As mentioned in the previous article, this article will talk about how to build and use Gitea and Drone. Because of too much content, I plan to split this content into several parts. This part will first talk about how to build and use it.
Writing in the front
In order to facilitate the configuration of domain names, certificates, and potential subsequent dynamic capacity expansion, we can use Traefik together, so that Drone and Gitea only focus on CI and code storage related functions, and hand over the affairs related to “encryption certificates and traffic forwarding” to Traefik.
Compared with the old version of GitLab mentioned in the previous article, this solution has lower resource requirements, so that the burden of running a complete SET of CI locally is reduced to a very low level, and the daily operation resource consumption is almost negligible (not counting the container for CI execution, even including Traefik, Less than 200M for daily use) :
CONTAINER ID NAME CPU % MEM USAGE/LIMIT MEM % NET I/O BLOCK I/O PIDS 5295526d73f5 runner.nuc.com 0.00% 6.215MiB / 31.23GiB 0.02% 30.4kB / 24.3KB 11.8MB / 0B 17 9E810F12e2b4 Drone.nuc.com 0.00% 10.56MiB / 31.23GiB 0.03% 36.5kB / 25.3kB 33.9MB / 0B 13 551b2E8683BA Gitea.nuc.com 2.05% 152MiB / 31.23GiB 0.48% 104kB / 439kB 88.8MB / 459kB 18 F4606080EF23 Traefik 2.40% 20.49MiB / 31.23GiB 0.06% 483kB / 282kB 58.1MBCopy the codeThis program has a low requirement for resources, essentially because the number of software/functions is at least one order of magnitude less than GitLab, and the software is written in a single language. Compared with Ruby, the compiled and executed Go language program has a very abnormal improvement in performance. I mentioned this earlier in a post on Nine Options for redirection and performance Comparisons.
If you are curious about GitLab’S CI features and development history, check out this article “Talk about GitLab’s CI/CD development history”.
Setting up the infrastructure
Let’s talk about how to build.
Preparing the system Environment
This article uses container deployment, in simple terms, as long as your machine environment can run Docker, so notebook or NUC is ok, let alone the standard Linux system environment.
If you are not familiar with Linux, I recommend using the container-friendly Ubuntu system, but if you want to supplement and understand some of the basics, check out previous articles.
Of course, if you use MacOS, all you need to do is install Docker Desktop.
Traefik pre-installation configuration
If you’re not familiar with Traefik 2, you can find out about it in “Easier Ways to Use Traefik 2.” If you want to learn more about Traefik 2, check out this collection of tags.
Code repository Gitea installation configuration
At the beginning of last year, IN the article “Using Docker and Traefik V2 to build lightweight Code Repository (Gitea)”, I mentioned how to install it. At that time, I chose to use Traefik to forward the SSH port of Git Server. This time, we change the way to expose the port. Reduce coupling between applications and further improve efficiency.
Env to facilitate maintenance, we need to define a.env file, which may change later, and we need to customize the content:
DOCKER_IMAGE= Gitea/Gitea :1.13.2 Git SSH Server #SSH_PORT_EXPOSE=22 # Only internal CI is allowed, local machines use SSH to access the service SSH_PORT_EXPOSE=127.0.0.1:22Copy the codeTo define the service choreography configuration file, you can usually just copy and paste it without adjusting it:
Version: '3.6' services: gitea: image: ${DOCKER_IMAGE} container_name: ${SERVICE_DOMAIN} ports: - ${SSH_PORT_EXPOSE}:22 environment: - USER_UID=1000 - USER_GID=1000 - APP_NAME=${SERVICE_NAME} - RUN_MODE=prod - RUN_USER=git - SSH_DOMAIN=${SERVICE_DOMAIN} - SSH_PORT=22 - SSH_LISTEN_PORT=22 - HTTP_PORT=80 - ROOT_URL=https://${SERVICE_DOMAIN} - LFS_START_SERVER=true - REQUIRE_SIGNIN_VIEW=true - DB_TYPE=sqlite3 - INSTALL_LOCK=false - DISABLE_GRAVATAR=true networks: - traefik restart: unless-stopped labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.routers.giteaweb.middlewares=https-redirect@file" - "traefik.http.routers.giteaweb.entrypoints=http" - "traefik.http.routers.giteaweb.rule=Host(`${SERVICE_DOMAIN}`)" - "traefik.http.routers.giteassl.middlewares=content-compress@file" - "traefik.http.routers.giteassl.entrypoints=https" - "traefik.http.routers.giteassl.tls=true" - "traefik.http.routers.giteassl.rule=Host(`${SERVICE_DOMAIN}`)" - "traefik.http.services.giteabackend.loadbalancer.server.scheme=http" - "traefik.http.services.giteabackend.loadbalancer.server.port=80" volumes: Use # # standard Linux system - / etc/localtime: / etc/localtime: ro # - / etc/timezone: / etc/timezone: ro - ./repositories:/data/git/repositories - ./data:/data/gitea/ logging: driver: "json-file" options: max-size: ${SERVICE_DOMAIN}:127.0.0.1" healthCheck: test: ["CMD-SHELL", "wget -q --spider --proxy off localhost || exit 1"] interval: 5s networks: traefik: external: trueCopy the codeAfter saving the above content as docker-comemage. yml, use docker-compose up -d to start the service.
