Merge pull request 'feat(Drone): Add more configuration and split it' (#22) from drone into main

## Détails

- intégration d'option pour l'utilisation de Drone
- séparation des docker-compose en plusieurs fichiers

## Pourquoi

- Pour permettre une configuration plus avancé de Drone
- Pour nous permettre d'intégrer facilement Drone avec les options que l'on veut

Reviewed-on: https://git.weko.io/resilien/services/pulls/22
Reviewed-by: killian <developer@killiankemps.fr>
This commit is contained in:
Simon 2022-01-26 10:54:06 +01:00
commit cb5d8cf5ff
24 changed files with 389 additions and 111 deletions

View File

@ -12,7 +12,7 @@ Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien
### Pour les devs / ops
- [Drone](./drone) ⏸️ `en pause` : Un service d'intégration continue
- [Drone](./drone) : Un service d'intégration continue
- [Gitea](./gitea) : Un service Git auto-hébergé très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab.
- [Grafana](./grafana) : Un outil de supervision simple et élégant
- [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet.

View File

@ -1,37 +0,0 @@
## DOCKER
COMPOSE_FILE=./docker-compose.yml:./docker-compose.gitea.yml:./docker-compose.traefik.yml
TRAEFIK_NETWORK_NAME=kifeart
## DRONE SERVER
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:1.7.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
# https://docs.drone.io/server/reference/
DRONE_GIT_ALWAYS_AUTH=true
DRONE_RPC_SECRET=9VjG2Dj34Kdo2JYvn5iVxd7JjT5
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
# https://docs.drone.io/server/provider/gitea/
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=y9ruXnEqluXjKUcfs5yIFlH83yb1OpP32NCf0h5YJwg=
## DRONE RUNNER
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.3.0
DRONE_RUNNER_CONTAINER_NAME=drone-runner
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_NAME=ci-runner.cool.life
DRONE_RUNNER_UI_USERNAME=kosssi
DRONE_RUNNER_UI_PASSWORD=$not$a$password

View File

@ -4,6 +4,22 @@
>
> <cite>[Codeflow][article]</cite>
## Documentation
Drone est un logiciel d'intégration continue léger. Il est utilisé comme plate-forme de test et/ou de livraison automatisée.
Le service est basé sur 2 briques :
- le coté serveur qui prend en compte les demande de l'extérieur avec une interface (_[server](./server)_)
- le coté exécution des tâches (_[runner](./runner)_).
### Génération de clé
Dans la documentation officielle, il est conseillé de générer les clés avec la commande :
```
openssl rand -hex 16
```
## Liens
- [Site internet][site]

View File

@ -1,10 +0,0 @@
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER}
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID}
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET}

View File

@ -1,22 +0,0 @@
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-server.rule: 'Host(`${DRONE_SERVER_HOST}`)'
traefik.http.routers.drone-server.entrypoints: 'web'
drone-runner:
labels:
traefik.enable: 'true'
traefik.docker.network: ${TRAEFIK_NETWORK_NAME}
traefik.http.routers.drone-runner.rule: 'Host(`${DRONE_RUNNER_HOST}`)'
traefik.http.routers.drone-runner.entrypoints: 'web'

View File

@ -1,41 +0,0 @@
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME}
image: ${DRONE_SERVER_IMAGE}
restart: always
environment:
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO}
DRONE_LOGS_DEBUG: 'true'
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE}
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
DRONE_RPC_PROTO: http
DRONE_RPC_HOST: ${DRONE_SERVER_CONTAINER_NAME}
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY}
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}
DRONE_UI_USERNAME: ${DRONE_RUNNER_UI_USERNAME}
DRONE_UI_PASSWORD: ${DRONE_RUNNER_UI_PASSWORD}
DRONE_DEBUG: 'true'

