[WIP] Setting up Drone CI

Introduction

This tutorial will explain how to set up a Drone server for Continuous Integration.

The server contains the interface and the program's logic for coordinating builds and managing them.

Each agent/runner is the actual machine doing the building. A Drone Server may be manage a variable amount of runners.

In this guide we have 1 server and 1 runner. The focus is on having one dedicated server for each component. That means, the Drone server is installed on one machine and the runner is installed on a different one.

With little adjustments to this guide, by skipping the unnecessary client setups, you can install both, the runner and the server, on the same machine.

The Git server used here is Gitea. With little adjustments to the guide, you can use any Git server you can see here.

Environment

Hardware amd64 VPS
OS Debian 10 Buster

Dependencies

  1. Docker
  2. docker-compose
  3. Internet Domain

Step by Step Instructions

Prepare Git for the Drone Server Configuration

1. Create an OAuth Application

Read and apply the section Create an OAuth Application here.

The domain applied must be the same as the one used in the following NGINX and Drone server configuration.

Install the Drone Server

1. Add DNS entry to your domain.

A domain of your choice needs to point to the address of your server.

2. Change to root user

sudo -s

3. Installation of additional Dependencies

apt update
apt install -y certbot nginx

4. Create user user and add persistence

useradd --system --create-home --shell /bin/bash --password <your-password-here> drone
mkdir /home/drone/data
chown -R drone:drone /home/drone

5. Configure NGINX server

Create and open vhost file:

cd /home/drone
nano /etc/nginx/sites-available/sub.domain.tld.vhost

Paste the following configuration into the file:

server {
  listen 80;
  server_name sub.domain.tld;

  location / {
    proxy_pass http://127.0.0.1:52923; # http_port
    proxy_redirect default;
    proxy_set_header Host      $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location ~ /.well-known/acme-challenge/ {
    allow all;
  }
}

Activate vhost file:

ln -s /etc/nginx/sites-available/sub.domain.tld.vhost /etc/nginx/sites-enabled/sub.domain.tld.vhost

Restart NGINX:

systemctl restart nginx

6. Create Let's Encrypt certificate for sub.domain.tld

https://certbot.eff.org/lets-encrypt/debianbuster-nginx

Restart NGINX:

systemctl restart nginx

7. Run server

Create and open docker-compose.yaml:

cd /home/drone
touch docker-compose.yaml
chmod 600 docker-compose.yaml
nano docker-compose.yaml

Paste the following configuration into the file:

TODO: Make this a docker-compose.yaml

#!/bin/bash
DRONE_GITEA_CLIENT_ID="<your-gitea-client-id>"
DRONE_GITEA_CLIENT_SECRET="<your-gitea-client-server>"
DRONE_GITEA_SERVER="https://git.domain.tld"
DRONE_GIT_ALWAYS_AUTH="false"
DRONE_RPC_SECRET="<drone-rpc-secret>"
DRONE_SERVER_HOST="sub.domain.tld"
DRONE_SERVER_PROTO="http" # HTTP! Secure HTTP connection will be handled by NGINX.
DRONE_USER_CREATE="username:Admin,admin:true" # Username can be any one you like.
DRONE_LOGS_TRACE=true
http_port=52923
https_port=52822

docker run \
  --volume=/home/drone/data:/data \
  --volume="${DRONE_TLS_CERT}:${DRONE_TLS_CERT}" \
  --volume="${DRONE_TLS_KEY}:${DRONE_TLS_KEY}" \
  --env=DRONE_AGENTS_ENABLED=true \
  --env=DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER} \
  --env=DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} \
  --env=DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} \
  --env=DRONE_RPC_SECRET=${DRONE_RPC_SECRET} \
  --env=DRONE_SERVER_HOST=${DRONE_SERVER_HOST} \
  --env=DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO} \
  --env=DRONE_TLS_CERT=${DRONE_TLS_CERT} \
  --env=DRONE_TLS_KEY=${DRONE_TLS_KEY} \
  --env=DRONE_USER_CREATE=${DRONE_USER_CREATE} \
  --env=DRONE_LOGS_TRACE=${DRONE_LOGS_TRACE} \
  --publish=${http_port}:80 \
  --publish=${https_port}:443 \
  --restart=always \
  --detach=true \
  --name=drone-server \
  drone/drone:2

Run server:

docker-compose up -d

 

Install a Drone Runner

Can be repeated on each Runner.

1. Add DNS entry to your domain.

A domain of your choice needs to point to the address of your server.

2. Change to root user

sudo -s

3. Installation of additional Dependencies

apt update

4. Create user user and add persistence

useradd --system --create-home --shell /bin/bash --password <your-password-here> drone
chown -R drone:drone /home/drone

5. Run runner

Create and open docker-compose.yaml:

cd /home/drone
touch docker-compose.yaml
chmod 600 docker-compose.yaml
nano docker-compose.yaml

Paste the following configuration into the file:

TODO: Make this a docker-compose.yaml

#!/bin/bash
DRONE_RPC_HOST="sub.domain.tld" # Must be the Drone Server's public domain address, as specified above in the Drone Server Setup.
DRONE_RPC_PROTO="https" # HTTPS, if reached from a different machine. HTTP, if the runner is on the same machine, as the server.
DRONE_RPC_SECRET="<your-drone-rpc-secret>"
DRONE_RUNNER_CAPACITY=2 # Limits the number of concurrent pipelines that a runner can execute.
DRONE_LOGS_TRACE=true
runner_port=52925 # Port must be opened in Firewall.

docker run \
  --volume=/var/run/docker.sock:/var/run/docker.sock \
  --env=DRONE_RPC_PROTO=${DRONE_RPC_PROTO} \
  --env=DRONE_RPC_HOST=${DRONE_RPC_HOST} \
  --env=DRONE_RPC_SECRET=${DRONE_RPC_SECRET} \
  --env=DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY} \
  --env=DRONE_RUNNER_NAME=${HOSTNAME} \
  --env=DRONE_LOGS_TRACE=${DRONE_LOGS_TRACE} \
  --publish=${runner_port}:3000 \
  --restart=always \
  --detach=true \
  --name=drone-runner \
  drone/drone-runner-docker:1

Run server:

docker-compose up -d

 

Now, when both run, the server and runner, run fine, you visit the Drone Server's Web UI:

sub.domain.tld (DRONE_SERVER_HOST)

Log in with the details provided in DRONE_USER_CREATE.

The login screen may also redirect to the Gitea server's login page, instead. Then you need to log in to Gitea, as usual.

 

[WIP] Add a Gitea repository's pipeline

 

1. Add a drone.yaml to your repository

https://docs.drone.io/yaml/docker/

 

Sources