--- kind: pipeline type: docker name: build-arm64 platform: os: linux arch: arm64 steps: - name: build container image: plugins/docker settings: registry: registry.nemunai.re repo: registry.nemunai.re/atsebay.t-worker auto_tag: true auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH} username: from_secret: docker_username password: from_secret: docker_password trigger: event: - cron - push - tag --- kind: pipeline name: docker-manifest steps: - name: publish image: plugins/manifest settings: auto_tag: true ignore_missing: true spec: .drone-manifest.yml username: from_secret: docker_username password: from_secret: docker_password trigger: event: - cron - push - tag depends_on: - build-arm64 --- kind: pipeline type: docker name: student submission platform: os: linux arch: arm64 workspace: path: /work steps: - name: apply permissions image: registry.nemunai.re/atsebay.t-worker commands: - chown 1000:1000 /work - name: extract submission image: registry.nemunai.re/atsebay.t-worker user: 1000 environment: SSH_PRIVATE_KEY: from_secret: SSH_PRIVATE_KEY commands: - mkdir ~/.ssh && chmod 750 ~/.ssh - echo "$${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - echo -e "Host *\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config - wget -O ~/keys.gpg "https://lessons.nemunai.re/api/users/$${LOGIN}/pgp_keys" && gpg --import ~/keys.gpg || true - wget -O ~/.ssh/allowed_signers "https://lessons.nemunai.re/api/users/$${LOGIN}/allowed_signers" && git config --global gpg.ssh.allowedSignersFile "~/.ssh/allowed_signers" || true - set -o pipefail; git ls-remote --tags "${REPO_URL}" | grep "refs/tags/${REPO_TAG}" | tail -n 1 | sed 's@/@ @;s@/@ @;s@\^{}$@@' | awk '{ print "Using tag " $$4 }' || { echo "No tag found (was looking for ${REPO_TAG})" >&2; exit 1; } - git clone --depth 1 --recurse-submodules --branch $$(git ls-remote --tags "${REPO_URL}" | grep "refs/tags/${REPO_TAG}" | tail -n 1 | sed 's@/@ @;s@/@ @;s@\^{}$@@' | awk '{ print $$4 }') ${REPO_URL} "/work/${LOGIN}" - git -C "/work/${LOGIN}" submodule - git -C "/work/${LOGIN}" verify-tag --raw $$(git ls-remote --tags "${REPO_URL}" | grep "refs/tags/${REPO_TAG}" | tail -n 1 | sed 's@/@ @;s@/@ @;s@\^{}$@@' | awk '{ print $$4 }') || { echo "Tag verification failed" >&2; [ -n "${TAG_SIG_OPTIONAL}" ] || exit 2; } - tar cJf "/work/rendu-${LOGIN}.tar.xz" --exclude-vcs -C /work "${LOGIN}/" - "echo -e '{\"filename\": \"rendu-${LOGIN}.tar.xz\", \"size\": '$$(du -s ${LOGIN}/ | awk \'{ print $1 }\')', \"date_now\": \"'$$(date -Iseconds)'\", \"date\": \"'$$(git -C \'/work/${LOGIN}\' log -1 --format=%cd --date=iso-strict)'\", \"tag\": \"'$(git -C \'/work/${LOGIN}\' describe --tags)'\", \"commit\": \"'$$(git -C \'/work/${LOGIN}\' rev-parse HEAD)'\"}' >> /work/rendu-${LOGIN}.metadata" - "[ -x \"checks-${DEST}.sh\" ] && \"./checks-${DEST}.sh\" '/work/${LOGIN}/' > /work/rendu-${LOGIN}.checks || true" - name: upload on s3 image: plugins/s3 settings: endpoint: https://storage.nemunai.re path_style: true bucket: epita-rendus access_key: from_secret: s3_access_key secret_key: from_secret: s3_secret_key source: rendu-${LOGIN}.* target: /${DEST//\//-} trigger: event: - custom