Public/infra-maintenance
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
40b60e001d674f77f209fcf125150e4a6d082d24
infra-maintenance/.drone.yml
matthiasberner 40b60e001d
All checks were successful
continuous-integration/drone/push Build is passing
Details
.drone.yml aktualisiert
2026-01-10 18:26:29 +01:00

145 lines
3.1 KiB
YAML
Raw Blame History

---
kind: secret
name: username_xigmanas
get:
path: secret/data/xigmanas/ssh
name: username
---
kind: secret
name: password_xigmanas
get:
path: secret/data/xigmasnas/ssh
name: password
# ----------------------------------------
# Matrix Bot Secrets aus Vault (Notify)
# ----------------------------------------
---
kind: secret
name: password_matrix
get:
path: secret/data/matrix/bot/drone-bot
name: password
---
kind: secret
name: userid_matrix
get:
path: secret/data/matrix/bot/drone-bot
name: userid
---
kind: secret
name: roomid_matrix
get:
path: secret/data/matrix/bot/drone-bot
name: roomid
# ============================================================
# Pipeline 1: Authelia CHECK (kein apply)
# - Läuft z. B. per Drone Cron
# - Führt das Script ohne Flags aus => nur prüfen
# ============================================================
---
kind: pipeline
type: ssh
name: authelia_check
server:
host: xigmanas.lan
user:
from_secret: username_xigmanas
password:
from_secret: password_xigmanas
clone:
depth: 50
steps:
- name: check_authelia_update
commands:
# Script läuft im Jail, nativ, keine Containerisierung
# Check-only: KEIN --apply
- timeout 5m bastille cmd authelia sh -s < authelia/authelia-update.sh
trigger:
event:
- cron
- manual
# ============================================================
# Pipeline 2: Authelia APPLY (Update + auto-revert)
# - Läuft bewusst per "manual" Trigger
# - Führt Update durch und nutzt Auto-Revert bei Fehlstart
# ============================================================
---
kind: pipeline
type: ssh
name: authelia_apply
server:
host: xigmanas.lan
user:
from_secret: username_xigmanas
password:
from_secret: password_xigmanas
clone:
depth: 50
steps:
- name: apply_authelia_update
commands:
# Apply + auto-revert (Rollback falls Dienst nach Update nicht sauber läuft)
- timeout 10m bastille cmd authelia sh -s -- --apply --auto-revert < authelia-update.sh
trigger:
event:
- manual
# ============================================================
# Pipeline 3: Matrix Notify (Erfolg/Fehler)
# - Läuft nach authelia_check UND authelia_apply
# - Sendet Status, Build-Infos, Commit-Link
# ============================================================
---
kind: pipeline
name: matrix_message
depends_on:
- authelia_check
- authelia_apply
trigger:
status:
- success
- failure
steps:
- name: notify
image: spotlightkid/drone-matrixchat-notify
settings:
homeserver: 'https://matrix.familie-berner.de'
roomid:
from_secret: roomid_matrix
userid:
from_secret: userid_matrix
password:
from_secret: password_matrix
markdown: 'yes'
template: |
**Authelia Update**
repo: `${DRONE_REPO}`
branch: `${DRONE_BRANCH}`
build: `#${DRONE_BUILD_NUMBER}`
status: **${DRONE_BUILD_STATUS}**
event: `${DRONE_BUILD_EVENT}`
commit: ${DRONE_COMMIT_LINK}
pr: `${DRONE_PULL_REQUEST}`
${DRONE_PULL_REQUEST_TITLE}
when:
branch:
- master
- main
Reference in New Issue View Git Blame Copy Permalink