gitea与drone CICD
使用helm完成gitea的搭建
添加gitea helm repo地址
helm repo add gitea-charts https://dl.gitea.io/charts/
拉取最新的chart包
helm pull gitea-charts/gitea
修改 部署value.yaml文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
service:
http:
type: NodePort
port: 3000
annotations:
ssh:
type: NodePort
port: 22
loadBalancerSourceRanges: []
annotations:
|
安装
helm install –name gitea .
修改gitea的配置
在部署的namespace下找到名为gitea的secret,base64解码app.ini的配置进行修改
DOMAIN和ROOT_URL、SSH_DOMAIN地址修改为对应的节点IP+nodeport端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| [cache]
ADAPTER = memcache
ENABLED = true
HOST = gitea-memcached.default.svc.cluster.local:11211
[database]
DB_TYPE = postgres
HOST = gitea-postgresql.default.svc.cluster.local:5432
NAME = gitea
PASSWD = gitea
USER = gitea
[metrics]
ENABLED = false
[security]
INSTALL_LOCK = true
[server]
APP_DATA_PATH = /data
DOMAIN = 172.17.0.1:30086
ENABLE_PPROF = false
HTTP_PORT = 3000
PROTOCOL = http
ROOT_URL = http://172.17.0.1:30086
SSH_DOMAIN = 172.17.0.1:30672
SSH_LISTEN_PORT = 22
SSH_PORT = 22
DEFAULT_UI_LOCATION = Asia/Shanghai
|
修改gitea的服务器时区
gitea chart包默认安装的postgresql和memcached都可以通过添加环境变量 TZ=Asia/Shanghai 完成时区的修改
而gitea的docker 镜像是通过 alpine为基础镜像构建的并且没有引入tzdata包, 所以使用TZ环境变量无法修改时区
采取重新构建gitea镜像来添加本地时区
目前使用的1.13.7版本
git clone https://github.com/go-gitea/gitea
git checkout v1.13.7
修改根目录下的Dockerfile文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
FROM golang:1.16-alpine3.13 AS build-env
ARG GOPROXY
ENV GOPROXY ${GOPROXY:-direct}
ARG GITEA_VERSION
ARG TAGS="sqlite sqlite_unlock_notify"
ENV TAGS "bindata timetzdata $TAGS"
ARG CGO_EXTRA_CFLAGS
RUN apk --no-cache add build-base git nodejs npm
COPY . ${GOPATH}/src/code.gitea.io/gitea
WORKDIR ${GOPATH}/src/code.gitea.io/gitea
RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
&& make clean-all build
RUN go build contrib/environment-to-ini/environment-to-ini.go
FROM alpine:3.13
LABEL maintainer="maintainers@gitea.io"
EXPOSE 22 3000
RUN apk --no-cache add \
bash \
ca-certificates \
curl \
gettext \
git \
linux-pam \
openssh \
s6 \
sqlite \
su-exec \
gnupg
RUN apk add --no-cache tzdata \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& echo "Asia/Shanghai" > /etc/timezone
RUN addgroup \
-S -g 1000 \
git && \
adduser \
-S -H -D \
-h /data/git \
-s /bin/bash \
-u 1000 \
-G git \
git && \
echo "git:*" | chpasswd -e
ENV USER git
ENV GITEA_CUSTOM /data/gitea
VOLUME ["/data"]
ENTRYPOINT ["/usr/bin/entrypoint"]
CMD ["/bin/s6-svscan", "/etc/s6"]
COPY docker/root /
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
|
使用make命令重新构建镜像
TAGS=”bindata sqlite sqlite_unlock_notify” make docker
然后替换集群中的gitea镜像为新构建的镜像即可
gitea上创建drone应用OAuth2凭证
gitea部署好之后,进入对应的页面创建drone应用凭证
目前不知道具体的drone地址可以先随便填写一个 后续修改
应用名称 drone 重定向 URI http://droneIP:31157/login
记录gitea给drone的客户端ID与客户端密钥
客户端ID = 5303253f-a9a2-4903-1234-1e5640343e97
客户端密钥 = aCwNwvlHZp7yCANuc1qE33313gkPRS9NgyFLa22NJa6w=
集群中完成drone的搭建
drone可以使用docker进行部署,为了方便管理我部署到了集群之中
首先生成一个与runner通信的密钥
1
2
| $ openssl rand -hex 16
a269c546727736d7d2b71444dd965e4b
|
部署yaml如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
k8s-app: drone
qcloud-app: drone
name: drone
namespace: default
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: drone
qcloud-app: drone
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
k8s-app: drone
qcloud-app: drone
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- 172.18.0.2
containers:
- env:
- name: DRONE_SERVER_HOST
value: droneIP:31157
