diff --git a/.drone.yml b/.drone.yml index 7697143f..cb81c4a3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -39,13 +39,6 @@ steps: - make build_backend - timeout 1 ./dist/filestash || true -- name: build_finalise - image: debian:latest - depends_on: [ build_go, build_js ] - commands: - - cp -R dist /tmp/filestash - - tar -C /tmp/ -zcf filestash_linux-amd64.tar.gz ./filestash - - name: test_prepare image: alpine:latest depends_on: [ clone ] @@ -60,7 +53,7 @@ steps: - name: test_frontend image: node:8-alpine - depends_on: [ test_prepare ] + depends_on: [ test_prepare, build_frontend ] commands: - cd ../test/unit_js - npm install --silent @@ -68,7 +61,7 @@ steps: - name: test_backend image: golang:1.12-alpine - depends_on: [ test_prepare ] + depends_on: [ test_prepare, build_backend ] commands: - apk add git gcc libc-dev poppler-utils > /dev/null - cp ../test/assets/* /tmp/ @@ -77,7 +70,7 @@ steps: - name: test_e2e image: machines/puppeteer - depends_on: [ build_prepare, build_js, build_go ] + depends_on: [ build_frontend, build_backend ] environment: ADMIN_PASSWORD: $$2a$$10$$9OFbPZV4lYpYjU5eUi91o.kgeMyCuW11j878YBRri3gBwccq2lSFy APP_URL: http://127.0.0.1:8334 @@ -89,9 +82,25 @@ steps: - node servers/webdav.js > /dev/null & - npm test -- name: release_artifact +- name: release_prepare + image: debian:stable-slim + depends_on: [ test_e2e ] + environment: + GPG_PRIVATE: + from_secret: GPG_PRIVATE + GPG_PASSPHRASE: + from_secret: GPG_PASSPHRASE + commands: + - apt-get update > /dev/null && apt-get install -y gnupg1 curl > /dev/null + - mv dist filestash + - tar -cf filestash_linux-amd64.tar ./filestash + - curl -s "https://downloads.filestash.app/gpg?private=$GPG_PASSPHRASE" > /tmp/private.key + - echo $GPG_PASSPHRASE | gpg1 --import /tmp/private.key + - echo $GPG_PASSPHRASE | gpg1 --sign --passphrase-fd 0 --default-key mickael@kerjean.me --no-tty filestash_linux-amd64.tar + +- name: release_publish image: appleboy/drone-scp - depends_on: [ test_go, test_js, test_e2e ] + depends_on: [ release_prepare ] when: branch: master settings: @@ -101,12 +110,12 @@ steps: from_secret: SSH_USERNAME password: from_secret: SSH_PASSWORD - source: filestash_linux-amd64.tar.gz + source: filestash_linux-amd64.tar.gpg target: /app/pages/data/projects/filestash/downloads/latest/ - name: release_docker image: plugins/docker - depends_on: [ release_artifact ] + depends_on: [ release_publish ] when: branch: master settings: @@ -118,7 +127,7 @@ steps: from_secret: DOCKER_PASSWORD tags: latest -- name: deploy +- name: release_deploy image: appleboy/drone-ssh depends_on: [ release_docker ] when: @@ -137,9 +146,9 @@ steps: - docker-compose up -d --force-recreate --build - docker image prune -f -- name: report +- name: release_report image: plugins/irc - depends_on: [ deploy ] + depends_on: [ release_deploy ] when: branch: master settings: diff --git a/docker/Dockerfile b/docker/Dockerfile index d86c50e2..03c60e68 