2.2 KiB
2.2 KiB
selfprivacy-nixos-infect
Drone configuration
| Secret | Value |
|---|---|
| CHANNEL_SWITCHER_KEY | Bearer token for Channel Rest Api of selfprivacy.org |
| CLOUDFLARE_TOKEN | Bearer token for Cloudflare to communicate with DNS entires |
| DOMAIN | Full domain that points out to our testing server |
| HETZNER_TOKEN | Bearer token for Hetzner to request server creation and destruction |
| TEST_EMAIL_PASS | ??? |
| USER_PASS | ??? |
| ZONE_ID | Identificator of a zone to which all our DNS entries are related |
| Cronjob Title | Branch | Cronjob Value | |
|---|---|---|---|
| weekly-build | development | @weekly |
Our main job we run every week to ensure the upstream of our application is able to deploy onto a clean server completely. We'd like to build everyday, but for now we need to solve acme problem, since it rejects our requests if we do it every 24 hours... |
Drone pipeline
Stage Default:
| Step | |
|---|---|
| clone | Checkout the HEAD commit |
| deploy | Create infect.sh script and send it with a POST request to the clean server to deploy our testing environment |
| dns | Create DNS entries for subdomains to ensure networking and certificates for properly |
| sleep | Wait for the environment to build (it takes a while...) |
| test | Request for overall status, do basic checks on the server |
| teardown | Destroy the environment and all DNS entries, tests are over! |
| switch-channel | Update upstream NixOS channel at selfprivacy.org |
It is ensured that teardown step must happen whether the pipeline fails or succeeds, because we need the server to be clean before every new job. It is done by forcing the step to be called with status trigger:
- name: teardown
. . .
when:
status:
- failure
- success