36
drone/runner/.env Normal file
View File

@ -0,0 +1,36 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/runner/docker-compose.yml:${SERVICES_DIR}/drone/runner/docker-compose.traefik.yml:${SERVICES_DIR}/drone/runner/docker-compose.dashboard.yml
#COMPOSE_PROJECT_NAME=
## DRONE RUNNER
#https://docs.drone.io/runner/docker/configuration/reference/
### Docker
# https://hub.docker.com/r/drone/drone-runner-docker/tags
DRONE_RUNNER_IMAGE=drone/drone-runner-docker:1.8.0
DRONE_RUNNER_CONTAINER_NAME=drone-server
### Drone
# https://docs.drone.io/runner/docker/installation/linux/
DRONE_RPC_HOST=drone.cool.life
DRONE_RPC_PROTO=https
DRONE_RPC_SECRET=change-me
DRONE_RUNNER_HOST=ci-runner.cool.life
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_NAME=drone-runner
DRONE_UI_USERNAME=resilien
DRONE_UI_PASSWORD=change-me
DRONE_UI_DISABLE=false
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

11
drone/runner/README.md Normal file
View File

@ -0,0 +1,11 @@
# Drone CI Runner
Il existe plusieurs _runner_ nous parlerons ici que du _runner_ Docker.
## Installation
L'installation de la partie _runner_ a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
Il est possible de mettre en place une interface utilisateur pour visualiser les logs, les tâches exécutées. C'est pratique pour débugger.
Le coté multiplatforme permet d'avoir plusieurs _runner_ sur des architectures différentes selon là où on les déploie.

View File

@ -0,0 +1,15 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/dashboard/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-username/
DRONE_UI_USERNAME: ${DRONE_UI_USERNAME:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-password/
DRONE_UI_PASSWORD: ${DRONE_UI_PASSWORD:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-ui-disable/
DRONE_UI_DISABLE: ${DRONE_UI_DISABLE:-false}

View File

@ -0,0 +1,8 @@
---
version: "3.8"
services:
drone-runner:
ports:
- "3000:3000"

View File

@ -0,0 +1,15 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/configuration/logging/
services:
drone-runner:
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-debug/
DRONE_DEBUG: ${DRONE_DEBUG:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http/
DRONE_RPC_DUMP_HTTP: ${DRONE_RPC_DUMP_HTTP:-false}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-dump-http-body/
DRONE_RPC_DUMP_HTTP_BODY: ${DRONE_RPC_DUMP_HTTP_BODY-:false}

View File

@ -0,0 +1,15 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-runner:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.rule=Host(`${DRONE_RUNNER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-runner}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -0,0 +1,26 @@
---
version: "3.8"
# https://docs.drone.io/runner/docker/installation/linux/
services:
drone-runner:
container_name: ${DRONE_RUNNER_CONTAINER_NAME}
image: ${DRONE_RUNNER_IMAGE:-drone/drone-runner-docker:1.8.0}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-host/
DRONE_RPC_HOST: ${DRONE_RPC_HOST:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-proto/
DRONE_RPC_PROTO: ${DRONE_RPC_PROTO:-https}
# https://docs.drone.io/runner/docker/configuration/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET:?err}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-capacity/
DRONE_RUNNER_CAPACITY: ${DRONE_RUNNER_CAPACITY:-2}
# https://docs.drone.io/runner/docker/configuration/reference/drone-runner-name/
DRONE_RUNNER_NAME: ${DRONE_RUNNER_NAME}

