todo…
1 provider gogs
你的git服务 是gogs的 情况.
DRONE_AGENTS_ENABLED as true if you want to run server and agent in the same container(or 服务器). 但是https://docs.drone.io/server/reference/ 里 根本没有这个配置. 然后又在https://docs.drone.io/server/provider/gogs/ Start the Server 步骤里能看到…
Server负责提供web管理页面显示执行情况, Runner是真正执行持续部署操作的服务, 不同的情况 ,就需要安装不同的runner, 比如你使用docker发布,就安装docker的runner
We strongly recommend using postgres instead of mysql. The system has been optimized for features not found in mysql.
官方相比mysql 更推荐使用postgres. 当然你可以用 sqlite
DRONE_USER_CREATE 里设置的username ,你应该是在gogs里有的. username:root,machine:false,admin:true 因为我们会用gogs的账户登录,这里设置我们用gogs登录的账户root ,它为admin
我当前发现一个问题,就是你登录后. 然后 docker compose down 再重新up, 然后用gogs 刚刚登录成功的用户无法登录了.
我在gogs重新创建了一个用户,可以登录… 暂时这样记录一下
https://github.com/drone-runners/drone-runner-docker 看版本, 用 :1 会拉取 1的最新版.
docker-compose.yaml
version: "3"
volumes:
drone-data:
services:
drone-server: # 服务端
image: drone/drone:2
container_name: drone-server
restart: always
environment:
DRONE_AGENTS_ENABLED: "true"
DRONE_GOGS_SERVER: "http://192.168.1.105:10880/"
DRONE_RPC_SECRET: "00e8790ebd7e353bc75204f736207ece" #openssl rand -hex 16 生成
DRONE_SERVER_HOST: "192.168.1.105:8084"
DRONE_SERVER_PROTO: "http"
DRONE_USER_CREATE: "username:root,machine:false,admin:true"
# DRONE_DATABASE_DRIVER: mysql
# DRONE_DATABASE_DATASOURCE: "root:password@tcp(1.2.3.4:3306)/drone?parseTime=true&loc=Local"
ports:
- "8084:80"
- "8443:443"
volumes:
- drone-data:/data
drone-runner:
image: drone/drone-runner-docker:1
container_name: drone-runner
restart: always
environment:
DRONE_RPC_PROTO: "http"
DRONE_RPC_HOST: "192.168.1.105:8084"
DRONE_RPC_SECRET: "00e8790ebd7e353bc75204f736207ece"
DRONE_RUNNER_CAPACITY: "2"
DRONE_RUNNER_NAME: "my-runner"
ports:
- "8300:3000"
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/docker:/etc/docker浏览器打开8084端口 使用您的Gogs用户名和密码登录 (root/root) 下一步 不用管 直接 submit 可以看到我们gogs 你gogs登录的用户在gogs里创建的2个 仓库. 如果没有, 点击sync 同步,比如gogs那边刚刚用仓库转移所有权给了登录用户.