- name: DRONE_DATADOG_ENABLED
value: "true"
- name: DRONE_GITEA_SERVER
value: http://giteaIP:30086
- name: DRONE_GITEA_CLIENT_ID
value: 5303253f-a9a2-4903-1234-1e5640343e97
- name: DRONE_GITEA_CLIENT_SECRET
value: aCwNwvlHZp7yCANuc1qE33313gkPRS9NgyFLa22NJa6w=
- name: DRONE_RPC_SECRET
value: a269c546727736d7d2b71444dd965e4b
- name: DRONE_SERVER_PROTO
value: http
image: drone:1
imagePullPolicy: IfNotPresent
name: drone
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: data
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: qcloudregistrykey
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /var/data/drone
type: DirectoryOrCreate
name: data
apiVersion: v1
kind: Service
metadata:
name: drone
namespace: default
spec:
ports:
- name: tcp-80-80
nodePort: 31157
port: 80
protocol: TCP
targetPort: 80
- name: tcp-443-443
nodePort: 32400
port: 443
protocol: TCP
targetPort: 443
selector:
k8s-app: drone
qcloud-app: drone
type: NodePort
|
应用正常运行后访问drone的地址,gitea会提示是否授权验证drone
看到这个页面则gitea和drone配置成功
工作节点Runner的搭建
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar zx
sudo install -t /usr/local/bin drone-runner-exec
vi /etc/drone-runner-exec/config
DRONE_RPC_PROTO=http
DRONE_RPC_HOST=droneServer内网IP:31157
DRONE_RPC_SECRET=a269c546727736d7d2b71444dd965e4b
DRONE_LOG_FILE=/var/log/drone-runner-exec/log.txt
mkdir /var/log/drone-runner-exec
drone-runner-exec service install
drone-runner-exec service start
systemctl status drone-runner-exec
|
配置git 免密码拉取
配置drone服务端环境变量
1
2
| - name: DRONE_GIT_ALWAYS_AUTH
value: "true"
|
或者使用git的记忆密码机制保存用户名密码
进入 drone 所在服务器,使用 drone 进程用户登录,进入家目录(cd ~)
执行 git clone [你的git代码路径] ,发现需要输入密码,ctrl + c 中断
执行 touch .git-credentials 创建 .git-credentials 文件
执行 vim .git-credentials 编辑该文件
按 i 键进入编辑模式,输入:http(s)://{你的用户名}:{你的密码}@你的git服务器地址 【注意选择 https/http,去掉花括号】
按 ESC 输入 :wq 保存并退出
执行 git config –global credential.helper store
例子(SVN项目同步到gitea并触发drone构建镜像)
初始化gitea仓库
提前在gitea中创建好CICD组织和test-project项目
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| # 使用git-svn工具
#
#
git svn clone https://SVN地址/test-project -r HEAD
cd test-project
# 将svn提交序号保存为version文件
git svn info | grep Revision | awk '{print $2}' > version
git add .
# 提交改动和项目
cat version | awk '{print "git commit -m " $1}' | sh
git remote add origin http://giteaIP:30086/CICD/test-project
git push -u origin master
|
当项目文件中包含.drone.yml文件并且gitea与drone已经完成互相验证时,会自动触发构建流程
后续更新同步
1
2
3
4
5
6
7
8
9
10
| # svn 更新同步到git
git svn rebase
git svn info | grep Revision | awk '{print $2}' > version
git add .
cat version | awk '{print "git commit -m " $1}' | sh
git push -f -u origin master
# git的更新同步到 svn
git pull
git svn dcommit
|
项目中的 .drone.yml文件
项目中新增的drone文件
1
2
3
4
5
6
7
8
9
10
11
12
13
| kind: pipeline
type: exec
name: default
platform:
os: linux
arch: amd64
steps:
- name: push
commands:
- chmod +x run.sh
- version=$(cat version) && ./run.sh $version
|
集成的构建推送脚本
1
2
3
4
5
6
7
8
9
10
11
12
| #!/bin/bash
version=$1
sudo docker login -u admin -p Harbor密码 Harbor地址(例如:127.12.0.1)
sudo docker build --no-cache -t 127.12.0.1/library/test-project:${version} .
sudo docker push 127.12.0.1/library/test-project:${version}
kubectl set image deployment/test-project container-emc6fh=127.12.0.1/library/test-project:${version} -n test-project --kubeconfig=/home/config/test-cluster-kubeconfig.yaml
|
参考
https://docs.gitea.io/en-us/install-on-kubernetes/
https://docs.gitea.io/en-us/install-from-source/
https://docs.drone.io/server/provider/gitea/
