Linux服务器中代码仓库(gitea+drone)搭建
Gitea: 一个用Go语言编写的轻量级代码托管平台,可以看作是极度轻量化的GitLab。功能包括Git仓库管理、Issue、PR、Webhook等,核心功能一个不少。其内存占用通常在50-100MB左右,非常适合小服务器。
Drone: 一个用Go语言编写的基于Docker容器的CI/CD平台。它通过Gitea的Webhook触发构建流程。它的运行模式是每个构建步骤都在一个独立的临时容器中运行,构建完成后容器销毁,资源立即释放,非常高效。
1. 创建持久化数据目录
1 # 创建主目录 2 mkdir -p /opt/docker/gitea 3 mkdir -p /opt/docker/drone 4 5 # 创建数据目录 6 mkdir -p /opt/docker/gitea/data 7 mkdir -p /opt/docker/gitea/config 8 mkdir -p /opt/docker/drone/data
2. 拉取gitea,drone镜像 (https://hub.docker.com 查询版本)
#镜像拉取失败,可使用阿里云镜像加速服务 sudo vim /etc/docker/daemon.json "registry-mirrors": [ "https://<你的ID,去容器镜像服务-镜像工具-镜像加速器获取>.mirror.aliyuncs.com" ]
sudo docker pull gitea/gitea
sudo docker pull drone/drone
# 设置目录权限
sudo chown -R 1000:1000 /opt/docker/gitea
sudo chown -R 1000:1000 /opt/docker/drone
3. 直接使用docker-compose.yaml
version: '3.8'
services:
# Gitea 服务
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- DB_TYPE=sqlite3
restart: always
volumes:
- /opt/docker/gitea/data:/data
- /opt/docker/gitea/config:/etc/gitea
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"
networks:
- gitea-network
# Drone Server
drone:
image: drone/drone:latest
container_name: drone
environment:
- DRONE_GITEA_SERVER=http://gitea的IP:3000
- DRONE_GITEA_CLIENT_ID=gitea中auth2.0的客户端ID
- DRONE_GITEA_CLIENT_SECRET=gitea中auth2.0的客户端密钥
- DRONE_RPC_SECRET=RPC密钥
- DRONE_SERVER_HOST=服务器IP:8080
- DRONE_SERVER_PROTO=http
volumes:
- /opt/docker/drone/data:/data
restart: always
ports:
- "8080:80"
depends_on:
- gitea
networks:
- gitea-network
# Drone Runner
drone-runner:
image: drone/drone-runner-docker:latest
container_name: drone-runner
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone
- DRONE_RPC_SECRET=RPC密钥
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NAME=my-runner
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
depends_on:
- drone
networks:
- gitea-network
networks:
gitea-network:
driver: bridge3.1 先运行gitea容器后访问 http://your-server-ip:3000 完成基本配置
# 先运行gitea容器
sudo docker-compose up -d gitea# 配置Gitea OAuth应用
# 登录Gitea后,点击右上角用户头像 -> 设置 -> 应用
# 创建新的OAuth2应用程序:
# 应用名称: Drone CI
# 重定向URI: http://your-server-ip:8080/login,这里的地址由docker-compose.yaml中的drone里的DRONE_SERVER_PROTO+DRONE_SERVER_HOST/login组成
# 记录生成的客户端ID和客户端密钥
# 修改docker-compose.yaml中对应的值
sudo docker-compose up -d3.2 访问drone:8080,首次访问Drone时,需要使用Gitea授权
3.3 在Drone中同步Gitea的仓库
3.4 在Gitea仓库中添加.drone.yaml文件来定义CI/CD流程, 文档地址 https://docs.drone.io/
# 示例
kind: pipeline
type: docker
name: nodejs-ci-cd
# 触发条件
trigger:
branch:
- master
event:
- push
- pull_request
# 环境变量
environment:
NODE_VERSION: 22
APP_NAME: my-node-app
DOCKER_IMAGE: your-username/${APP_NAME}
REGISTRY: registry.example.com
# 步骤定义
steps:
# 第一步:安装依赖并缓存
- name: install-dependencies
image: node:${NODE_VERSION}-alpine
commands:
- npm ci
- npm cache verify
volumes:
- name: npm-cache
path: /root/.npm
# 第二步:代码质量检查
- name: code-quality
image: node:${NODE_VERSION}-alpine
commands:
- npm run lint
depends_on: [install-dependencies]
# 第三步:运行测试
- name: run-tests
image: node:${NODE_VERSION}-alpine
commands:
- npm test
- npm run test:coverage
depends_on: [install-dependencies]
environment:
NODE_ENV: test
DATABASE_URL: postgresql://test:test@postgres:5432/test
when:
event: [push, pull_request]
# 第四步:安全扫描
- name: security-scan
image: node:${NODE_VERSION}-alpine
commands:
- npm audit --audit-level=moderate
- npx snyk test --severity-threshold=high
depends_on: [install-dependencies]
when:
event: push
branch: [master, develop]
# 第五步:构建应用程序
- name: build-app
image: node:${NODE_VERSION}-alpine
commands:
- npm run build