2 provider gitea
version: "3"
volumes:
drone-data:
services:
drone-server:
image: drone/drone:2
container_name: drone-server
restart: always
environment:
DRONE_AGENTS_ENABLED: "true"
DRONE_GITEA_SERVER: "http://192.168.1.105:10880/"
DRONE_RPC_SECRET: "00e8790ebd7e353bc75204f736207ece" #openssl rand -hex 16 生成
DRONE_GITEA_CLIENT_ID: "2d14bdbb-28e1-4e67-9c36-32ef6bc6edf4"
DRONE_GITEA_CLIENT_SECRET: "gto_6bdgzvdgstzzucn4y2is4oi7wi6a7oyjg553yu5fcvasg4zozeja"
DRONE_SERVER_HOST: "192.168.1.105:8084"
DRONE_SERVER_PROTO: "http"
DRONE_USER_CREATE: "username:root,machine:false,admin:true"
ports:
- "8084:80"
- "8443:443"
volumes:
- drone-data:/data
drone-runner:
image: drone/drone-runner-docker:1
container_name: drone-runner
restart: always
environment:
DRONE_RPC_PROTO: "http"
DRONE_RPC_HOST: "192.168.1.105:8084"
DRONE_RPC_SECRET: "00e8790ebd7e353bc75204f736207ece"
DRONE_RUNNER_CAPACITY: "2"
DRONE_RUNNER_NAME: "my-runner"
ports:
- "8300:3000"
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/docker:/etc/dockerhttps://docs.gitea.com/administration/config-cheat-sheet?_highlight=allowed_host_list#webhook-webhook
Delivery: Post “http://192.168.1.105:8084/hook”: dial tcp 192.168.1.105:8084: webhook can only call allowed HTTP servers (check your webhook.ALLOWED_HOST_LIST setting), deny ‘192.168.1.105(192.168.1.105:8084)’
3 使用
drone页面 点击一个仓库–> settings–> active Repository, 然后勾选trusted
然后我们去gogs 页面看 对应仓库名-仓库设置-管理Web钩子 可以看到创建了一个hook.
- 现在我们提交代码 增加 .drone.yml (这个文件名可以在drone页面进行修改.)
.drone.yml
kind: pipeline
type: docker
name: 6o6-web-publish
environment:
GOOS: linux
GOARCH: amd64
steps:
- name: build # git clone 仓库,然脏构建镜像并推送
image: plugins/docker
volumes:
- name: hosts
path: /etc/hosts # hb.6o6.com 这个是本地域名,需要挂载hosts
- name: docker-ca
path: /etc/docker # 登录 私有镜像仓库 需要证书.
- name: docker-sock
path: /var/run/docker.sock
settings:
username: admin
password:
from_secret: harbor_password # drone页面里对应仓库 settings->secrets->创建这个名字的,密码是harbor的hb123
repo: hb.6o6.com/6o6/6o6-web
registry: hb.6o6.com
tags:
- v1.1
- name: ssh commands # 启动一个容器去ssh连接服务器 ,然后拉取镜像启动容器
image: appleboy/drone-ssh
settings:
host: 192.168.1.105
username: root
password:
from_secret: ssh_password # root ssh 连接192.168.1.105时 用的密码
port: 22 # 2340 是映射到主机的端口.. 这里还是22
script:
#拉取镜像并重启 注意--需要提前在目标主机完成docker login
- if [ $(docker ps -a | grep 6o6-web | wc -l) -ge 1 ];then docker stop 6o6-web && docker rm 6o6-web; fi
- docker pull hb.6o6.com/6o6/6o6-web:v1.1
- export BACKEND_HOST=http://192.168.1.105:8082/
- docker run --name 6o6-web --restart=always -d -p8081:80 -e BACKEND_HOST=$BACKEND_HOST hb.6o6.com/6o6/6o6-web:v1.1
volumes:
- name: hosts
host:
path: /etc/hosts
- name: docker-ca
host:
path: /etc/docker
- name: docker-sock
host:
path: /var/run/docker.sockgit add .
git ci -m "first build"
git push
# 推送后, 我们在gogs上 管理web hook 那里看到推送记录.
# 触发了 web hook, 会去请求 http://192.168.1.105:8084/hook
# 就会在 drone 所在服务器 做一些操作了. 根据.drone.yml里的内容需要在gogs里配置 白名单, 否则web hook 失败
docker volume inspect gogs_gogs-data
vim /var/lib/docker/volumes/gogs_gogs-data/_data/gogs/conf/app.ini
[security] 下
LOCAL_NETWORK_ALLOWLIST = 192.168.1.105 # 添加 drone所在服务器.
重启gogs 容器
再 push 看看 看到ok的
然后去 drone 页面看 ,构建ok的话,
我们就可以去访问 启动的容器web服务 8081 端口使用gogs provider, 登录drone后, 退出再等,就报错.. 提示没有权限