使用docker最小化部署Git CI环境
写就时间戳 2021-05-27
本文使用环境:
Debian GNU/Linux 10 (buster) / 内核版本号 Debian 4.19.146
### Ubuntu18+应该也是完全通用,但并没有测试
docker 20.10.6
docker-compose 1.24.1
caddy v2.4.1
gitea 1.14.2
drone v1
各组件作用简介
| 模块 | 作用 |
|---|---|
| docker | 如果你需要看这个,我觉得你适合继续看此文 |
| docker-compose | docker的包装工具,自动启动多个 docker container |
| caddy | 为 gitea 对外提供一个webserver,自动申请https证书等 |
| gitea | git 服务器 |
| drone | CI 服务 包含 drone server, drone runner |
OS
初始化Debian
使用云服务商自动创建并选择os最简单,建议使用阿里云、腾讯云。
更改sshd默认端口号
如果不改这个端口号,就需要调整gitea端口,那样的话,默认的clone地址中就会有自定义端口号,对某些兼容性不够的工具造成困扰。
/etc/ssh/sshd_config
Port 2222
改好sshd配置,重启一下ssh
systemctl restart ssh
Install docker
如果你过去安装过 docker,先删掉:
apt-get remove docker docker-engine docker.io
apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
下面的镜像地址,选1个就好
# 使用阿里云镜像地址
add-apt-repository
"deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/debian
$(lsb_release -cs)
stable"
# 使用清华镜像地址
add-apt-repository
"deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian
$(lsb_release -cs)
stable"
apt-get update
apt-get install docker-ce
配置docker
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"], # 指定一个docker拉取加速地址
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"data-root":"/data/dockerd", # 更换使用自定义docker数据目录
"storage-driver": "overlay2"
}
EOF
systemctl stop ufw
update-rc.d ufw disable
systemctl reload docker
systemctl restart docker
安装 docker-compose
curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
启动gitea后,需要先创建 oauth 应用
drone server自身没有提供登录系统,而是通过 gitea 的 oauth 应用接入来完成鉴权。
启动 drone server 前必须指定。
配置 drone-server drone-runner
- 生成随机密钥 为 runner->server 执行需要
docker-compose
version: "2"
networks:
gitea:
external: false
services:
gitea:
# image: gitea/gitea:1.14.2
image: gitea/gitea:1.13.7
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- /data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "22:22"
drone-server:
image: drone/drone:1
ports:
- "8080:80"
volumes:
- /data/drone-server:/data
environment:
- DRONE_GIT_ALWAYS_AUTH=true
- DRONE_AGENTS_ENABLED=true
- DRONE_USER_CREATE=username:superadmin,admin:true
- DRONE_GITEA_SERVER=https://gitea.somewhere.com
- DRONE_GITEA_CLIENT_ID=abcdefgh-1234-5678-b910-725350408624
- DRONE_GITEA_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- DRONE_RPC_SECRET=da0121bb74c18666c32515e8b93cd5c5 # 和下面部分一致
- DRONE_SERVER_HOST=gitea-drone.somewhere.com
- DRONE_SERVER_PROTO=https
- DRONE_TLS_AUTOCERT=false
drone-runner:
image: drone/drone-runner-docker:1
#ports:
#- "8080:80"
volumes:
- /data/drone-runner:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=10.10.99.143:8080
- DRONE_RPC_SECRET=da0121bb74c18666c32515e8b93cd5c5 # 和上面配置一致
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NAME=runner-01
Caddyfile
gitea.somewhere.com {
reverse_proxy localhost:3000 {
# transparent
}
}
gitea-drone.somewhere.com {
reverse_proxy localhost:8080 {
# transparent
}
}
demo 项目
在项目中添加如下文件:
.drone.yml
kind: pipeline
type: docker
name: build
# volumes:
# - name: dockersock
# host:
# path: /var/run/docker.sock
trigger:
branch:
- master
- testing
steps:
- name: image
image: alpine:3.11
# volumes:
# - name: dockersock
# path: /var/run/docker.sock
environment:
docker_user:
from_secret: docker_user
docker_password:
from_secret: docker_password
docker_host:
from_secret: docker_host
commands:
# - echo $docker_user
# - echo "docker pswd=$docker_password"
# - docker build -t ${DRONE_REPO_NAME}:${CI_COMMIT_BRANCH} .
# - docker rm -f "${DRONE_REPO_NAME}" || true
# - docker run -itd --name ${DRONE_REPO_NAME} -v /data/${DRONE_REPO_NAME}/config.yaml:/config.yaml --restart always -p9090:80 ${DRONE_REPO_NAME}:${CI_COMMIT_BRANCH}
- echo "OK" && date && echo "done"