Initialisation depot
This commit is contained in:
Serge NOEL
164
arti-api/auth-service/pipeline/DRONE-SETUP.md
Normal file
164
arti-api/auth-service/pipeline/DRONE-SETUP.md
Normal file
@@ -0,0 +1,164 @@
|
||||
# Drone CI Secrets Configuration
|
||||
|
||||
This document explains how to configure secrets in Drone CI for the auth-service pipeline.
|
||||
|
||||
## Required Secrets
|
||||
|
||||
Configure these secrets in your Drone CI interface at `https://drone.aipice.local`:
|
||||
|
||||
### Docker Registry Secrets
|
||||
|
||||
```bash
|
||||
# Docker Hub credentials for pushing images
|
||||
docker_username: your-docker-username
|
||||
docker_password: your-docker-password-or-token
|
||||
```
|
||||
|
||||
### Git Secrets (Optional)
|
||||
|
||||
```bash
|
||||
# For creating git tags (if using private repos)
|
||||
git_username: your-git-username
|
||||
git_token: your-git-personal-access-token
|
||||
```
|
||||
|
||||
### Notification Secrets (Optional)
|
||||
|
||||
```bash
|
||||
# Webhook URL for build notifications (Slack, Discord, etc.)
|
||||
webhook_url: https://hooks.slack.com/services/YOUR/WEBHOOK/URL
|
||||
|
||||
# Drone API token for deployment notifications
|
||||
drone_token: your-drone-api-token
|
||||
```
|
||||
|
||||
## Setting Up Secrets in Drone
|
||||
|
||||
### Via Drone UI
|
||||
|
||||
1. Navigate to `https://drone.aipice.local`
|
||||
2. Go to your repository settings
|
||||
3. Click on "Secrets" tab
|
||||
4. Add each secret with the name and value
|
||||
|
||||
### Via Drone CLI
|
||||
|
||||
```bash
|
||||
# Install Drone CLI
|
||||
curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
|
||||
sudo install -t /usr/local/bin drone
|
||||
|
||||
# Configure Drone CLI
|
||||
export DRONE_SERVER=https://drone.aipice.local
|
||||
export DRONE_TOKEN=your-drone-token
|
||||
|
||||
# Add secrets
|
||||
drone secret add --repository your-org/auth-service --name docker_username --data your-docker-username
|
||||
drone secret add --repository your-org/auth-service --name docker_password --data your-docker-password
|
||||
```
|
||||
|
||||
### Via API
|
||||
|
||||
```bash
|
||||
# Add secret via REST API
|
||||
curl -X POST https://drone.aipice.local/api/repos/your-org/auth-service/secrets \
|
||||
-H "Authorization: Bearer your-drone-token" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"name": "docker_username",
|
||||
"data": "your-docker-username"
|
||||
}' --insecure
|
||||
```
|
||||
|
||||
## Verifying Configuration
|
||||
|
||||
### Test Docker Credentials
|
||||
|
||||
```bash
|
||||
# Test Docker login with your credentials
|
||||
echo "your-docker-password" | docker login -u your-docker-username --password-stdin
|
||||
```
|
||||
|
||||
### Test Drone Connection
|
||||
|
||||
```bash
|
||||
# Test Drone API access
|
||||
curl -H "Authorization: Bearer your-drone-token" \
|
||||
https://drone.aipice.local/api/user \
|
||||
--insecure
|
||||
```
|
||||
|
||||
## Build Trigger
|
||||
|
||||
Once secrets are configured, the pipeline will automatically:
|
||||
|
||||
1. **On push to main/master:**
|
||||
- Build Docker image: `hexah/auth-service:1.0.X` (where X is build number)
|
||||
- Push to Docker registry
|
||||
- Create Git tag: `v1.0.X`
|
||||
- Send notifications (if configured)
|
||||
|
||||
2. **On push to other branches:**
|
||||
- Run tests and validation
|
||||
- Test Docker build (without pushing)
|
||||
|
||||
## Version Pattern
|
||||
|
||||
The pipeline uses this versioning scheme:
|
||||
|
||||
```
|
||||
Base Version: 1.0 (defined in version.conf)
|
||||
Build Number: Drone's automatic build counter
|
||||
Final Version: 1.0.{BUILD_NUMBER}
|
||||
|
||||
Examples:
|
||||
- First build: 1.0.1
|
||||
- Second build: 1.0.2
|
||||
- etc.
|
||||
```
|
||||
|
||||
## Customizing Versions
|
||||
|
||||
To change the base version (e.g., for major releases):
|
||||
|
||||
1. Edit `version.conf`:
|
||||
```
|
||||
BASE_VERSION=2.0
|
||||
```
|
||||
|
||||
2. Next build will create: `2.0.1`, `2.0.2`, etc.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Build Fails on Docker Push
|
||||
|
||||
Check that:
|
||||
- Docker credentials are correct
|
||||
- Repository `hexah/auth-service` exists
|
||||
- Account has push permissions
|
||||
|
||||
### SSL Certificate Issues
|
||||
|
||||
The pipeline includes `skip_verify: true` for self-signed certificates, but you can also:
|
||||
|
||||
```bash
|
||||
# Add Drone server certificate to trusted store
|
||||
openssl s_client -connect drone.aipice.local:443 -servername drone.aipice.local < /dev/null 2>/dev/null | openssl x509 -outform PEM > drone.crt
|
||||
sudo cp drone.crt /usr/local/share/ca-certificates/
|
||||
sudo update-ca-certificates
|
||||
```
|
||||
|
||||
### Git Tag Creation Fails
|
||||
|
||||
Ensure the Drone service account has push permissions to the repository.
|
||||
|
||||
## Example Build Output
|
||||
|
||||
Successful build will show:
|
||||
|
||||
```
|
||||
✓ version: Building version 1.0.15
|
||||
✓ docker-build: Successfully built hexah/auth-service:1.0.15
|
||||
✓ git-tag: Created tag v1.0.15
|
||||
✓ deploy-notification: Notified deployment system
|
||||
```
|
||||
Reference in New Issue
Block a user