Docker-compose logs -f
gitea.nuc.com | Generating /data/ssh/ssh_host_ed25519_key... gitea.nuc.com | Generating /data/ssh/ssh_host_rsa_key... gitea.nuc.com | Generating /data/ssh/ssh_host_dsa_key... gitea.nuc.com | Generating /data/ssh/ssh_host_ecdsa_key... gitea.nuc.com | Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory gitea.nuc.com | Could not load host certificate "/data/ssh/ssh_host_rsa_cert": No such file or directory gitea.nuc.com | Could not load host certificate "/data/ssh/ssh_host_ecdsa_cert": No such file or directory gitea.nuc.com | Could not load host certificate "/data/ssh/ssh_host_dsa_cert": No such file or directory gitea.nuc.com | Server listening on :: | Server listening on port 22. Gitea.nuc.com 0.0.0.0 port 22. Gitea.nuc.com | 2021/02/25 16:31:51 cmd/web.go:108:runWeb() [I] Starting Gitea on PID: 15 gitea.nuc.com | 2021/02/25 16:31:51 ... dules/setting/git.go:91:newGit() [I] Git Version: 2.26.2, Wire Protocol Version 2 Enabled gitea.nuc.com | 2021/02/25 16:31:51 routers/init.go:132:GlobalInit() [T] AppPath: /app/gitea/gitea gitea.nuc.com | 2021/02/25 16:31:51 routers/init.go:133:GlobalInit() [T] AppWorkPath: /app/gitea gitea.nuc.com | 2021/02/25 16:31:51 routers/init.go:134:GlobalInit() [T] Custom path: /data/gitea gitea.nuc.com | 2021/02/25 16:31:51 routers/init.go:135:GlobalInit() [T] Log path: /data/gitea/log gitea.nuc.com | 2021/02/25 16:31:51 ... Dules/setting/log. Go: 297: newLogService () [I] Gitea v1.13.2 built with GNU Make 4.3, go1.15.7: bindata, timetzdata, sqlite, sqlite_unlock_notify gitea.nuc.com | 2021/02/25 16:31:51 ... dules/setting/log.go:343:newLogService() [I] Gitea Log Mode: Console(Console:info) gitea.nuc.com | 2021/02/25 16:31:51 ... dules/setting/log.go:249:generateNamedLogger() [I] Macaron Log: Console(console:info) gitea.nuc.com | 2021/02/25 16:31:51 ... dules/setting/log.go:249:generateNamedLogger() [I] Router Log: Console(console:info) gitea.nuc.com | 2021/02/25 16:31:51 ... les/setting/cache.go:70:newCacheService() [I] Cache Service Enabled gitea.nuc.com | 2021/02/25 16:31:51 ... les/setting/cache.go:81:newCacheService() [I] Last Commit Cache Service Enabled gitea.nuc.com | 2021/02/25 16:31:51 ... s/setting/session.go:63:newSessionService() [I] Session Service Enabled gitea.nuc.com | 2021/02/25 16:31:51 ... s/storage/storage.go:151:initAttachments() [I] Initialising Attachment storage with type: gitea.nuc.com | 2021/02/25 16:31:51 ... les/storage/local.go:43:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/attachments gitea.nuc.com | 2021/02/25 16:31:51... s/storage/storage.go:145:initAvatars() [I] Initialising Avatar storage with type: gitea.nuc.com | 2021/02/25 16:31:51 ... les/storage/local.go:43:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/avatars gitea.nuc.com | 2021/02/25 16:31:51... s/storage/storage.go:163:initRepoAvatars() [I] Initialising Repository Avatar storage with type: gitea.nuc.com | 2021/02/25 16:31:51 ... les/storage/local.go:43:NewLocalStorage() [I] Creating new Local Storage at /data/gitea/repo-avatars gitea.nuc.com | 2021/02/25 16:31:51... s/storage/storage.go:157:initLFS() [I] Initialising LFS storage with type: gitea.nuc.com | 2021/02/25 16:31:51 ... les/storage/local.go:43:NewLocalStorage() [I] Creating new Local Storage at /data/git/lfs gitea.nuc.com | 2021/02/25 16:31:51 routers/init.go:176:GlobalInit() [I] SQLite3 Supported gitea.nuc.com | 2021/02/25 16:31:51 routers/init.go:56:checkRunMode() [I] Run Mode: Production gitea.nuc.com | 2021/02/25 16:31:51 cmd/web.go:163:runWeb() [I] Listen: http://0.0.0.0:80 gitea.nuc.com | 2021/02/25 16:31:51 CMD/web. Go: 166: runWeb () [I] LFS server enabled | gitea.nuc.com 2021/02/25 16:31:51... S/graceful/server. Go: 55: NewServer () [I] Starting new server: TCP: 0.0.0.0:80 on PID: 15 gitea.nuc.com | 2021/02/25 16:31:56 Started GET/for 127.0.0.1 gitea.nuc.com | 2021/02/25 16:31:56 Completed GET / 200 OK in 3.875698 ms gitea.nuc.com | 2021/02/25 16:32:01 Started GET/for 127.0.0.1 gitea.nuc.com | 2021/02/25 16:32:01 Completed GET / 200 OK in 1.131553msCopy the codeAfter Starting new server: TCP :0.0.0.0:80, open a browser and visit our binding domain name “gitea.nuc.com” to see that the service is ready to start.
