稷下雅苑

主题

用drone实现CICD

简介

drone CI是一款基于go语言开发的持续集成工具,特点是占用系统资源少,内存需求为jenkins的十分之一,非常适用于云原生的场景

配置github

Applications创建一个OAuth应用

conf
ClientID=Ov23***************
ClientSecrets=d072************************************

生成共享密钥

运行如下代码获取密钥

sh
openssl rand -hex 16

生成的密钥如57de****************************

部署drone

使用docker-compose来部署drone

yaml
services:
  drone-server:
    image: drone:latest
    container_name: drone
    environment:
      - DRONE_GITHUB_CLIENT_ID=Ov23***************
      - DRONE_GITHUB_CLIENT_SECRET=d072************************************
      - DRONE_RPC_SECRET=57de****************************
      - DRONE_SERVER_HOST=172.18.0.2
      - DRONE_SERVER_PROTO=http
      - DRONE_USER_CREATE=username:lancelotzhu,admin:true
      - DRONE_USER_FLITER=lancelotzhu
    restart: always
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    expose:
      - "80"
 
  drone-runner:
    image: 	drone-runner-docker:latest
    container_name: drone-runner
    environment:
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_HOST=172.18.0.2:80
      - DRONE_RPC_SECRET=57de****************************
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=my-runner
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    expose:
      - "3000"

修改nginx配置

需要将回调地址暴露到公网给github进行回调,可通过nginx将回调地址配置成更安全的https地址

conf
server {
    listen 443 ssl;
    server_name xxx.lancelotzhu.top;

    ssl_certificate /etc/nginx/cert/xxx.example.com.pem;
    ssl_certificate_key /etc/nginx/cert/xxx.example.com.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_http_version 1.1;
        proxy_pass http://172.18.0.2;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Remote_addr $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        proxy_read_timeout 100s;
    }
}