---
kind: pipeline
name: CI/CD

trigger:
  ref:
  - refs/tags/*

volumes:
- name: deps
  temp: {}

steps:
- name: notify-start
  image: appleboy/drone-discord
  settings:
    webhook_id:
      from_secret: DISCORD_WEBHOOK_ID
    webhook_token:
      from_secret: DISCORD_WEBHOOK_TOKEN
    message: "Started build: https://drone.cechis.cz/c3c/cv/{{ build.number }}"

- name: build-publish
  image: alpine
  commands:
    - nix-build

- name: build-publish
  image: docker:dind
  commands:
    - ./result | docker load
    - echo ${REGISTRY_PASSWORD} | docker login -u ${REGISTRY_USER} dr.cechis.cz
    - docker tag cv:latest dr.cechis.cz/c3c/cv:${DRONE_TAG}
    - docker push dr.cechis.cz/c3c/cv:${DRONE_TAG}

- name: deploy
  image: appleboy/drone-ssh
  settings:
    host: vps-1.cechis.cz
    command_timeout: 20m
    username: drone
    key:
      from_secret: SSH_DRONE
    script:
    - docker service update --quiet --with-registry-auth --detach=false --image dr.cechis.cz/c3c/cv:${DRONE_TAG} c3c-cv
  when:
    event: [ tag ]
  depends_on:
  - build-publish

- name: notify-end
  image: appleboy/drone-discord
  settings:
    webhook_id:
      from_secret: DISCORD_WEBHOOK_ID
    webhook_token:
      from_secret: DISCORD_WEBHOOK_TOKEN
    message: "C3C CV build: {{ build.number }} - {{ build.status }}"
  when:
    status: [ success, failure ]
  depends_on:
  - deploy
---
kind: signature
hmac: 331f08335774a56376c8de5e56a2a1a508f79ab463737dd81d625a928d061198

...