ci(deployment): New CI steps for image build and deploy

.drone.yml

@@ -5,33 +5,48 @@ name: build
 steps:
 - name: submodules
   image: alpine/git
-  volumes:
-    - name: ssh
-      path: /root/.ssh/
+  enrironment:
+    GITHUB_TOKEN:
+      from_secret: github_token
   commands:
     - git submodule update --init --recursive
-    
 
-- name: build
+- name: content-build
   image: plugins/hugo
-  volumes:
-    - name: public
-      path: /drone/src/public
   settings:
     hugo_version: 0.105.0
     extended: true
 
+- name: image-build  
+  image: docker:dind
+  environment:
+    DOCKER_USER:
+      from_secret: docker_username
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+  commands:
+    - echo $DOCKER_PASSWORD | docker login --username $DOCKER_USER --password-stdin registry.coincoingit.fr
+    - DOCKER_BUILDKIT=1 docker build --tag registry.coincoingit.fr/cyberduck-blog:latest --file deployment/Dockerfile .
+    - docker push registry.coincoingit.fr/cyberduck-blog:latest
+  volumes:
+    - name: docker-sock
+      path: /var/run/docker.sock
+
+- name: deploy
+  image: docker:dind
+  commands:
+    - docker stack deploy -c deployment/stack.yml blog
+  volumes:
+    - name: docker-sock
+      path: /var/run/docker.sock
+
 trigger:
   event:
   - push
-  - pull_request
   branch:
   - master
 
 volumes:
-- name: ssh
+- name: docker-sock
   host:
-    path: /home/flavien/.ssh
-- name: public
-  host:
-    path: /home/flavien/docker/blog/public
+    path: /var/run/docker.sock

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "themes/congo"]
 	path = themes/congo
-	url = git@github.com:CyberDuck79/congo.git
-	branch = stable
+	url = https://github.com/CyberDuck79/congo.git
+	branch = dev

deployment/Dockerfile

@@ -0,0 +1,6 @@
+FROM nginx:latest
+
+# Copy the build output to the default nginx public folder
+COPY public /usr/share/nginx/html
+# Copy the configuration file to the default nginx configuration folder
+COPY deployment/default.conf /etc/nginx/conf.d/default.conf

deployment/default.conf

@@ -0,0 +1,22 @@
+gzip            on;
+gzip_min_length 500;
+gzip_proxied    expired no-cache no-store private auth;
+gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+charset utf-8;
+charset_types text/html text/css application/javascript;
+
+server {
+	server_name cyberduck.blog;
+	root /usr/share/nginx/html;
+	index index.html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+}

deployment/stack.yml

@@ -0,0 +1,36 @@
+version: '3.8'
+
+services:
+  webserver:
+    image: registry.coincoingit.fr/cyberduck-blog:latest
+    deploy:
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.labels.role == main
+      resources:
+        limits:
+          memory: 512M
+        reservations:
+          memory: 256M
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.blog.loadbalancer.server.port=80"
+        - "traefik.http.services.blog.loadbalancer.healthCheck.path=/"
+        - "traefik.http.services.blog.loadbalancer.healthCheck.interval=60s"
+        - "traefik.http.services.blog.loadbalancer.healthCheck.timeout=10s"
+        - "traefik.http.services.blog.loadbalancer.healthCheck.port=80"
+        - "traefik.http.routers.blog.rule=Host(`cyberduck.blog`)"
+        - "traefik.http.routers.blog.entrypoints=websecure"
+        - "traefik.http.routers.blog.tls=true"
+        - "traefik.http.routers.blog.tls.certresolver=letsencryptresolver"
+    networks:
+      - net
+      - traefik-public
+
+networks:
+  net:
+    driver: overlay
+  traefik-public:
+    external: true