drone


原文链接: drone

Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "chdir to cwd (\"/go/src/git.chinaoss.com/thinkphp5/jinbaiwei\") set in config.json failed: no such file or directory"

    volumes:
      - /docker/src/${DRONE_REPO_LINK:6}:/go/src/${DRONE_REPO_LINK:6}

修复drone 一直运行无法停止

.tables # 查表结构
.schema builds #
delete from builds where build_status = "running";
select * from builds where build_id = 72;

drone 获取全部的 Repositories

curl -s -b user_sess=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MDk3NjMzOTIsInRleHQiOiJyb290IiwidHlwZSI6InNlc3MifQ.m5anzfXUKAiqswbiSuz43TVx5xphZiHCc67QoFkEZYs http://drone.hangruan.cn/api/user/repos?all=true|jq '.[].full_name'

-b 使用Cookie

命令使用

drone repo add thinkphp5/jinbaiwei # 启用项目
drone repo update --trusted thinkphp5/jinbaiwei # 增加 privileged 权限
drone repo repair thinkphp5/jinbaiwei # 增加webhooks repair repository webhooks

drone secret add thinkphp5/jinbaiwei --name PLUGIN_KEY --value @/home/ubuntu/.ssh/id_rsa

加密变量设置3种方式

PASSWORD 123456 # 变量设置
SSH_KEY ${cat /path/to/.ssh/id_rsa} # 命令返回值
SSH_KEY @/path/to/.ssh/id_rsa # 文件内容

变量传递

drone 0.6

http://readme.drone.io/releases/


workspace:
  base: /go
  path: src/${DRONE_REPO_LINK:6}

clone:
  git:
    image: plugins/git
    volumes:
      # - /docker/src/${DRONE_REPO_LINK:6}:/go/src/${DRONE_REPO_LINK:6}
      - /docker/src:/go/src

pipeline:
  maven:
    image: maven
    volumes:
      - /root/.m2:/root/.m2
      - /docker/src:/go/src
    commands:
      - mvn clean package

  # busybox:
  #   image: busybox
  #   volumes:
  #     - /docker/src:/go/src
  #   commands:
  #     - chown -R 33:33 ../${DRONE_REPO_NAME}
  #     # - pwd
  #     # - ls
  #     # - echo $DRONE_WORKSPACE
  #     # - echo $DRONE_REPO
  #     # - echo $DRONE_REPO_LINK
  #     # - echo $DRONE_COMMIT_MESSAGE
  #     # - echo $DRONE_BRANCH
  #     # - if [ ${DRONE_BRANCH} == release ]; then chown -R 33:33 ${LOCAL_VOLUME}/release ; fi
  #     # - if [ ${DRONE_BRANCH} == develop ]; then chown -R 33:33 ${LOCAL_VOLUME}/develop ; fi
  rsync:
    image: drillster/drone-rsync
    volumes:
      - /docker/src:/go/src
      - /docker/${DRONE_REPO}/master:/drone
    hosts:
      - 121.42.244.38
    port: 222
    user: root
    # key: ${PLUGIN_KEY}
    source: target/${DRONE_REPO_NAME}/
    target: /docker/${DRONE_REPO}/master/
    # include:
    #   - "app.tar.gz"
    #   - "app.tar.gz.md5"
    # exclude:
    #   - "**.*"
    recursive: true
    delete: false
    script:
      - ls -l
      # - chown -R 33:33 /docker/${DRONE_REPO}/master
      # - cd /docker/${DRONE_REPO}/master
      # - export DRONE_REPO=${DRONE_REPO}
      # - export DRONE_REPO_NAME=${DRONE_REPO_NAME}
      # - docker-compose up -d
    # 这里脚本是在远程机器/root目录上执行



