Published on

Setup a Drone CICD Environment on Docker with Letsencrypt

Authors

drone-ci

What is Drone?

Drone is a self-service continuous delivery platform which can be used for CICD pipelines, devopsy stuff which is really awesome.

With Configuration as Code, Pipelines are configured with a simple, easy‑to‑read file that you commit to your git repository such as github, gitlab, gogs, gitea etc.

Each Pipeline step is executed inside an isolated Docker container that is automatically downloaded at runtime, if not found in cache.

Show me pipelines!

A pipeline can look as easy as:

kind: pipeline
steps:
- name: test
  image: node
  commands:
  - npm install
  - npm test
services:
- name: database
  image: mysql
  ports:
  - 3306

Open for Testing!

I have enabled public access, so please go ahead and launch your cicd pipelines on my drone setup as I want to test the stability of it:

==> https://drone.rbkr.xyz/

What are we doing?

We will deploy a drone server which is responsible for the actual server and 2 drone agents which will receive instructions from the server whenever steps need to be executed. Steps run on agents.

Deploy the Servers

I'm using VULTR to deploy 3 nodes on coreos, 1 drone server and 2 drone agents as seen below:

image

Documentation: https://docs.drone.io/installation/github/multi-machine/ https://github.com/settings/developers

We will use Github for version control and to delegate auth, therefore we need to register a new application on Github.

Register New Application on Github at https://github.com/settings/developer :

register-application

Get your Drone-Server Host Endpoint, and update the fields:

image

You will receive a Github Client ID, Secret which we will need later, which will look like this:

Client ID:
xx
Client Secret:
yyy

Generate the shared secret which will be used on the server and agent:

$ openssl rand -hex 16
eb83xxe19a3497f597f53044250df6yy

Create the Startup Script for Drone Server, which will just be a docker container running in detached mode. Note that you should use your own domain at SERVER_HOST and if you want to issue an certificate automatically keep DRONE_TLS_AUTOCERT to true.

$ cat > start_drone-server.sh << EOF
#!/usr/bin/env bash

set -ex

GITHUB_CLIENT_ID=xx
GITHUB_CLIENT_SECRET=yyy
SHARED_SECRET=eb83xxe19a3497f597f53044250df6yy
SERVER_HOST=drone.yourdomain.com
SERVER_PROTOCOL=https

docker run \
  --volume=/var/run/docker.sock:/var/run/docker.sock \
  --volume=/var/lib/drone:/data \
  --env=DRONE_GITHUB_SERVER=https://github.com \
  --env=DRONE_GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID} \
  --env=DRONE_GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET} \
  --env=DRONE_AGENTS_ENABLED=true \
  --env=DRONE_RPC_SECRET=${SHARED_SECRET} \
  --env=DRONE_SERVER_HOST=${SERVER_HOST} \
  --env=DRONE_SERVER_PROTO=${SERVER_PROTOCOL} \
  --env=DRONE_TLS_AUTOCERT=true \
  --env=DRONE_USER_CREATE=username:<your-github-username>,admin:true \
  --publish=80:80 \
  --publish=443:443 \
  --restart=always \
  --detach=true \
  --name=drone \
  drone/drone:1
EOF

Create the startup script for the drone agent, note that this script needs to be placed on the agent nodes:

$ cat > start_drone-agent.sh << EOF
#!/usr/bin/env bash

set -ex

SHARED_SECRET=eb83xxe19a3497f597f53044250df6yy
AGENT_SERVER_HOST=https://drone.yourdomain.com
SERVER_PROTOCOL=https

docker run \
  --volume=/var/run/docker.sock:/var/run/docker.sock \
  --env=DRONE_RPC_SERVER=${AGENT_SERVER_HOST} \
  --env=DRONE_RPC_SECRET=${SHARED_SECRET} \
  --env=DRONE_RUNNER_CAPACITY=2 \
  --env=DRONE_RUNNER_NAME=${HOSTNAME} \
  --restart=always \
  --detach=true \
  --name=drone-agent-02 \
  drone/agent:1
EOF

Logon to the server node and start the drone server:

$ bash start_drone-agent.sh

Login to the agent nodes and start the agents:

$ bash start_drone-agent.sh

The server should show that it's listening on port 80 and 443:

$ docker ps
CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS                                      NAMES
8ea70fc7b967        drone/drone:1       "/bin/drone-server"   12 minutes ago      Up 12 minutes       0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   drone

Access Drone

Access your Drone instance on port 80 eg. http://drone.yourdomain.com you should be automatically redirected to port 443, which should direct you to a login page, which will look like this:

drone-authorize

Login with your github account and allow drone some time to sync your repositories:

image

Add drone config to your repository:

Clone this repository: https://github.com/ruanbekker/drone-ci-testing which will contain the .drone.yml config which drone gets its instructions from.

Select a repository to activate, (drone-ci-testing in this case) head over to settings:

image

Adding secret:

image

Add more secrets:

image

Your build list should be empty:

image

Trigger a Build

Edit any of the files in the clone repository and you should see your build running:

image

When your build has completed:

image

You can also find out where the step ran:

image

Run a couple of tests:

image

Get notified via slack:

image

Debugging

If your build fails, its most likely that you need the slack_webhook secret. You can remove the slack step which shouldhelp you get going with drone.

More on Drone

Have a look at this document for more examples or have a look at their documentation as well as their extensive list of plugins and their setup documentation to become familiar with their configuration.

Thank You

Thanks for reading, if you like my content, feel free to check out my website, and subscribe to my newsletter or follow me at @ruanbekker on Twitter.

Buy Me A Coffee