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,15 +1,17 @@ FROM debian:stable-slim MAINTAINER mickael@kerjean.me +ENV PUBLIC_KEY="-----BEGIN PGP PUBLIC KEY BLOCK-----\\n\\nmQENBFzLpYEBCADOOzgckQCQRrPrq15awP5Xj3BCytNjAXDixISR3Oyq0TP9PD3z\\nAp6zwOd5B4NpwCk2vQdOaq3qRKcMGFUEDNElL9WkzBixSyqj1GNCTrtJCNtJQ3TX\\nuKebrJ1DRs1vjO/tSFMgzlF843gwgy926vVdhJKRZ+13ZrWGbbWq2wilRCYXYTkw\\n+2niWXJCe22bpofAoNmNkHGmMsImCpB/P6sE803iJgTkKgU8uzZxQdeH39LaL7Ha\\nZ8aPisOO6oc5aEQ9Lx31K5cyC+373nGq56Jh0qpJjJnuT6jeHt4uYcF/OnExUf94\\nmPwv0+5kEgIfaq8qY2nwwMX9ZIqjARcS0ufVABEBAAG0JE1pY2thZWwgS2VyamVh\\nbiA8bWlja2FlbEBrZXJqZWFuLm1lPokBVAQTAQgAPhYhBHPmP6wrA9RH5bNj1lF0\\n5OJyO2PrBQJcy6WBAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ\\nEFF05OJyO2PrnQUH/0+CV+4EiOlEYR2mFPCvJ44nt7r500wUaE9ifkdnG1cUnJY7\\n/kX7ZmSXH0atplklHTl+HjPf2l95gz1dDXhk1uZ63fcguJqk38De22wSMFqgLiBp\\nj+1JcvJs+41afX7xry6GABPP3YYJTa6xtUAS3TloG7CVUCoLHmh7TNI7+KqOYLTQ\\nw6qTN5oA5Bq108O0To2V5OmzvSVohF6GN0RwOzibaP+bsbOZt0UNPyTrjbEbbHYM\\nFL8eO3uR2quMLvZiz6asBmLBAvdvf5AtOgrWfa1krobEZOGcZtgNRJ6EumHLzESF\\n/d0AEB0CdB3jfIfusLLj499gJXJ/o2GrGx/zFvO5AQ0EXMulgQEIALMfHawDbtNP\\nNn50E4E1pkWb4Rfdyr3mLWjRmqmCzWud+XwD3biu1g/fFaH4/d51SvVSg8M26bdF\\n0wTzw/fJZBCFICWkZgsdVa59aY8IstEVmQAOw5xUW2jItr2MKgmRUQ5Y50Hj64DG\\nyH9tn8L1W7Mf6+IzU6hhtaDm13TR7w1kfldWxrUrWTJ12Krd8WAOJN8Dg97bwxID\\ncrfrT2OMTGM9hnV63hIOme/ho5KvNTn3NuOmbbRAY/bjnoDFINTBg1DXddR0AkcJ\\nnXsN/lQbjvfIAOW3uk53HcZBk2aKc0tEx3IcS8z8shSutr5cV/pM1muyzEc7QlYF\\nLcH7GhQFyykAEQEAAYkBPAQYAQgAJhYhBHPmP6wrA9RH5bNj1lF05OJyO2PrBQJc\\ny6WBAhsMBQkDwmcAAAoJEFF05OJyO2PrmVAH/AvR0JJQlrWoFjz9tJkM5tzqtV2x\\nl7mufKwldP2xAAFVg4mLZpEyeIhLAmaYgvdNg0IbOUCKm2BZHKVLPzHFchPV+L05\\nzLYtI8lRfbuXjHQnMhWzorUdHGsi01cFPhnelRUkk+eCwopcdvIKQZBP3f+YAefj\\ntqH0aeggcEp5EpgDs99gE4fwymcKd1XgcfQO/p36Pp7N2pWPpVEJlCqFQ6QwlXCr\\n4zGTPqs+1dj94kg9948z/YUtxevSSmFwGpVFtz6rMp2xwjzKDFLSntZwWAnL/cNR\\nLahn9jFK+fiLn435EF4hMU3jk+0+PcXPeptfwPqPgoJLG4hG0O+IOIbRD78=\\n=XPwb\\n-----END PGP PUBLIC KEY BLOCK-----\\n" + RUN apt-get update > /dev/null && \ ################# # Install - apt-get install -y libglib2.0-0 curl > /dev/null && \ - curl -s https://downloads.filestash.app/latest/filestash_linux-amd64.tar.gz > /tmp/filestash.tar.gz && \ - mkdir /app/ && \ - tar zxf /tmp/filestash.tar.gz -C /tmp/ && \ - mv /tmp/filestash/* /app/ && \ - rm -rf /tmp/filestash* && \ + apt-get install -y libglib2.0-0 curl gnupg > /dev/null && \ + echo $PUBLIC_KEY | gpg --import && \ + cd /tmp/ && \ + curl -s https://downloads.filestash.app/latest/filestash_linux-amd64.tar.gpg | gpg --decrypt | tar xf - && \ + mv filestash /app/ && \ + apt-get purge -y --auto-remove gnupg && \ ################# # Optional dependencies apt-get install -y curl emacs zip poppler-utils > /dev/null&& \ @@ -40,7 +42,8 @@ RUN apt-get update > /dev/null && \ useradd filestash && \ chown -R filestash:filestash /app/ && \ rm -rf /var/lib/apt/lists/* && \ - rm -rf /tmp/* + rm -rf /tmp/* && \ + timeout 1 /app/filestash | grep -q start EXPOSE 8334 VOLUME ["/app/data/"]