kind: pipeline
name: hello-world
type: docker

platform:
  os: linux
  arch: arm64

steps:
  - name: block-posts-containing-tk
    image: busybox
    commands:
      # This is necessary because, if `grep ...` doesn't find anything, it will _return_ (not print) a value of 1
      # (non-zero return codes indicating errors in Unix - since there are many more ways for something to go wrong
      # than there are for it to go right!), and so the `files=` assignment will also return 1, and the whole operation
      # will be considered a failure.
      #
      # Since a non-zero value is truthy in Linux, we can use the OR operator (`||`) to only execute the second command
      # if the first one errors out. So, this line can be translated to English as:
      # "Set the variable `files` to a list of all the files that contain `TK` - unless there aren't any, in which case
      # set it to `FILES NOT FOUND"
      - files=$(grep -rl 'TK' blog/content/posts || echo "FILES NOT FOUND")
      # We have to filter out (`grep -v`) the "marker" value of `FILES NOT FOUND`, otherwise the no-matches case would
      # be recorded as having 1 matching file, leading to an error-out below.
      # (I guess _technically_ there's an edge case in that, if I ever make a blog post titled "FILES NOT FOUND" _which also_
      # contains the string `TK`, it would slip through this check. But that feels pretty unlikely - not least because spaces
      # are very rare in my filesystem names - so I'm ok taking that risk)
      - count=$(wc -l <(echo "$files" | grep -v "FILES NOT FOUND") | awk '{print $1}')
      - if [[ "$count" -gt "0" ]]; then
      -   echo "Found TK in $count files:"
      -   echo $files
      -   exit 1 # TODO - and alerting via Matrix!
      - fi
  - name: copy-cert-into-place
    image: busybox
    volumes:
      - name: docker-cert-persistence
        path: /etc/docker/certs.d/
    commands:
      # https://stackoverflow.com/questions/72823418/how-to-make-drone-docker-plugin-use-self-signed-certs
      - mkdir -p /etc/docker/certs.d/docker-registry.scubbo.org:8843
      - cp /registry_cert.crt /etc/docker/certs.d/docker-registry.scubbo.org:8843/ca.crt
  - name: check-cert-persists-between-stages
    image: alpine
    volumes:
      - name: docker-cert-persistence
        path: /etc/docker/certs.d/
    commands:
      - apk add curl
      - curl https://docker-registry.scubbo.org:8843/v2/_catalog --cacert /etc/docker/certs.d/docker-registry.scubbo.org:8843/ca.crt
  - name: build-blog
    image: alpine
    # Very unlikely to need updates, and pulling images seems slow on this setup -
    # can manually reset this if necessary
    pull: if-not-exists
    commands:
      # I considered caching this install in a pre-built image in registry,
      # but the install seems pretty quick!
      - apk add hugo git
      - git submodule init
      - git submodule update --recursive
      - hugo --source blog
  - name: push-built-image
    image: plugins/docker
    volumes:
      - name: docker-cert-persistence
        path: /etc/docker/certs.d/
    settings:
      repo: docker-registry.scubbo.org:8843/scubbo/blog_nginx
      tags: built_in_ci
      debug: true
      launch_debug: true
  - name: update_blog_deployment
    # I've tried using https://github.com/sinlead/drone-kubectl and
    # https://github.com/honestbee/drone-kubernetes, but neither is built for arm64
    image: busybox
    # Replicating the commands from
    # https://github.com/sinlead/drone-kubectl/blob/master/init-kubectl
    commands:
      # https://github.com/bitnami/bitnami-docker-kubectl/issues/22 -
      # there's no bitnami/kubectl image for arm64
      - wget https://storage.googleapis.com/kubernetes-release/release/v1.19.2/bin/linux/arm64/kubectl
      - chmod +x kubectl
      - echo "Echoing Kubernetes Server"
      - echo $kubernetesServer
      - ./kubectl config set-credentials default --token=$kubernetesToken
      - echo $kubernetesCert | base64 -d > ca.crt
      - ./kubectl config set-cluster default --server=$kubernetesServer --certificate-authority=ca.crt
      - ./kubectl config set-context default --cluster=default --user=default
      - ./kubectl config use-context default
      - ./kubectl apply -f kubernetes-resources.yml
      # This next line wouldn't be necessary if new tags were generated for each image
      # (though then I'd have to dynamically plumb them into the yml file)
      # TODO - research if there's a better way to do this. Note that this isn't done
      # in the `honestbee` repo that I copied from - but I confirmed by `curl`-ing localhost
      # that simply applying the yml leaves the definitions and the service's output
      # unchanged, despite `imagePullPolicy: 'Always'`
      - ./kubectl rollout restart -n blog deployment/blog-deployment
    environment:
      kubernetesServer:
        from_secret: k8s_server
      kubernetesCert:
        from_secret: k8s_cert
      kubernetesToken:
        from_secret: k8s_token
volumes:
  - name: docker-cert-persistence
    temp: {}