repo.name }}/cron
+    return_content: yes
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  register: result
+
+- set_fact:
+    cron_jobs_current: '{{ result | json_query("{url: url, names: json[*].name}") }}'
+
+- name: Delete cron jobs for {{ repo.name }}
+  uri:
+    method: DELETE
+    url: '{{ cron_jobs_current.url }}/{{ secret_name }}'
+    return_content: yes
+    status_code:
+    - 204
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  loop: '{{ cron_jobs_current.names }}'
+  loop_control:
+    loop_var: secret_name
+
+- name: Create cron jobs for {{ repo.name }}
+  uri:
+    method: POST
+    url: https://{{ proxy_domain_external }}/api/repos/{{ github_owner }}/{{ repo.name }}/cron
+    body_format: 'json'
+    body: |
+      {
+        "name": "{{ cron_job.name }}",
+        "expr": "{{ cron_job.expr }}",
+        "branch":  "{{ cron_job.branch }}"
+      }
+    return_content: yes
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  loop: '{{ repo.cron_jobs }}'
+  loop_control:
+    loop_var: cron_job
+  ignore_errors: yes

.ansible/roles/configure_cron_jobs/tasks/main.yaml

@@ -0,0 +1,4 @@
+- include_tasks: handler.yaml
+  loop: '{{ drone_repos }}'
+  loop_control:
+    loop_var: repo

.ansible/roles/configure_repositories/tasks/handler.yaml

@@ -0,0 +1,27 @@
+- name: Activate {{ repo.name }} (Drone adding webhook to GitHub repo)
+  uri:
+    method: POST
+    url: https://{{ proxy_domain_external }}/api/repos/{{ github_owner }}/{{ repo.name }}
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+
+- name: Update Drone configuration for {{ repo.name }}
+  uri:
+    method: PATCH
+    url: https://{{ proxy_domain_external }}/api/repos/{{ github_owner }}/{{ repo.name }}
+    body_format: json
+    body: |
+      {
+        "config_path": ".drone.yaml",
+        "protected": false,
+        "trusted": false,
+        "timeout": 60,
+        "visibility": "private"
+      }
+    return_content: yes
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}

.ansible/roles/configure_repositories/tasks/main.yaml

@@ -0,0 +1,20 @@
+- name: Sync repositories
+  uri:
+    method: POST
+    url: https://{{ proxy_domain_external }}/api/user/repos
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  register: result
+
+- set_fact:
+    synced_repos: '{{ result | json_query("json[*].name") | sort }}'
+- debug:
+    var: synced_repos
+
+- name: Activate and configure repositories
+  include_tasks: handler.yaml
+  loop: '{{ drone_repos }}'
+  loop_control:
+    loop_var: repo

.ansible/roles/configure_secrets/tasks/handler.yaml

@@ -0,0 +1,47 @@
+- name: 'Get current secret names for {{ repo.name }}'
+  uri:
+    method: GET
+    url: https://{{ proxy_domain_external }}/api/repos/{{ github_owner }}/{{ repo.name }}/secrets
+    return_content: yes
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  register: result
+
+- set_fact:
+    secrets_current: '{{ result | json_query("{url: url, names: json[*].name}") }}'
+
+- name: Delete secrets for {{ repo.name }}
+  uri:
+    method: DELETE
+    url: '{{ secrets_current.url }}/{{ secret_name }}'
+    return_content: yes
+    status_code:
+    - 204
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  loop: '{{ secrets_current.names }}'
+  loop_control:
+    loop_var: secret_name
+
+- name: Create secrets for {{ repo.name }}
+  uri:
+    method: POST
+    url: https://{{ proxy_domain_external }}/api/repos/{{ github_owner }}/{{ repo.name }}/secrets
+    body_format: 'json'
+    body: |
+      {
+        "name": "{{ secret.name }}",
+        "data": "{{ secret.data }}",
+        "pull_request":  {{ secret.pull_request | bool }}
+      }
+    return_content: yes
+    status_code:
+    - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  loop: '{{ repo.secrets }}'
+  loop_control:
+    loop_var: secret
+  ignore_errors: yes

.ansible/roles/configure_secrets/tasks/main.yaml

@@ -0,0 +1,4 @@
+- include_tasks: handler.yaml
+  loop: '{{ drone_repos }}'
+  loop_control:
+    loop_var: repo

.ansible/roles/setup/tasks/main.yaml

@@ -0,0 +1,98 @@
+- name: Create directories
+  file:
+    path: '{{ item }}'
+    state: directory
+    owner: '{{ ansible_user }}'
+    group: '{{ ansible_user }}'
+    mode: '0740'
+  with_items:
+  - '{{ directories_drone_docker }}'
+  - '{{ directories_drone_data }}'
+  - '{{ directories_drone_runner }}'
+  - '{{ directories_drone_runner_env }}'
+  - '{{ directories_drone_runner_git }}'
+  become: yes
+
+- name: Create ssh directory {{ directories_drone_runner_git_ssh }} with special permissions
+  file:
+    path: '{{ directories_drone_runner_git_ssh }}'
+    state: directory
+    owner: 'root'
+    group: 'root'
+    mode: '0700'
+  become: yes
+
+- name: Copy over Drone Runner .env file for use in Drone steps and plugin containers
+  copy:
+    content: |
+      ANSIBLE_CONFIG=.ansible/ansible.cfg
+      REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+      TZ=America/Los_Angeles
+    dest: '{{ directories_drone_runner_env }}/drone.env'
+    mode: '0644'
+  become: yes
+
+- name: Copy over Drone Runner ssh config file for use in Drone steps and plugin containers
+  copy:
+    content: |
+      Host github.com
+        StrictHostKeyChecking no
+        User git
+        IdentityFile /root/.ssh/id_rsa_github
+    dest: '{{ directories_drone_runner_git_ssh }}/config'
+    owner: root
+    group: root
+    mode: '0644'
+  become: yes
+
+- name: Copy over Drone Runner ssh private key file for use in Drone steps and plugin containers
+  copy:
+    content: '{{ ansible_private_key }}'
+    dest: '{{ directories_drone_runner_git_ssh }}/id_rsa_github'
+    owner: root
+    group: root
+    mode: '0600'
+  become: yes
+
+- name: Render the {{ directories_drone_docker }}/docker-compose.yaml template
+  template:
+    src: ./templates/docker-compose.yaml.j2
+    dest: '{{ directories_drone_docker }}/docker-compose.yaml'
+    owner: '{{ ansible_user }}'
+    group: '{{ ansible_user }}'
+    mode: '0740'
+
+- name: Deploy {{ docker_stack }} stack
+  command: docker stack deploy --prune -c docker-compose.yaml {{ docker_stack }}
+  args:
+    chdir: '{{ directories_drone_docker }}'
+
+- name: Pause for 10 seconds
+  pause:
+    seconds: 10
+
+- name: Wait for https://{{ proxy_domain_external }}/welcome to be found
+  uri:
+    method: GET
+    url: https://{{ proxy_domain_external }}/welcome
+    status_code:
+      - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  register: _result
+  until: ("status" in _result) and (_result.status == 200 or _result.status == 401)
+  retries: 30
+  delay: 1
+
+- name: "Waiting for GitHub admin to #to https://{{ proxy_domain_external }}/ (Tip: Use incognito window )"
+  uri:
+    method: GET
+    url: https://{{ proxy_domain_external }}/api/user/repos
+    status_code:
+      - 200
+    headers:
+      Authorization: Bearer {{ github_pat }}
+  register: _result
+  until: '"status" in _result and _result.status == 200 and _result.json | length > 0'
+  retries: 240
+  delay: 1