However, the application still needs to wait for our further configuration before normal service can be provided. I will wait for Drone CI configuration to be completed before proceeding to the next step.
Drone’s Server configuration
Again, create the.env configuration file first. There is a part of the file that we need to configure Gitea to get, so you can also configure Gitea and then do the following:
DOCKER_IMAGE=drone/drone:1.10.1 # Drone server and Runner communication key DRONE_RPC_SECRET=YOUR_RANDOM_KEY # Drone DRONE_ADMIN_USERNAME=soulteary # Gitea GITEA_DOMAIN=gitea.nuc.com # Gitea OAuth ClientID/Secret Replace the Gitea with DRONE_GITEA_CLIENT_ID= A0DA8A47-E89E-48EA-8EA3-08F2554511B1 DRONE_GITEA_CLIENT_SECRET=nrdSbAX_4AXexpUG_ZDw9iF640M8uC79h1raJxnX74I=Copy the codeThe service Choreography configuration file is also relatively simple and does not need to be modified, just copy and paste it into your configuration:
Version: '3.6' Services: drone: image: ${DOCKER_IMAGE} container_name: ${SERVICE_DOMAIN} environment: - DRONE_GITEA_SERVER=http://${GITEA_DOMAIN} - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - DRONE_LOGS_TRACE=true - DRONE_AGENTS_ENABLED=true - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_SERVER_HOST=${SERVICE_DOMAIN} - DRONE_SERVER_PROTO=http - DRONE_CLEANUP_INTERVAL=60m - DRONE_CLEANUP_DISABLED=false - DRONE_CLEANUP_DEADLINE_RUNNING=1h - DRONE_CLEANUP_DEADLINE_PENDING=2h - DRONE_USER_CREATE=username:${DRONE_ADMIN_USERNAME},admin:true networks: - traefik restart: unless-stopped labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.routers.drone-web.middlewares=https-redirect@file" - "traefik.http.routers.drone-web.entrypoints=http" - "traefik.http.routers.drone-web.rule=Host(`${SERVICE_DOMAIN}`)" - "traefik.http.routers.drone-ssl.middlewares=content-compress@file" - "traefik.http.routers.drone-ssl.entrypoints=https" - "traefik.http.routers.drone-ssl.tls=true" - "traefik.http.routers.drone-ssl.rule=Host(`${SERVICE_DOMAIN}`)" - "traefik.http.services.drone-backend.loadbalancer.server.scheme=http" - "traefik.http.services.drone-backend.loadbalancer.server.port=80" volumes: Use # # standard Linux system - / etc/localtime: / etc/localtime: ro # - / etc/timezone: / etc/timezone: ro - / data: / data logging: The extra_hosts: - "${SERVICE_DOMAIN}:127.0.0.1" HealthCheck: test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:80/healthz || exit 1"] interval: 5s networks: traefik: external: trueCopy the codeSince we haven’t configured Gitea yet, there’s no rush to start the service.