65
drone/server/.env Normal file
View File

@ -0,0 +1,65 @@
########
# DOCKER
#DOCKER_CONTEXT=
#DOCKER_HOST=
SERVICES_DIR=../..
COMPOSE_FILE=${SERVICES_DIR}/drone/server/docker-compose.yml:${SERVICES_DIR}/drone/server/docker-compose.user.yml:${SERVICES_DIR}/drone/server/docker-compose.traefik.yml:${SERVICES_DIR}/drone/server/docker-compose.postgres.yml:${SERVICES_DIR}/drone/server/docker-compose.header.yml:${SERVICES_DIR}/drone/server/docker-compose.gitea.yml:${SERVICES_DIR}/drone/server/docker-compose.cookie.yml:${SERVICES_DIR}/postgres/docker-compose.yml
#COMPOSE_PROJECT_NAME=
## DRONE SERVER
# https://docs.drone.io/server/reference/
### Docker
# https://hub.docker.com/r/drone/drone/tags
DRONE_SERVER_IMAGE=drone/drone:2.8.0
DRONE_SERVER_VOLUME_NAME=drone-server
DRONE_SERVER_CONTAINER_NAME=drone-server
### Drone
DRONE_RPC_SECRET=change-me
DRONE_SERVER_HOST=ci.cool.life
DRONE_SERVER_PROTO=https
### User
DRONE_ADMIN_USER=resilien
DRONE_ADMIN_TOKEN=change-me
DRONE_USER_FILTER=resilien
DRONE_REGISTRATION_CLOSED=true
### Gitea
# https://docs.drone.io/server/provider/gitea/
#DRONE_GIT_ALWAYS_AUTH=
DRONE_GITEA_SERVER=gitea.cool.life
DRONE_GITEA_CLIENT_ID=UI76T78G-HDZ8-7CSD-6SDZ-YUIDG8Z7DSQ8
DRONE_GITEA_CLIENT_SECRET=change-me
## Header
# https://docs.drone.io/server/headers/
#DRONE_HTTP_SSL_REDIRECT=
#DRONE_HTTP_SSL_TEMPORARY_REDIRECT=
#DRONE_HTTP_SSL_HOST=
#DRONE_HTTP_STS_SECONDS=
### Cookie
# https://docs.drone.io/server/cookie/
DRONE_COOKIE_SECRET=change-me
#DRONE_COOKIE_TIMEOUT=720h
### POSTGRES
# https://docs.drone.io/server/storage/encryption/
DRONE_DATABASE_SECRET=change-me
POSTGRES_USER=user
POSTGRES_PASSWORD=password
POSTGRES_VOLUME_NAME=postgres
POSTGRES_CONTAINER_NAME=postgres
POSTGRES_DB=drone
#########
# TRAEFIK
#TRAEFIK_NETWORK_NAME=
#TRAEFIK_ROUTER_NAME= # Don't use char '.'
#TRAEFIK_ENTRYPOINTS=

41
drone/server/README.md Normal file
View File

@ -0,0 +1,41 @@
# Drone CI Server
## Installation
L'installation de la partie serveur a été coupée en plusieurs fichiers dont les noms sont assez explicites. De nombreux liens vers la documentation officielle ont été mis dans les fichiers _Docker Compose_.
## Configuration
Une fois un Drone installé il faut le configurer avec l'utilisation du CLI.
### Installation du CLI
Voir la [documentation officielle](https://docs.drone.io/cli/install/#install-on-linux).
### Configuration du CLI en local
Il faut :
- l'url de l'instance (`DRONE_SERVER_HOST`)
- le protocol de l'instance (`DRONE_SERVER_PROTO`)
- le token de l'administrateur (`DRONE_ADMIN_TOKEN`)
```
export DRONE_SERVER=${DRONE_SERVER_PROTO}://${DRONE_SERVER_HOST}
export DRONE_TOKEN=${DRONE_ADMIN_TOKEN}
```
[Documentation officielle](https://docs.drone.io/cli/configure/)
### Les utilisateurs
Il faut ajouter les utilisateurs non admin :
```
drone user add kosssi
drone user add killian
drone user add prometheus --machine --token=${PROMETHEUS_TOKEN}
```
En n'oubliant pas au moment de l'installation d'identifier précisément les utilisateurs ayant le droit d'exécuter Drone avec la variable `DRONE_USER_FILTER=kosssi,killian,prometheus,${DRONE_ADMIN_USER}`
[Documentation officielle](https://docs.drone.io/cli/user/drone-user-add/)

View File

@ -0,0 +1,13 @@
---
version: "3.8"
# https://docs.drone.io/server/cookie/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-cookie-secret/
DRONE_COOKIE_SECRET: ${DRONE_COOKIE_SECRET:?err}
# https://docs.drone.io/server/reference/drone-cookie-timeout/
DRONE_COOKIE_TIMEOUT: ${DRONE_COOKIE_TIMEOUT:-720h} # Default value 30 days

View File

@ -0,0 +1,17 @@
---
version: "3.8"
# https://docs.drone.io/server/provider/gitea/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-git-always-auth/
DRONE_GIT_ALWAYS_AUTH: ${DRONE_GIT_ALWAYS_AUTH:-true}
# https://docs.drone.io/server/reference/drone-gitea-server/
DRONE_GITEA_SERVER: ${DRONE_GITEA_SERVER:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-id/
DRONE_GITEA_CLIENT_ID: ${DRONE_GITEA_CLIENT_ID:?err}
# https://docs.drone.io/server/reference/drone-gitea-client-secret/
DRONE_GITEA_CLIENT_SECRET: ${DRONE_GITEA_CLIENT_SECRET:?err}

