Location>code7788 >text

Implementing CI/CD based on Drone [0 to 1 Architecture Series].

Popularity:84 ℃/2024-07-29 11:34:44

CI/CD is Continuous Integration and Continuous Deployment (CI/CD), which simply means automated build and automated deployment. At present, there are many integration programs, there are also many assembly programs, as long as you can realize the automated build products, and then automatically deployed to the production environment on the line.

At present, many source code are integrated with CI/CD functionality , drone is also currently more popular a program , easy to use , high performance.

pre-conditions

Already using Gitea Deployment Role Source Code Management.Build source code management with gitea .

have deployed private libraries using Harbor.harbor build and deployment.

have been deployed using Portainer.portainer installation, configuration, and usage.

preliminary

Pull the docker images that we're likely to use for our next CI/CD work, and we'll continue to explain what they do later.

#autobuild
docker pull drone/drone
docker pull drone/drone-runner-docker

#automatic deployment
docker pull drone/drone-runner-ssh
docker pull docker
docker pull plugins/docker
docker pull curlimages/curl

autobuild

drone is the service center or understood as the task center, where Git webhooks are notified.

drone-runner-docker is the equivalent of a job container that actually participates in the build process. drone-runner-docker communicates with drone at regular intervals to obtain the build tasks, and then executes them according to a defined process. The design of this process is determined by the . configuration file, so writing . is also the main core.

step one, set up Gitea's OAuth2 login, since drone uses the OAuth2 login scheme.

Log in to Gitea -> top right -> Admin Backend -> Admin Settings -> Integration -> Applications. Create the application, redirect the URI address to the domain where you deployed the dron, e.g.: htts:///login

Step two.Start the containers, you can start them individually, here docker-compose is used for management.

version: "3"

services.
  drone-server.
    image: drone:latest
    container_name: drone
    environment: DRONE_GITEA_SERVER
      - DRONE_GITEA_SERVER= #Source address of your deployment
      - DRONE_GITEA_CLIENT_ID=dadda5f7-a951-4e8a-a2de-ebf737a5bef5 #Oauth2 login, Client Id
      - DRONE_GITEA_CLIENT_SECRET=******************************** #Oauth2 Login, Client Key
      
      - DRONE_SERVER_HOST= #Bind your drone domain name, IP is fine.
      - DRONE_SERVER_PROTO=https #http, https can be used.
      - DRONE_TLS_CERT=/SSL/ #HTTPS Certificate
      - DRONE_TLS_KEY=/SSL/ #HTTPS certificate
      - DRONE_USER_CREATE=username:giteauser,admin:true #Create an account, here you need to fill in your gitea account, default administrator
      - DRONE_USER_FILTER=giteauser #Restrict login to a specific account.
    restart: always
    volumes: /SSL:/SSL #Restrict logins to a specific account.
      - /SSL:/SSL #Mount the certificate.
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports.
      - "443:443"

  drone-runner.
    image: drone-runner-docker:latest
    container_name: drone-runner
    environment: DRONE_RPC_PROTO=https
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=:443 #domain name or IP of drone
      
      - DRONE_RUNNER_CAPACITY=2 #Number of working threads
      - DRONE_RUNNER_NAME=my-runner
    restart: always
    volumes.
      - /var/run/:/var/run/ #mounted, required
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

After starting the container, visit the drone domain name you can see the landing page, click "CONTINUE", it will jump to Gitea login, login will be authorized to return to the drone interface.

Step three.Set up a webhook.

After entering the drone interface, click the "SYNC" button in the upper-right corner to synchronize your Gitea project, and click Project -> Settings -> ACTIVATE REPOSITORY to automatically add a webhook on top of the corresponding project in Gitea.

Check out Gitea's webhook.

In the drone interface, set the project "Trusted", this is very important, otherwise in subsequent builds despite the mount, it will still prompt the following error, if there is no such option, it is due to the start of the drone container did not fill in the DRONE_USER_CREATE reason.

Cannot connect to the Docker daemon at unix:///var/run/. Is the docker daemon running?
exit status 1

Step four.The next step is to write the . file, you need to mount /var/run/ into the drone-runner actually use the mother machine's docker in the construction of the product, that is to say, after the successful construction of the image on the mother machine through the docker images can be queried.