Drone’s client (Runner) configuration
We’ll configure Drone Runner by creating.env files:
DOCKER_IMAGE=drone/drone-runner-docker:1.6.3 # drone server and runner communication key DRONE_RPC_SECRET=YOUR_RANDOM_KEY # Runner Maximum number of concurrent requests, DRONE_RUNNER_CAPACITY=2 # Drone service configuration domain name DRONE_SERVER_DOMAIN=drone.nuc.comCopy the codeThen we define the container choreography configuration file:
Version: '3.6' Services: Drone-runner: image: drone/drone-runner-docker:1.6.3 Container_name: ${SERVICE_DOMAIN} expose: - 3000 environment: - DRONE_RPC_PROTO=http - DRONE_RPC_HOST=${DRONE_SERVER_DOMAIN} - DRONE_RPC_SECRET=${DRONE_RPC_SECRET} - DRONE_RUNNER_CAPACITY=${DRONE_RUNNER_CAPACITY} - DRONE_RUNNER_NAME=${SERVICE_DOMAIN} - DRONE_RUNNER_NETWORKS=traefik networks: - traefik restart: always volumes: Use # # standard Linux system - / etc/localtime: / etc/localtime: ro # - / etc/timezone: / etc/timezone: ro - /var/run/docker.sock:/var/run/docker.sock - ./data:/data logging: driver: "json-file" options: max-size: ${SERVICE_DOMAIN}:127.0.0.1" healthCheck: test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:3000/healthz || exit 1"] interval: 5s networks: traefik: external: trueCopy the codeSave the above configuration as docker-comemage.yml. Just like Drone Server, we don’t start the service in a hurry because we rely on Gitea configuration.
Further configuration of code repository Gitea
Visit after installation Gitea, either click on the “login” or “registration”, and interface will be to “initial configuration” page: https://gitea.nuc.com/install.
It wasn’t until we were configured that the application could actually start serving.
Example Initialize the application configuration
So let’s talk a little bit about how to configure and some of the details of the configuration process.
The database can be switched to PostgreSQL, which is more reliable, depending on your situation, and SQLite is not a problem if you are using it for an individual or a small team.
By default, General Settings is automatically filled based on the preceding information. If you still want to change the Settings, you are advised to change only site name and do not change other Settings.
Optional Settings contains three configuration items:
- “Email Settings” in “Optional Settings” can be configured according to your actual situation. If it is for personal use, or you don’t want to configure it now, you can skip it. We will configure more useful push notifications later, and do not rely on this configuration.
- In the “Server and tripartite Settings” section of “Optional Settings”, I personally suggest checking “Enable local mode” and the rest according to your preferences. If it is for personal use, you can remove all kinds of registration methods.
- Administrator Account Settings in Optional Settings is mandatory. For details, see the following mode. You are advised to use lowercase English to avoid unexpected functions after application upgrades.
After everything is ready, click the install button to complete the installation, and the page will automatically jump to the new page.
Configure Drone cross-application automatic authorization (OAuth authorization)
Do you still remember Drone Server and Drone Runner that we haven’t launched yet? In the previous article, we set a set of OAuth ClientID/Secret variables in Drone Server. When the OAuth variable is correctly set, Drone can automatically create and manage warehouses and users according to Gitea. We don’t need to configure it manually.
To some extent, Drone can be regarded as a set of stateless services, which facilitates the possibility of subsequent expansion or similar service switching.
Here’s how to configure cross-application authorization.
Click on your profile picture in the upper right corner, select Settings from the drop-down menu, and select Apply from the new page.
Enter DroneCI in the name field, redirect URI to the previously configured domain name, and enter the /login path:
http://drone.nuc.com/login
Copy the codeClick Submit, you can see that the OAuth ClientID/Secret information we need has been generated.
After updating the content to our Drone Server configuration above, we started to configure Drone.
Complete the final configuration of Drone
Update the information in the.env configuration of Drone Server, and fill the above OAuth information into the configuration:
DRONE_GITEA_CLIENT_ID=ed292553-9dca-4f76-856f-4172c8ee4186
DRONE_GITEA_CLIENT_SECRET=3FxbTuNomJ4fUiUnZuA2NXcX083v1oK76ntsOxIuy6U=
Copy the codeThen use docker-compose up -d to start the service, enter Drone Runner directory incidentally, and start the Runner using docker-compose up -D, wait about five seconds, and the browser will access the CI service domain name configured by us: Drone.nuc.com, you will see that the browser automatically redirects to the OAuth configuration authorization page:
After clicking the authorization button, we will automatically log in Drone as the current user.
This completes the basic installation and configuration.
The last
Although the installation and configuration is over, it is still early for us to use Drone for CI to improve the development efficiency, and various practices about the CI process have not been involved.
For example, “further security authentication strategy for warehouse and CI systems”, “fine-grained configuration task process reminders”, “complete node expansion as required”, “warehouse build content persistence”, “more secure data interaction between CI and warehouse”, And “how to use our local machines to serve the Internet with automated processes such as GitHub”.
In the next article, we will talk about some actual combat of Drone, and gradually involve the above content, as well as some configuration in this content in detail.
–EOF
This article is published under a SIGNATURE 4.0 International (CC BY 4.0) license. Signature 4.0 International (CC BY 4.0)
Author: Su Yang
Creation time: feb 25, 2021 statistical word count: 12872 words reading time: 26 minutes to read this article links: soulteary.com/2021/02/25/…