Gitea搭建

docker-compose.yml 文件

version: "3"

networks:
  gitea:
    external: false

services:
  gitea:
    image: gitea/gitea
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "127.0.0.1:222:22"
  db:
    image: mariadb:10
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=xxxx
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=xxxxx
    volumes:
      - ./db/:/var/lib/mysql
    networks:
      - gitea
Gitea需要数据库存储数据,这里可以自行搭建,也可以基于已有的数据库进行.

运行

docker-compose up -d

防火墙

检查对应的端口是否开放

UID 和 GID

查看用户ID
cat /etc/passwd

结果示例:

git:x:1000:1000::/home/git:/bin/bash 

UID 就是 1000

查看群组ID
cat /etc/group 

结果示例:

...

git:x:1000:

GID 就是 1000

如果没有 git 账户,或者想用其他账户

创建一个群组

groupadd git 

创建一个用户,并加入 git 组

useradd git -g git

修改Nginx文件大小限制

client_max_body_size 100M;

设置Gitea的SSH配置

1. 创建 git 用户的 ssh key

sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"

2. 创建可执行文件脚本,用于 ssh 转发

/app/gitea/gitea

文件内容:

#!/bin/sh
ssh -p 222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
ssh -p 222,这里的222对应docker-compose.yml中的端口映射(将宿主机的222端口映射到容器中的22端口).该文本的内容是指定222端口为ssh的端口.

添加可执行权限:

chmod +x /app/gitea/gitea

3. 连接 gitea 用户 key 到 git 用户下

ln -s /opt/docker/gitea/gitea/git/.ssh/authorized_keys /home/git/.ssh/authorized_keys

启动Gitea后,会在挂载的文件下创建git目录,对应的ssh文件在...git/.ssh 目录中

这里的/opt/docker/gitea/gitea是Gitea的挂载目录

这里是将刚刚Git用户创建的秘钥创建文件链接到Gitea的ssh目录下.

echo "$(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys

nginx配置gitea的转发

...

   location / { 
        proxy_pass  http://127.0.0.1:3000;
    } 

这里的端口对应docker-compose.yml中的端口映射.

配置邮箱

在gitea/conf/app.ini文件中的mailer部分设置

[mailer]
ENABLED = true
HOST    = smtp.163.com:465
FROM    = example@163.com
USER    = example@163.com
PASSWD  = 你的密码

无人机搭建

docker-compose.yml 文件

services:
  server:
    image: drone/drone:1
    container_name: drone_server
    restart: always
    environment:
      DRONE_GITEA_SERVER: https://git.domain.com
      DRONE_GITEA_CLIENT_ID: xxxxxxx
      DRONE_GITEA_CLIENT_SECRET: xxxxxxxxxxxxxxxxxxxxxxxxxxx
      DRONE_RPC_SECRET: xxxxxxxxxx
      DRONE_SERVER_HOST: ci.domain.com
      DRONE_SERVER_PROTO: https
      DRONE_LOGS_TRACE: 'true'
      DRONE_USER_CREATE: username:admin,admin:true
    ports:
      - "8880:80"
    volumes:
      - "./data:/data"
    networks:
      - gitea

  runner:
    image: drone/drone-runner-docker:1
    container_name: drone_runner
    restart: always
    environment:
      DRONE_RPC_PROTO: https
      DRONE_RPC_HOST: ci.domain.com
      DRONE_RPC_SECRET: xxxxxxxxxxxxxxxxxxxxxx
      DRONE_RUNNER_CAPACITY: 5
      DRONE_RUNNER_NAME: ${HOSTNAME}
      DRONE_LOGS_TRACE: 'true'
    ports:
      - "8484:3000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    networks:
      - gitea
networks:
  gitea:
    external: true

在Gitea中设置中创建一个新的应用

设置重定向的uri为你的Drone登录地址 例如: https://ci.domain.com/login获取客户端ID和客户端秘钥,并修改到docker-compose.yml文件中的DRONE_GITEA_CLIENT_ID和DRONE_GITEA_CLIENT_SECRET

生成唯一的DRONE_RPC_SECRET

可使用openssl命令生成

openssl rand -hex 18

修改Drone的server和runner中的变量DRONE_RPC_SECRET

确保server和runner的DRONE_RPC_SECRET一致

spring-boot项目示例

在项目根目录创建 .drone.yml文件

kind: pipeline
name: spring-boot-demo

steps:
  - name: Maven编译
    image: maven:3.8.1-adoptopenjdk-8
    volumes:
      - name: cache
        path: /root/.m2
    commands:
      - mvn clean install
  - name: 构建镜像
    image: plugins/docker
    volumes:
      - name: docker
        path: /var/run/docker.sock
    settings:
      username:
        from_secret: docker_user
      password:
        from_secret: docker_pass
      repo: youtaqiu/spring-boot-demo
#      registry: registry-vpc.cn-shanghai.aliyuncs.com
      tags: ${DRONE_TAG=latest}

#  - name: Kubernetes 部署
#    image: guoxudongdocker/kubectl:v1.14.1
#    volumes:
#      - name: kube
#        path: /root/.kube
#    commands:
#      - ls
#      - kubectl apply -f deployment.yaml
  - name: 远程执行
    image: appleboy/drone-ssh
    settings:
      host:
        from_secret: ssh_dev_host
      username:
        from_secret: ssh_dev_username
      password:
        from_secret: ssh_dev_pass
      port: 22
      script:
        - echo ssh commands
        - /opt/app/demo/demo-docker.sh

  - name: 钉钉通知
    image: guoxudongdocker/drone-dingtalk
    settings:
      token:
        from_secret: dingding
      type: markdown
      message_color: true
      message_pic: true
      sha_link: true
    when:
      status: [failure, success]
      brach: [master]

volumes:
  - name: cache
    host:
      path: /tmp/cache/.m2
  - name: kube
    host:
      path: /tmp/cache/.kube/.test_kube
  - name: docker
    host:
      path: /var/run/docker.sock

trigger:
  branch:
    - master

具体说明可以去官网了解,这里不做细说.这里列出一个简单的 demo-docker.sh 脚本(没有回滚策略).

#!/bin/sh
SERVER_NAME=demo
PORT=8888
PROFILES_ACTIVE=test
LOG_VOLUME=/opt/app/$SERVER_NAME/logs
DOCKER_NETWORK=demo-net
#容器id
CID=$(docker ps | grep "$SERVER_NAME" | awk '{print $1}')
#镜像id
IID=$(docker images | grep "$SERVER_NAME" | awk '{print $3}')
DOCKER_REGISTRY=dockerhub.qingcloud.com
DOCKER_IMAGE=demo/$SERVER_NAME
DOCKER_TAG=$DOCKER_REGISTRY/$DOCKER_IMAGE
#清除旧容器
if [ -n "$CID" ]; then
echo "存在[$SERVER_NAME]容器,CID=$CID"
echo "停止旧容器"
docker stop $SERVER_NAME
echo "删除旧容器"
docker rm -f $SERVER_NAME
fi
# 清楚旧镜像
if [ -n "$IID" ]; then
echo "存在[$SERVER_NAME]镜像,IID=$IID"
echo "删除镜像"
docker rmi -f $IID
fi
# 运行docker容器
echo "创建并启动[$SERVER_NAME]容器..."
docker run --name $SERVER_NAME --network $DOCKER_NETWORK  -d -p ${PORT}:${PORT} -m 1G --memory-swap -1 -v $LOG_VOLUME:/logs  --env spring.profiles.active=${PROFILES_ACTIVE} --restart=on-failure:3  ${DOCKER_TAG}
echo "[$SERVER_NAME]容器启动完成"