Pred nekaj leti sem pri\u010del uporabljati Gitlab za build Docker imageov. Gitlab sem postavil v Docker kontejner in sem ga vsa ta leta pridno nadgrajeval. Buildane image pusham v Gitlab register in potem naprej v DockerHub, kjer jih ponudim javnosti. Te\u017eava Gitlaba je to, da je ogromen, narejen za skupine in tega ne potrebujem. Zato sem se \u017ee pred \u010dasom pri\u010del spogledovat z Gitea, ki je za moje potrebe povsem dovolj. Kon\u010dno mi je uspelo postaviti kontejner za Traefikom, ki slu\u017ei svojim namenom. Za nadaljevanje sem za CI izbral Drone.io, kjer sem uspe\u0161no kontejner povezal z Giteo.<\/p>\n
Torej na kratko: postavil sem Gitea, Drone Server in Drone Agenta na Docker hostu za Traefikom, ki zaklju\u010duje SSL. Uporabil sem slede\u010de:<\/p>\n
Gitea – (doma\u010d GIT stre\u017enik)
\nDrone Server – (stre\u017enik za web, repozitorije, secrtes, uporabnike, …)
\nDrone Agent – (worker za builde, jobe, …)<\/p>\n
Te\u017eave<\/strong>: Drone.io in self-signed SSL certifikati za Traefik kontejnerjem (\u010depraj je SSL od LE, pridobljen ro\u010dno)<\/p>\n Odprava te\u017eav<\/strong>: dokler ne ugotovim, kako uredit self-signed sem promet med Drone.io in Gitea usmeril preko HTTP (ni varno ampak glede na to, da ni public in je v notranjem omre\u017eju ni nevarnosti – za public teh te\u017eav ne bi imel, saj bi uporabil Let’s Encrypt, za katerega je le to urejeno).<\/p>\n To bo \u0161e kar nekaj dela …<\/p>\n Yaml datoteka – tu je Gitea povezan \u0161e na Traefik, ampak lahko tudi brez tega:<\/p>\n services: labels: gitea-db: drone-server: drone-agent: Spremenljivke DRONE_GITEA_CLIENT_ID, DRONE_GITEA_CLIENT_SECRET dobimo v Gitea -> Settings -> Application in dodamo novo OAuth2 aplikacijo, za spremenljivko DRONE_RPC_SECRET si pa izmislimo sami.<\/p>\n","protected":false},"excerpt":{"rendered":" Pred nekaj leti sem pri\u010del uporabljati Gitlab za build Docker imageov. Gitlab sem postavil v Docker kontejner in sem ga vsa ta leta pridno nadgrajeval. Buildane image pusham […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[111,110,10],"tags":[],"class_list":["post-335","post","type-post","status-publish","format-standard","hentry","category-cd-ci","category-git","category-linux"],"_links":{"self":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts\/335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/comments?post=335"}],"version-history":[{"count":1,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts\/335\/revisions"}],"predecessor-version":[{"id":336,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts\/335\/revisions\/336"}],"wp:attachment":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/media?parent=335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/categories?post=335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/tags?post=335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\ngitea:
\nimage: gitea\/gitea:latest
\ncontainer_name: gitea
\nenvironment:
\n– USER_UID=UID_USERJA
\n– USER_GID=GID_USERJA
\n– SSH_DOMAIN=FQDN_stre\u017enika
\n– SSH_PORT=222
\n– SSH_LISTEN_PORT=22
\n– DOMAIN=FQDN_stre\u017enika
\n– ROOT_URL=https:\/\/FQDN_stre\u017enika
\n– APP_NAME=”GITea”
\n– RUN_MODE=prod
\n– DB_TYPE=postgres
\n– DB_HOST=gitea-db:5432
\n– DB_NAME=gitea
\n– DB_USER=postgres
\n– DB_PASSWD=postgres
\nrestart: always
\nnetworks:
\n– gitea
\n– proxy
\nvolumes:
\n– \/nfs\/docker\/gitea:\/data
\n– \/home\/git\/.ssh\/:\/data\/git\/.ssh
\n– \/etc\/timezone:\/etc\/timezone:ro
\n– \/etc\/localtime:\/etc\/localtime:ro
\nports:
\n– “3000:3000”
\n– “222:22”<\/p>\n
\n– “traefik.enable=true”
\n– ..
\n– ..<\/p>\n
\nimage: postgres:alpine
\ncontainer_name: gitea-db
\nrestart: always
\nvolumes:
\n– \/nfs\/docker\/gitea-db:\/var\/lib\/postgresql\/data
\nenvironment:
\n– POSTGRES_USER=postgres
\n– POSTGRES_PASSWORD=postgres
\n– POSTGRES_DB=gitea
\nnetworks:
\n– gitea<\/p>\n
\nimage: drone\/drone:latest
\ncontainer_name: drone-server
\nports:
\n– 81:81
\n– 9000
\nvolumes:
\n– \/nfs\/docker\/drone:\/var\/lib\/drone\/
\nrestart: always
\ndepends_on:
\n– gitea
\nenvironment:
\n– DRONE_OPEN=true
\n– DRONE_GITEA=true
\n– DRONE_NETWORK=gitea
\n– DRONE_DEBUG=true
\n– DRONE_ADMIN=admin
\n– DRONE_USER_CREATE=username:admin,admin:true
\n– DRONE_SERVER_PORT=:81
\n– DRONE_DATABASE_DRIVER=postgres
\n– DRONE_DATABASE_DATASOURCE=postgres:\/\/postgres:postgres@gitea-db:5432\/postgres?sslmode=disable
\n– DRONE_GIT_ALWAYS_AUTH=true
\n– DRONE_RPC_SECRET=kreirajga
\n– DRONE_GITEA_CLIENT_ID=kreirajga
\n– DRONE_GITEA_SERVER=http:\/\/FQDN_stre\u017enika:3000
\n– DRONE_GITEA_CLIENT_SECRET=kreirajga
\n– DRONE_SERVER_HOST=FQDN_stre\u017enika:81
\n– DRONE_HOST=http:\/\/FQDN_stre\u017enika:81
\n– DRONE_SERVER_PROTO=http
\n– DRONE_TLS_AUTOCERT=false #- \u010de uporablja\u0161 LE daj na true
\n– DRONE_AGENTS_ENABLED=true
\nnetworks:
\n– gitea<\/p>\n
\nimage: drone\/agent:latest
\ncontainer_name: drone-agent
\ncommand: agent
\nrestart: always
\ndepends_on:
\n– drone-server
\nvolumes:
\n– \/var\/run\/docker.sock:\/var\/run\/docker.sock
\n– \/root\/docker\/drone-agent:\/data
\nenvironment:
\n– DRONE_RPC_SERVER=http:\/\/FQDN_stre\u017enika:81
\n– DRONE_GITEA_CLIENT_SECRET=kreirajga
\n– DRONE_RPC_SECRET=kreirajga
\n– DRONE_RUNNER_CAPACITY=1
\n– DRONE_GITEA_CLIENT_ID=kreirajga
\n– DRONE_RUNNER_NETWORKS=gitea
\nnetworks:
\n– gitea<\/p>\n