The following example builds using a Dockerfile file. plugins/docker:latest images are pre-set images with dockerfile-based build and push capabilities.

kind: pipeline
type: docker
name: default

steps:
  - name: construct (sth abstract)&push #Pipe name
    image: plugins/docker:latest
    volumes:
      - name: dockersock
        path: /var/run/
    settings:
      registry:  #You deployeddockerPrivate library address
      repo: /project/web
      tags: latest
      dockerfile: ./Dockerfile
      pull_image: false #construct (sth abstract)的时候是否强制拉取最新镜像
      username: abc
      password: 123

volumes: #mount
- name: dockersock
  host:
    path: /var/run/

You can also use a docker image and write your own commands to build it.

kind: pipeline
type: docker
name: default

steps:
  - name: construct (sth abstract)&push #Pipe name
    image: docker:latest
    volumes:
      - name: dockersock
        path: /var/run/
    commands:
      - docker build -t web:latest .
      - docker image tag web:latest /project/web:latest
      - docker push web:latest /project/web:latest

volumes: #mount
- name: dockersock
  host:
    path: /var/run/

Step Five.At this point, the automatic build and push to the private repository is basically complete. After each packaged product, the image will not be actively deleted, so we can add one more process to delete the remaining image.

kind: pipeline
type: docker
name: default

steps:
  - name: Cleaning up mirrors #Pipe name
    image: docker:latest
    volumes:
      - name: dockersock
        path: /var/run/
    commands:
      - docker images --filter=reference='/project/web:*' --format '{{.ID}}' | xargs -I {} docker rmi -f {}

volumes: #mount
- name: dockersock
  host:
    path: /var/run/

Self-deployed

Mode I.SSH remote login, pull image, redeploy.

kind: pipeline
type: docker
name: default

steps:
  - name: SSHdeployments #Pipe name
    image: drone/drone-runner-ssh:latest
    settings:
      host: 192.168.3.78
      username: root
      password: 123
      port: 22
      script: #deployments执行动的命令
        - echo ====开始deployments=======
        - docker pull /project/web:latest
        - docker stop web
        - docker rm web
        - docker run -d --name web -p 80:8080 /project/web:latest
        - echo ====deployments成功======

Mode II.Update via Portainer's webhook.

Go to the portainer management interface, go to the container details page, turn on the container's webhook, and copy the pass-through address.

kind: pipeline
type: docker
name: default

steps:
  - name: Portainerdeployments #Pipe name
    image: curlimages/curl:latest
    commands:
      - curl -X POST "/api/webhooks/983DB2D1-34B8-4527-087B-08D76FE58AE5"

Notification of completion of deployment

After the deployment is complete, developers can view the progress through the drone management interface, or push the success message to WeChat, SMS, email, pinning, etc. via webhook notification.

kind: pipeline
type: docker
name: default

steps:
  - name: Notification of completion of deployment #Pipe name
    image: curlimages/curl:latest
    commands:
      - curl -X POST "notifiedwebhookaddress"

A complete example is shown below:

kind: pipeline
type: docker
name: default

steps:
  - name: construct (sth abstract)&push #Pipe name
    image: plugins/docker:latest
    volumes:
      - name: dockersock
        path: /var/run/
    settings:
      registry:  #You deployeddockerPrivate library address
      repo: /project/web
      tags: latest
      dockerfile: ./Dockerfile
      pull_image: false #construct (sth abstract)的时候是否强制拉取最新镜像
      username: abc
      password: 123

  - name: Cleaning up mirrors #Pipe name
    image: docker:latest
    volumes:
      - name: dockersock
        path: /var/run/
    commands:
      - docker images --filter=reference='/project/web:*' --format '{{.ID}}' | xargs -I {} docker rmi -f {}

  - name: Portainerdeployments #Pipe name
    image: curlimages/curl:latest
    commands:
      - curl -X POST "/api/webhooks/983DB2D1-34B8-4527-087B-08D76FE58AE5"

  - name: deployments完成通知 #Pipe name
    image: curlimages/curl:latest
    commands:
      - curl -X POST "notifiedwebhookaddress"

volumes: #mount point,public use
- name: dockersock
  host:
    path: /var/run/

Running effects:

 

More articles in the series

Build high-performance, scalable, highly available, secure, automated, traceable, and holistic application architectures.