depends_on: [run-tests]
environment:
NODE_ENV: production
when:
event: push
branch: [master, develop]
# 第六步:构建 Docker 镜像
- name: build-docker-image
image: plugins/docker
settings:
repo: ${DOCKER_IMAGE}
tags:
- latest
- ${DRONE_COMMIT_SHA:0:8}
- ${DRONE_BRANCH//\//-}
registry: ${REGISTRY}
username:
from_secret: docker_username
password:
from_secret: docker_password
build_args:
- NODE_ENV=production
depends_on: [build-app]
when:
event: push
branch: [master, develop]
# 第七步:扫描 Docker 镜像安全漏洞
- name: scan-docker-image
image: aquasec/trivy:latest
commands:
- trivy image --exit-code 1 --severity HIGH,CRITICAL ${REGISTRY}/${DOCKER_IMAGE}:${DRONE_COMMIT_SHA:0:8}
depends_on: [build-docker-image]
when:
event: push
branch: master
# 第八步:部署到开发环境
- name: deploy-to-dev
image: appleboy/drone-ssh
settings:
host: dev.example.com
username: deploy
key:
from_secret: ssh_key_dev
script:
- docker pull ${REGISTRY}/${DOCKER_IMAGE}:${DRONE_COMMIT_SHA:0:8}
- docker stop ${APP_NAME} || true
- docker rm ${APP_NAME} || true
- docker run -d --name ${APP_NAME} -p 3000:3000 --env-file /app/.env ${REGISTRY}/${DOCKER_IMAGE}:${DRONE_COMMIT_SHA:0:8}
depends_on: [build-docker-image]
when:
event: push
branch: develop
# 第九步:部署到生产环境
- name: deploy-to-prod
image: appleboy/drone-ssh
settings:
host: prod.example.com
username: deploy
key:
from_secret: ssh_key_prod
script:
- docker pull ${REGISTRY}/${DOCKER_IMAGE}:${DRONE_COMMIT_SHA:0:8}
- docker stop ${APP_NAME} || true
- docker rm ${APP_NAME} || true
- docker run -d --name ${APP_NAME} -p 3000:3000 --env-file /app/.env ${REGISTRY}/${DOCKER_IMAGE}:${DRONE_COMMIT_SHA:0:8}
- docker system prune -af
depends_on: [scan-docker-image]
when:
event: push
branch: master
# 第十步:发送通知
- name: notify-slack
image: plugins/slack
settings:
webhook:
from_secret: slack_webhook
channel: deployments
template: >
{{#success build.status}}
✅ 部署成功! {{repo.name}} #{{build.number}} ({{commit.branch}}) 已部署到{{#eq commit.branch "master"}}生产环境{{else}}开发环境{{/eq}}
Commit: {{commit.message}} by {{commit.author}}
{{else}}
❌ 部署失败! {{repo.name}} #{{build.number}} ({{commit.branch}}) 需要检查
Commit: {{commit.message}} by {{commit.author}}
{{/success}}
when:
status: [success, failure]
# 缓存配置
volumes:
- name: npm-cache
temp: {}
# 服务容器(用于测试)
services:
- name: postgres
image: postgres:13-alpine
environment:
POSTGRES_USER: test
POSTGRES_PASSWORD: test
POSTGRES_DB: test
- name: redis
image: redis:6-alpine
不使用docker-compose的话,先部署Gitea(代码托管平台)
# 运行Gitea容器 docker run -d \ --name=gitea \ --network=gitea-network \ -p 3001:3000 \ -p 2222:22 \ -v /opt/docker/gitea/data:/data \ -v /opt/docker/gitea/config:/etc/gitea \ -e USER_UID=1000 \ -e USER_GID=1000 \ -e DB_TYPE=sqlite3 \ --restart=always \ gitea/gitea:latest
4.1 也是一样先启动gitea容器 完成基本配置
# 创建Docker网络
sudo docker network create gitea-network4.2 部署Drone Server(CI/CD平台的服务端)
sudo docker run -d \ --name=drone \ --network=gitea-network \ -v /opt/docker/drone/data:/data \ -e DRONE_GITEA_SERVER=http://gitea服务器地址:3001 \ -e DRONE_GITEA_CLIENT_ID=gitea客户端ID\ -e DRONE_GITEA_CLIENT_SECRET=gitea客户端密钥\ -e DRONE_RPC_SECRET=RPC密钥\ -e DRONE_SERVER_HOST=drone服务器地址:8080 \ -e DRONE_SERVER_PROTO=http \ -p 8080:80 \ --restart=always \ drone/drone:latest
# 运行drone runner容器 sudo docker run -d \ --name=drone-runner \ --network=gitea-network \ -v /var/run/docker.sock:/var/run/docker.sock \ -e DRONE_RPC_PROTO=http \ -e DRONE_RPC_HOST=drone \ -e DRONE_RPC_SECRET=RPC密钥\ -e DRONE_RUNNER_CAPACITY=2 \ -e DRONE_RUNNER_NAME=my-runner \ --restart=always \ drone/drone-runner-docker:latest
浙公网安备 33010602011771号