View File

@ -0,0 +1,13 @@
---
version: "3.8"
# https://docs.drone.io/server/headers/
services:
drone-server:
environment:
DRONE_HTTP_SSL_REDIRECT: ${DRONE_HTTP_SSL_REDIRECT:-true}
DRONE_HTTP_SSL_TEMPORARY_REDIRECT: ${DRONE_HTTP_SSL_TEMPORARY_REDIRECT:-true}
DRONE_HTTP_SSL_HOST: ${DRONE_SERVER_HOST}
DRONE_HTTP_STS_SECONDS: ${DRONE_HTTP_STS_SECONDS:-315360000}

View File

@ -0,0 +1,8 @@
---
version: "3.8"
services:
drone-server:
ports:
- "3000:3000"

View File

@ -0,0 +1,19 @@
---
version: "3.8"
# https://docs.drone.io/server/logging/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-logs-debug/
DRONE_LOGS_DEBUG: ${DRONE_LOGS_DEBUG:-true}
# https://docs.drone.io/server/reference/drone-logs-text/
DRONE_LOGS_TEXT: ${DRONE_LOGS_TEXT:-true}
# https://docs.drone.io/server/reference/drone-logs-pretty/
DRONE_LOGS_PRETTY: ${DRONE_LOGS_PRETTY:-true}
# https://docs.drone.io/server/reference/drone-logs-color/
DRONE_LOGS_COLOR: ${DRONE_LOGS_COLOR:-true}
# https://docs.drone.io/server/reference/drone-logs-trace/
DRONE_LOGS_TRACE: ${DRONE_LOGS_TRACE:-false}

View File

@ -0,0 +1,16 @@
---
version: "3.8"
# https://docs.drone.io/server/storage/database/
# https://docs.drone.io/server/storage/encryption/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-database-secret/
DRONE_DATABASE_SECRET: ${DRONE_DATABASE_SECRET}
# https://docs.drone.io/server/reference/drone-database-driver/
DRONE_DATABASE_DRIVER: postgres
# https://docs.drone.io/server/reference/drone-database-datasource/
DRONE_DATABASE_DATASOURCE: postgres://${POSTGRES_USER:?err}:${POSTGRES_PASSWORD:?err}@${POSTGRES_CONTAINER_NAME:-postgres}:5432/${POSTGRES_DB:?err}?sslmode=disable

View File

@ -0,0 +1,15 @@
---
version: "3.8"
networks:
default:
name: ${TRAEFIK_NETWORK_NAME}
services:
drone-server:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.rule=Host(`${DRONE_SERVER_HOST:?err}`)
- traefik.http.routers.${TRAEFIK_ROUTER_NAME:-drone-server}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

View File

@ -0,0 +1,15 @@
---
version: "3.8"
# https://docs.drone.io/server/user/registration/
services:
drone-server:
environment:
# https://docs.drone.io/server/reference/drone-user-create/
DRONE_USER_CREATE: username:${DRONE_ADMIN_USER:?err},machine:false,admin:true,token:${DRONE_ADMIN_TOKEN:?err}
# https://docs.drone.io/server/reference/drone-user-filter/
DRONE_USER_FILTER: ${DRONE_USER_FILTER:?err}
# https://docs.drone.io/server/reference/drone-registration-closed/
DRONE_REGISTRATION_CLOSED: ${DRONE_REGISTRATION_CLOSED:-true}

View File

@ -0,0 +1,24 @@
---
version: "3.8"
volumes:
drone-server:
name: ${DRONE_SERVER_VOLUME_NAME:-drone-server}
services:
drone-server:
container_name: ${DRONE_SERVER_CONTAINER_NAME:-drone-server}
image: ${DRONE_SERVER_IMAGE:-drone/drone:2.8.0}
restart: always
environment:
# https://docs.drone.io/server/reference/drone-rpc-secret/
DRONE_RPC_SECRET: ${DRONE_RPC_SECRET}
# https://docs.drone.io/server/reference/drone-server-host/
DRONE_SERVER_HOST: ${DRONE_SERVER_HOST}
# https://docs.drone.io/server/reference/drone-server-proto/
DRONE_SERVER_PROTO: ${DRONE_SERVER_PROTO:-https}
volumes:
- drone-server:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro