基于Drone+Gitea+Docker对go项目进行CI/CD
Drone是一个go开发的用来CI/CD的好工具,比jenkins和gitlab-ci更加简单好用,部署方便
1.准备环境
gitea和go proxy
docker仓库harbor
gitea
创建一个组织test,在该组织下创建仓库demo,仓库设置里把开发者账号加入到协作者
创建一个具有创建钩子权限的管理员账号,把它加入到demo仓库的协作者中,并对仓库有可读权限
harbor
创建一个公开项目test,并创建一个用户例如drone,把drone用户加入到test项目的开发人员中去
假设harbor所在地址192.168.41.34
192.168.41.34/test/demo镜像的三种tag格式:
canary 开发版,不管什么分支
v0.0.1 稳定版,和git tag保持一致
latest 稳定版,指向最新的具体tag如v0.0.1
2.部署Drone
注意:drone的新版部署方式发生了改变,请看官网(2019.11.8更新)
假设Drone所在机器是192.168.41.35
drone server
#!/bin/bash
gitea_server=http://192.168.40.131:3333
proto=http
http_port=5566
drone_server=192.168.41.35:${http_port}
secret=1edbfb9d6690bdad7743f7d67fbfe374 #可以用openssl rand -hex 16 生成,drone的agent和server之间通信用的
name=drone
docker run \
--name=${name} \
--volume=/var/lib/drone:/data \
--env=DRONE_GIT_ALWAYS_AUTH=false \
--env=DRONE_GITEA_SERVER=${gitea_server} \
--env=DRONE_RPC_SECRET=${secret} \
--env=DRONE_SERVER_HOST=${drone_server} \
--env=DRONE_SERVER_PROTO=${proto} \
--env=DRONE_TLS_AUTOCERT=false \
--env=DRONE_AGENTS_ENABLED=true \
--publish=${http_port}:80 \
--publish=4443:443 \
--restart=always \
--detach=true \
drone/drone:1.2.1
drone agent
#!/bin/bash
# 一个server可以对应多个agent,可以在多个机器部署agent来执行任务,尤其团队人多的时候
# 这里agent和server都在同一台机器
drone_server=http://192.168.41.35:5566
secret=1edbfb9d6690bdad7743f7d67fbfe374
name=agent
runner_name=s35 #可以用主机名之类的
docker run \
--name=${name} \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--env=DRONE_RPC_SERVER=${drone_server} \
--env=DRONE_RPC_SECRET=${secret} \
--env=DRONE_RUNNER_CAPACITY=2 \
--env=DRONE_RUNNER_NAME=${runner_name} \
--restart=always \
--detach=true \
drone/agent:1.2.1
3.项目代码
├── Dockerfile
├── go.mod
├── go.sum
└── main.go
main.go
package main
import (
"fmt"
"net/http"
"github.com/rs/xid"
)
var port = ":8080"
func main() {
//一个简单的web应用
http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
id := xid.New().String()
s := fmt.Sprintf("你好, id: %s", id)
fmt.Fprintf(w, "%v\n", s)
})
if err := http.ListenAndServe(port, nil); err != nil {
fmt.Println(err)
}
}
Dockerfile
FROM golang:1.12 as builder
WORKDIR /build
COPY . .
RUN CGO_ENABLED=0 GOPROXY=http://192.168.40.131:4000 go build -o demo
FROM alpine:3.10 as runner
LABEL description="the image is a demo"
WORKDIR /app
COPY --from=builder /build/demo /app/
EXPOSE 8080
ENTRYPOINT ["./demo"]
其实golang和node这样的常用镜像可以放到自己的私有仓库上,比如
FROM 192.168.41.34/pub/golang:1.12
.drone.yml
kind: pipeline
name: default
clone:
depth: 10
steps:
# 开发版
- name: docker-${DRONE_BRANCH}
image: plugins/docker:18.09
settings:
username: drone
password:
from_secret: DOCKER_PASSWORD
registry: 192.168.41.34
repo: 192.168.41.34/test/demo
insecure: true
debug: true
dockerfile: Dockerfile
tags:
- canary
when:
branch:
- master
- dev
event:
- push
# 稳定版
- name: docker-release
image: plugins/docker:18.09
settings:
username: drone
password:
from_secret: DOCKER_PASSWORD
registry: 192.168.41.34
repo: 192.168.41.34/test/demo
insecure: true
dockerfile: Dockerfile
tags:
- ${DRONE_TAG}
- latest
when:
event:
- tag
# 开发版部署在192.168.41.35
- name: deploy-${DRONE_BRANCH}
image: appleboy/drone-ssh
settings:
host:
- 192.168.41.35
username: root
password:
from_secret: HOST_PASSWORD
port: 22
command_timeout: 2m
script:
- echo "deploy ssh!"
- name=test-demo
- image=192.168.41.34/test/demo:canary
- echo ${DRONE_BRANCH}
- docker pull $image
- docker rm -f test-demo || true
- docker image prune -f
- docker run --name=$name -d -p 8001:8080 $image
when:
branch:
- master
- dev
event:
- push
# 稳定版部署在192.168.41.36
- name: deploy-release
image: appleboy/drone-ssh
settings:
host:
- 192.168.41.36
username: root
password:
from_secret: HOST_PASSWORD
port: 22
command_timeout: 2m
script:
- echo "deploy ssh!"
- name=demo-test
- image=192.168.41.34/test/demo:latest
- docker pull $image
- docker rm -f test-demo || true
- docker image prune -f
- docker run --name=$name -d -p 8001:8080 $image
when:
event:
- tag
go.mod
module git.bmk.top/test/demo
go 1.12
require github.com/rs/xid v1.2.1
git.bmk.top是我的gitea的域名
4.操作Drone
访问192.168.41.35:5566
用你的gitea的管理员账号和密码登录,激活项目
激活后可以用你的gitea开发者账号登录查看了
(注意:账号要对仓库的权限)
01
02
03
DOCKER_PASSWORD是docker仓库的drone用户密码, 见.drone.yml
HOST_PASSWORD是两台部署机器的root用户的密码,见.drone.yml
这种方式避免了密码暴露在代码中
04. 提交代码触发
05
06
5.测试
curl http://192.168.41.35:8001