    # 这里脚本是在远程机器/root目录上执行
    - chown -R 33:33 /docker/${DRONE_REPO}/${DRONE_BRANCH}/
    - sed -i "s|CFG\['url'\] = .*|CFG['url'] = 'http://127.0.0.1/';|g" /docker/${DRONE_REPO}/${DRONE_BRANCH}/config.inc.php
    - sed -i "s|CFG\['cookie_domain'\] = .*|CFG['cookie_domain'] = '';|g" /docker/${DRONE_REPO}/${DRONE_BRANCH}/config.inc.php
    - sed -i "s|CFG\['db_host'\] = .*|CFG['db_host'] = 'mysql';|g" /docker/${DRONE_REPO}/${DRONE_BRANCH}/config.inc.php
    - sed -i "s|CFG\['db_name'\] = .*|CFG['db_name'] = 'destoon';|g" /docker/${DRONE_REPO}/${DRONE_BRANCH}/config.inc.php
    - sed -i "s|CFG\['db_user'\] = .*|CFG['db_user'] = 'destoon';|g" /docker/${DRONE_REPO}/${DRONE_BRANCH}/config.inc.php
    - sed -i "s|CFG\['db_pass'\] = .*|CFG['db_pass'] = 'desToon@2017';|g" /docker/${DRONE_REPO}/${DRONE_BRANCH}/config.inc.php
    - docker rm -f ${DRONE_REPO_NAME}; docker run --restart=always -d --name ${DRONE_REPO_NAME} -p 9003:80 --link mariadb:mysql -v /docker/${DRONE_REPO}/${DRONE_BRANCH}/:/var/www/html rinetd/php:5.6-apache
    -



    secrets: [ RSYNC_KEY,PLUGIN_KEY ]
    when:
      branch: develop

  # ssh:
  #   image: appleboy/drone-ssh
  #   volumes:
  #     - /docker/src/${DRONE_REPO_LINK:6}:/go/src/${DRONE_REPO_LINK:6}
  #
  #   host: demo.linyibr.com
  #   # username: root
  #   # password: ${SSH_PASSWORD}
  #   # ssh-key: ${SSH_KEY}
  #   port: 222
  #   script:
  #     - pwd

  #  # script命令是在远程机上执行 PLUGIN_KEY变量并不会传递过来
  #  secrets: [ ssh_password,SSH_KEY,PLUGIN_KEY ]
 # drone secret add --repository linyibr/zhongxinguoan --image=appleboy/drone-ssh --name SSH_KEY --value @/home/ubuntu/.ssh/id_rsa

 # drone secret add --repository bianban/lybb --name PLUGIN_KEY --value @/home/ubuntu/.ssh/id_rsa


 publish:
   image: plugins/docker
   repo: drone/drone
   tag: [ latest ]
   secrets: [ docker_username, docker_password ]
   when:
     branch: master
     event: push

drone 0.5

Drone
实例:
https://github.com/rack-roles
https://github.com/drone-demos

插件:
drone-plugins
[](https://github.com/appleboy)
Ansible role to install drone.io
zenweasel/ansible-drone
kbrebanov/ansible-drone: Ansible drone role

启动 server

--debug start the server in debug mode [$DRONE_DEBUG]
--server-addr ":8000" server address [$DRONE_SERVER_ADDR]
--server-cert server ssl cert [$DRONE_SERVER_CERT]
--server-key server ssl key [$DRONE_SERVER_KEY]
--admin [--admin option --admin option] list of admin users [$DRONE_ADMIN]
--orgs [--orgs option --orgs option] list of approved organizations [$DRONE_ORGS]
--open open user registration [$DRONE_OPEN]
--yaml ".drone.yml" build configuraton file name [$DRONE_YAML]
--cache-tty "15m0s" cache duration [$DRONE_CACHE_TTY]
--agent-secret agent secret passcode [$DRONE_AGENT_SECRET, $DRONE_SECRET]
--driver "sqlite3" database driver [$DRONE_DATABASE_DRIVER, $DATABASE_DRIVER]
--datasource "drone.sqlite" database driver configuration string [$DRONE_DATABASE_DATASOURCE, $DATABASE_CONFIG]

github

  1. OAuth applications
    配置授权应用的回调地址:Authorization callback URL: http://kbook.org/authorize
  2. 启动drone服务
    drone server --server-addr=":80" --agent-secret=16239bb0e63719b6f133 --open --admin=rinetd --github --github-client=16239bb0e63719b6f133 --github-secret=f854840a2217af573aaf9cbd7119d445e7ab8806



gogs

--gogs gogs driver is enabled [$DRONE_GOGS]
--gogs-server "https://github.com" gogs server address [$DRONE_GOGS_URL]
--gogs-git-username gogs service account username [$DRONE_GOGS_GIT_USERNAME]
--gogs-git-password gogs service account password [$DRONE_GOGS_GIT_PASSWORD]
--gogs-private-mode gogs private mode enabled [$DRONE_GOGS_PRIVATE_MODE]
--gogs-skip-verify gogs skip ssl verification [$DRONE_GOGS_SKIP_VERIFY]

