写就时间戳 2021-05-27
本文使用环境:
Debian GNU/Linux 10 (buster) / 内核版本号 Debian 4.19.146 ### Ubuntu18+应该也是完全通用,但并没有测试 docker 20.10.6 docker-compose 1.24.1 caddy v2.4.1 gitea 1.14.2 drone v1
各组件作用简介
模块 | 作用 |
---|---|
docker | 如果你需要看这个,我觉得你适合继续看此文 |
docker-compose | docker的包装工具,自动启动多个 docker container |
caddy | 为 gitea 对外提供一个webserver,自动申请https证书等 |
gitea | git 服务器 |
drone | CI 服务 包含 drone server, drone runner |
使用云服务商自动创建并选择os最简单,建议使用阿里云、腾讯云。
如果不改这个端口号,就需要调整gitea端口,那样的话,默认的clone地址中就会有自定义端口号,对某些兼容性不够的工具造成困扰。
/etc/ssh/sshd_config
Port 2222
改好sshd配置,重启一下ssh
systemctl restart ssh
如果你过去安装过 docker,先删掉:
apt-get remove docker docker-engine docker.io
apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
下面的镜像地址,选1个就好
# 使用阿里云镜像地址 add-apt-repository \ "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/debian \ $(lsb_release -cs) \ stable" # 使用清华镜像地址 add-apt-repository \ "deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian \ $(lsb_release -cs) \ stable" apt-get update apt-get install docker-ce
cat <<EOF > /etc/docker/daemon.json { "registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"], # 指定一个docker拉取加速地址 "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "data-root":"/data/dockerd", # 更换使用自定义docker数据目录 "storage-driver": "overlay2" } EOF systemctl stop ufw update-rc.d ufw disable systemctl reload docker systemctl restart docker
curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
drone server自身没有提供登录系统,而是通过 gitea 的 oauth 应用接入来完成鉴权。
启动 drone server 前必须指定。
version: "2" networks: gitea: external: false services: gitea: # image: gitea/gitea:1.14.2 image: gitea/gitea:1.13.7 environment: - USER_UID=1000 - USER_GID=1000 restart: always networks: - gitea volumes: - /data/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - "3000:3000" - "22:22" drone-server: image: drone/drone:1 ports: - "8080:80" volumes: - /data/drone-server:/data environment: - DRONE_GIT_ALWAYS_AUTH=true - DRONE_AGENTS_ENABLED=true - DRONE_USER_CREATE=username:superadmin,admin:true - DRONE_GITEA_SERVER=https://gitea.somewhere.com - DRONE_GITEA_CLIENT_ID=abcdefgh-1234-5678-b910-725350408624 - DRONE_GITEA_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - DRONE_RPC_SECRET=da0121bb74c18666c32515e8b93cd5c5 # 和下面部分一致 - DRONE_SERVER_HOST=gitea-drone.somewhere.com - DRONE_SERVER_PROTO=https - DRONE_TLS_AUTOCERT=false drone-runner: image: drone/drone-runner-docker:1 #ports: #- "8080:80" volumes: - /data/drone-runner:/data - /var/run/docker.sock:/var/run/docker.sock environment: - DRONE_RPC_PROTO=http - DRONE_RPC_HOST=10.10.99.143:8080 - DRONE_RPC_SECRET=da0121bb74c18666c32515e8b93cd5c5 # 和上面配置一致 - DRONE_RUNNER_CAPACITY=2 - DRONE_RUNNER_NAME=runner-01
Caddyfile
gitea.somewhere.com { reverse_proxy localhost:3000 { # transparent } } gitea-drone.somewhere.com { reverse_proxy localhost:8080 { # transparent } }
在项目中添加如下文件:
.drone.yml
kind: pipeline type: docker name: build # volumes: # - name: dockersock # host: # path: /var/run/docker.sock trigger: branch: - master - testing steps: - name: image image: alpine:3.11 # volumes: # - name: dockersock # path: /var/run/docker.sock environment: docker_user: from_secret: docker_user docker_password: from_secret: docker_password docker_host: from_secret: docker_host commands: # - echo $docker_user # - echo "docker pswd=$docker_password" # - docker build -t ${DRONE_REPO_NAME}:${CI_COMMIT_BRANCH} . # - docker rm -f "${DRONE_REPO_NAME}" || true # - docker run -itd --name ${DRONE_REPO_NAME} -v /data/${DRONE_REPO_NAME}/config.yaml:/config.yaml --restart always -p9090:80 ${DRONE_REPO_NAME}:${CI_COMMIT_BRANCH} - echo "OK" && date && echo "done"