How to Setup a Secure Docker Drone Runner with Drone CI

BeeYoop BeeDeepBoom Weeop DEEpaEEya

In general, this article describes how to setup SSL with a Drone Runner. This is part II of a part I series. If you would like to learn how-to setup the Drone Server, please visit: Setup Drone CI Server.

This part II creates a pipeline runner with a Docker machine; what that means is, like GitHub Actions, but with Drone super powers. The configuration file is stored as .drone.yml in the root of your site directory and drone server uses that application yml file to do a series of commands or actions within the virtual docker machine.

This is empowering because you can automate a fresh build every time. Also, you create a drone trigger for when you push to a branch master as an example. Here is the configuration of all the possible things you can do. Docker Pipelines Overview

Note 1: If you see a [name-goes-here], I am linking to the references I shared below. Note 2: If you want to use Docker Engine without sudo, follow this url: Linux Docker Post-Install

Requirements

• Basic Linux CLI knowledge
• A hardened remote SSH server see Linux VPS hardening
• A running Gitea server: Git with a cup of tea
• Docker Engine
• a basic understanding of how to use Docker Engine
• basic Nginx, Gitea and Certbot/Let’s Encrypt experience
• openssl
• a running drone ci server see part I

Let’s Begin!

Pull docker image from Dockerhub

docker pull drone/drone-runner-docker:1

Make public access to repo in drone GUI

For testing, I made sure the repo was publicly available.

Launch a Secure Docker Drone Runner

For the DRONE_RPC_SECRET use the same ssl secret we created in Part I. See Configuration for a complete list of configuration options.

Please see the reference to understand what this docker config is doing. That is important for you to do yourself.

docker run --detach \
  --volume=/var/run/docker.sock:/var/run/docker.sock \
  --env=DRONE_RPC_PROTO=https \
  --env=DRONE_RPC_HOST=drone.example.com \
  --env=DRONE_RPC_SECRET=bea26a2221fd8090ea38720fc445eca6 \
  --env=DRONE_RUNNER_CAPACITY=2 \
  --env=DRONE_RUNNER_NAME=st-runner \
  --env=DRONE_UI_USERNAME=youruserhere \
  --env=DRONE_UI_PASSWORD=yourpasshere \
  --env=DRONE_DEBUG=true \
  --env=DRONE_TRACE=true \
  --publish=3000:3000 \
  --restart=always \
  --name=st-drone-runner \
  drone/drone-runner-docker:1

A Pipeline Config Example

An example of a custom pipeline I have created. I ain’t going to explain this to you in detail; I expect you to determine your own pipeline and this is only for a reference point. Essentially, what you will be doing is launching your own virtual machine for your specific use case scenario.

In this example, on drone.example.com, I have created a secret pass that needs to be passed to the virtual machine so I can package the build aka _site only, then auto push to www_data branch on my git server. Furthermore, I rsync this data through an ssh tunnel to a Gitea Pages server that serves the WWW or edge data.

Note: 3: The example configuration is a .drone.yml file stored in the root of your site project.

---
kind: pipeline
type: docker
name: build
workspace:
  path: /drone/src
platform:
  os: linux
  arch: amd64
trigger:
  branch:
  - master
steps:
- name: build-website
  image: ruby:latest
  environment:
    SSH_USER:
      from_secret: ssh_user
    SSH_HOST:
      from_secret: ssh_host
    NO_HOSTKEY:
      from_secret: no_hostkey
  privileged: false
  volumes:
    - name: jekyll
      path: /srv/jekyll
  commands:
    # general vm information for debugging
    - whoami
    - pwd
    - gem environment

Verify

docker logs st-drone-runner
INFO[0000] starting the server
INFO[0000] successfully pinged the remote server

Stop & Start Container

sudo docker container stop st-drone-ssl
sudo docker container start st-drone-ssl

Financial Support & Donations

I mainly debug code, drive, yak shave and deep dive into research for Linux base operating systems.

I am a Free Software Associate (FSF), privacy advocate and Cosmopolitan that enjoys philosophie, meta-physics, hacking and debugging computer hardware/software.

https://liberapay.com/oDinZu/

References

• Drone Runner Configuration
• Drone Runner Docker Installation
• Docker Pipelines Overview
• Unsplash - Nice M Nshuti

Top

More Posts

Archive, Compress & Decompress Huge Files via...

The following tutorial is how we backup our drives in an efficient means with zstd and tar via a...

• Continue >

Getting Setup with Tmux & Nvchad

This tutorial shines on the steps I pathed through to get up and running with Tmux and Neovim. If...

• Continue >

Setup a Secure NGINX HTTPS Web Server...

General For this tutorial, we will launch a secure SSL NGINX web server for your website domain example.org and...

• Continue >