  1. 启动server 域名为:kbook.org 端口
    drone server --debug --server-addr=":80" --agent-secret=123456 --open --admin=rinetd --gogs --gogs-server="http://git.yimengapp.com" --gogs-private-mode --gogs-skip-verify --gogs-git-username=rinetd --gogs-git-password=
    agents can connect with token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoiMTIzNDU2IiwidHlwZSI6ImFnZW50In0.A3W7uJIZovh5Gu1mfOAQxjV9E_2T6GgOowKP9CH7-dc
  2. 启动agent
    drone agent --drone-server=ws://kbook.org/ws/broker --drone-token=123456
  3. 客户端
    drone -s http://kbook.org -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoicmluZXRkIiwidHlwZSI6InVzZXIifQ.0ZFhdVjrBHert1yuWBk3QFO9sKVm4iPzjTkr1l024c8 repo ls
    drone -s http://kbook.org -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0Ijoic2RseWxzaGwiLCJ0eXBlIjoidXNlciJ9.pz6ip52zIZKumzVxamDk2wCgppHnp1HiZ4DTMB95h40 repo ls


Insufficient privileges to use privileged mode

drone exec --repo.trusted

  1. 通过drone 命令
    drone server --server-addr=":80" --github --github-client=16239bb0e63719b6f133 --github-secret=f854840a2217af573aaf9cbd7119d445e7ab8806 --agent-secret=16239bb0e63719b6f133 --open

export DRONE_SERVER=http://kbook.org
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoiMTYyMzliYjBlNjM3MTliNmYxMzMiLCJ0eXBlIjoiYWdlbnQifQ.A4gUVyDDECZDhF429f0fqrZ0pLzL84Pg_iyK9Td8VKs
drone server -s http://kbook.org -t eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoiMTYyMzliYjBlNjM3MTliNmYxMzMiLCJ0eXBlIjoiYWdlbnQifQ.A4gUVyDDECZDhF429f0fqrZ0pLzL84Pg_iyK9Td8VKs

  1. 通过docker 运行

生产模式

docker run -d --restart=always --name=drone -p 80:8000 -e DRONE_OPEN=true -e DRONE_SECRET=123456 -e DRONE_GOGS=true -e DRONE_GOGS_URL="http://git.yimengapp.com" -v /var/lib/drone:/var/lib/drone drone/drone:0.5

docker run -d --restart=always --name=drone-agent -e DRONE_SERVER=ws://deadcode.cn/ws/broker -e DRONE_SECRET=123456 -v /var/run/docker.sock:/var/run/docker.sock drone/drone:0.5 agent

drone.yimengapp.com

docker run -d --restart=always --name=drone-server -p 8000:8000 -e DRONE_OPEN=true -e DRONE_ADMIN=rinetd -e DRONE_SECRET=123456 -e DRONE_GOGS=true -e DRONE_GOGS_URL="http://git.yimengapp.com" -v /var/lib/drone:/var/lib/drone drone/drone:0.5

docker run -d --restart=always --name=drone-agent -e DRONE_SERVER=ws://drone.yimengapp.com/ws/broker -e DRONE_SECRET=123456 -v /var/run/docker.sock:/var/run/docker.sock drone/drone:0.5 agent
export DRONE_SERVER=http://drone.yimengapp.com
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoicmluZXRkIiwidHlwZSI6InVzZXIifQ.xvEAZXohg5RCDiGHb0T9efLFw5xk4eqVv-BDIb5EwtI

drone.linyibr.com

docker run -d --restart=always --name=drone-server -p 8000:8000 -e DRONE_OPEN=true -e DRONE_ADMIN=rinetd -e DRONE_SECRET= -e DRONE_GOGS=true -e DRONE_GOGS_URL="http://git.linyibr.com" -v /docker/drone:/var/lib/drone drone/drone:0.5

docker run -d --restart=always --name=drone-agent -e DRONE_SERVER=ws://drone.linyibr.com/ws/broker -e DRONE_SECRET= -v /var/run/docker.sock:/var/run/docker.sock drone/drone:0.5 agent

#调试模式
docker run -it --rm --name=drone -p 80:8000 -e DRONE_DEBUG=true -e DRONE_OPEN=true -e DRONE_SECRET=123456 -e DRONE_GOGS=true -e DRONE_GOGS_URL="http://git.yimengapp.com" -v /var/lib/drone:/var/lib/drone drone/drone:0.5

docker run -it --rm --name=drone-agent -e DRONE_DEBUG=true -e DRONE_SERVER=ws://kbook.org/ws/broker -e DRONE_SECRET=123456 -v /var/run/docker.sock:/var/run/docker.sock drone/drone:0.5 agent

登录DRONE_SERVER http://kbook.org 后可以获取到DRONE_TOKEN
export DRONE_SERVER=http://deadcode.cn
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoicmluZXRkIiwidHlwZSI6InVzZXIifQ.oqKKmAhSJdzgmHo0Tw8QR7-BPAAefQmS51lJQXMpLzY

drone repo ls 查看激活的repo
drone repo add yimeng/ym-ios 激活指定repo
drone repo rm yimeng/ym-ios 禁用指定repo

drone repo ls
drone repo ls --org=github
drone repo ls --format="{{ .Link }}"
drone repo info octocat/hello-world
drone repo info --format="{{ .Link }}" octocat/hello-world
drone repo add yimeng/ym-ios 激活指定repo
drone repo rm yimeng/ym-ios  禁用指定repo
drone secret ls octocat/hello-world
drone secret add
drone secret rm
drone build info
drone build list yimeng/php-yimeng #查看运行状态
drone build last yimeng/php-yimeng
drone build start
drone build stop
drone build queue
drone deploy
drone sign
drone exec
drone user ls
drone user info
drone user add
drone user rm

setting up a drone server to use TLS/SSL

If you were using certificates with drone 0.4 it will be the same configuration, although the names perhaps changed slightly. You will need to pass the following variables to your container:

DRONE_SERVER_CERT=/path/to/drone.cert
DRONE_SERVER_KEY=/path/to/drone.key

These certificates will exist on your host machine, which means their paths need to be mounted into your drone server:

--volume=/path/to/drone.cert:/path/to/drone.cert
--volume=/path/to/drone.key:/path/to/drone.key

You can also instruct Docker to expose 443 and forward to drone's default port 8000

-p 443:8000

When you configure the agent, you will of course need to update the configuration to use wss. You can read more in the agent docs, but essentially something like this:

DRONE_SERVER=wss://drone.server.com/ws/broker

And finally, if you get cert errors I recommend including the cert chain in your bund;e. Bottom line, drone does not parse certs. Drone uses http.ListenAndServeTLS(cert, key). So any cert issues are coming from the standard library directly, and questions should therefore be directed to the Go support channels.

#################################################################################

docker agent

Configuration

You will configure agent with the drone server address and shared secret:

-e DRONE_SERVER=ws://drone.server.com/ws/broker
-e DRONE_SECRET=...

You should use wss if your drone server is using TLS:

-e DRONE_SERVER=wss://drone.server.com/ws/broker

You will configure the agent with access to the host machine’s docker daemon:

-v /var/run/docker.sock:/var/run/docker.sock

Installation

Create and run your container:

docker run -d \
  -e DRONE_SERVER=ws:// \
  -e DRONE_SECRET=password \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --restart=always \
  --name=drone-agent \
  drone/drone:0.5 agent

对比:
https://en.wikipedia.org/wiki/Comparison_of_continuous_integration_software

drone 0.5 文档
drone 0.5 文档
drone demos

Documentation

Drone documentation is organized into several categories

Documentation for 0.5 (unstable)

If you are using the 0.5 unstable release (master branch) please see the updated documentation:

install

  1. SQlite3
    apt-get install libsqlite3-dev
    yum install sqlite-devel
  2. drone
    wget downloads.drone.io/master/drone.deb & dpkg -i drone.deb
    Created symlink from /etc/systemd/system/multi-user.target.wants/drone.service to /lib/systemd/system/drone.service.
    wget downloads.drone.io/master/drone.rpm & yum localinstall drone.rpm

config

##

drone --server=192.168.1.106:8000 --token=16239bb0e63719b6f133
curl -i 'https://api.github.com/users/whatever?client_id=16239bb0e63719b6f133&client_secret=f854840a2217af573aaf9cbd7119d445e7ab8806'

运行drone server

start on (filesystem and net-device-up)

chdir /var/lib/drone
console log

script

    /usr/local/bin/droned --config=/etc/drone/drone.toml

end script
~
配置文件 /etc/drone/drone.toml

--debug start the server in debug mode [$DRONE_DEBUG]
--server-addr ":8000" server address [$DRONE_SERVER_ADDR]
--server-cert server ssl cert [$DRONE_SERVER_CERT]
--server-key server ssl key [$DRONE_SERVER_KEY]
--admin [--admin option --admin option] list of admin users [$DRONE_ADMIN]
--orgs [--orgs option --orgs option] list of approved organizations [$DRONE_ORGS]
--open open user registration [$DRONE_OPEN]
--yaml ".drone.yml" build configuraton file name [$DRONE_YAML]
--cache-tty "15m0s" cache duration [$DRONE_CACHE_TTY]
--agent-secret agent secret passcode [$DRONE_AGENT_SECRET, $DRONE_SECRET]
--driver "sqlite3" database driver [$DRONE_DATABASE_DRIVER, $DATABASE_DRIVER]
--datasource "drone.sqlite" database driver configuration string [$DRONE_DATABASE_DATASOURCE, $DATABASE_CONFIG]
--github github driver is enabled [$DRONE_GITHUB]
--github-server "https://github.com" github server address [$DRONE_GITHUB_URL]
--github-context "continuous-integration/drone" github status context [$DRONE_GITHUB_CONTEXT]
--github-client github oauth2 client id [$DRONE_GITHUB_CLIENT]
--github-secret github oauth2 client secret [$DRONE_GITHUB_SECRET]
--github-scope [--github-scope option --github-scope option] github oauth scope [$DRONE_GITHUB_SCOPE]
--github-git-username github machine user username [$DRONE_GITHUB_GIT_USERNAME]
--github-git-password github machine user password [$DRONE_GITHUB_GIT_PASSWORD]
--github-merge-ref github pull requests use merge ref [$DRONE_GITHUB_MERGE_REF]
--github-private-mode github is running in private mode [$DRONE_GITHUB_PRIVATE_MODE]
--github-skip-verify github skip ssl verification [$DRONE_GITHUB_SKIP_VERIFY]
--gogs gogs driver is enabled [$DRONE_GOGS]
--gogs-server "https://github.com" gogs server address [$DRONE_GOGS_URL]
--gogs-git-username gogs service account username [$DRONE_GOGS_GIT_USERNAME]
--gogs-git-password gogs service account password [$DRONE_GOGS_GIT_PASSWORD]
--gogs-private-mode gogs private mode enabled [$DRONE_GOGS_PRIVATE_MODE]
--gogs-skip-verify gogs skip ssl verification [$DRONE_GOGS_SKIP_VERIFY]
--bitbucket bitbucket driver is enabled [$DRONE_BITBUCKET]
--bitbucket-client bitbucket oauth2 client id [$DRONE_BITBUCKET_CLIENT]
--bitbucket-secret bitbucket oauth2 client secret [$DRONE_BITBUCKET_SECRET]
--gitlab gitlab driver is enabled [$DRONE_GITLAB]
--gitlab-server "https://gitlab.com" gitlab server address [$DRONE_GITLAB_URL]
--gitlab-client gitlab oauth2 client id [$DRONE_GITLAB_CLIENT]
--gitlab-secret gitlab oauth2 client secret [$DRONE_GITLAB_SECRET]
--gitlab-git-username gitlab service account username [$DRONE_GITLAB_GIT_USERNAME]
--gitlab-git-password gitlab service account password [$DRONE_GITLAB_GIT_PASSWORD]
--gitlab-skip-verify gitlab skip ssl verification [$DRONE_GITLAB_SKIP_VERIFY]
--gitlab-private-mode gitlab is running in private mode [$DRONE_GITLAB_PRIVATE_MODE]
--stash stash driver is enabled [$DRONE_STASH]
--stash-server stash server address [$DRONE_STASH_URL]
--stash-consumer-key stash oauth1 consumer key [$DRONE_STASH_CONSUMER_KEY]
--stash-consumer-rsa stash oauth1 private key file [$DRONE_STASH_CONSUMER_RSA]
--stash-git-username stash service account username [$DRONE_STASH_GIT_USERNAME]
--stash-git-password stash service account password [$DRONE_STASH_GIT_PASSWORD]
--stash-skip-verify stash skip ssl verification [$DRONE_STASH_SKIP_VERIFY]

`