# Drone CI Secrets Configuration This document explains how to configure secrets in Drone CI for the auth-service pipeline. ## Required Secrets Configure these secrets in your Drone CI interface at `https://drone.aipice.local`: ### Docker Registry Secrets ```bash # Docker Hub credentials for pushing images docker_username: your-docker-username docker_password: your-docker-password-or-token ``` ### Git Secrets (Optional) ```bash # For creating git tags (if using private repos) git_username: your-git-username git_token: your-git-personal-access-token ``` ### Notification Secrets (Optional) ```bash # Webhook URL for build notifications (Slack, Discord, etc.) webhook_url: https://hooks.slack.com/services/YOUR/WEBHOOK/URL # Drone API token for deployment notifications drone_token: your-drone-api-token ``` ## Setting Up Secrets in Drone ### Via Drone UI 1. Navigate to `https://drone.aipice.local` 2. Go to your repository settings 3. Click on "Secrets" tab 4. Add each secret with the name and value ### Via Drone CLI ```bash # Install Drone CLI curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx sudo install -t /usr/local/bin drone # Configure Drone CLI export DRONE_SERVER=https://drone.aipice.local export DRONE_TOKEN=your-drone-token # Add secrets drone secret add --repository your-org/auth-service --name docker_username --data your-docker-username drone secret add --repository your-org/auth-service --name docker_password --data your-docker-password ``` ### Via API ```bash # Add secret via REST API curl -X POST https://drone.aipice.local/api/repos/your-org/auth-service/secrets \ -H "Authorization: Bearer your-drone-token" \ -H "Content-Type: application/json" \ -d '{ "name": "docker_username", "data": "your-docker-username" }' --insecure ``` ## Verifying Configuration ### Test Docker Credentials ```bash # Test Docker login with your credentials echo "your-docker-password" | docker login -u your-docker-username --password-stdin ``` ### Test Drone Connection ```bash # Test Drone API access curl -H "Authorization: Bearer your-drone-token" \ https://drone.aipice.local/api/user \ --insecure ``` ## Build Trigger Once secrets are configured, the pipeline will automatically: 1. **On push to main/master:** - Build Docker image: `hexah/auth-service:1.0.X` (where X is build number) - Push to Docker registry - Create Git tag: `v1.0.X` - Send notifications (if configured) 2. **On push to other branches:** - Run tests and validation - Test Docker build (without pushing) ## Version Pattern The pipeline uses this versioning scheme: ``` Base Version: 1.0 (defined in version.conf) Build Number: Drone's automatic build counter Final Version: 1.0.{BUILD_NUMBER} Examples: - First build: 1.0.1 - Second build: 1.0.2 - etc. ``` ## Customizing Versions To change the base version (e.g., for major releases): 1. Edit `version.conf`: ``` BASE_VERSION=2.0 ``` 2. Next build will create: `2.0.1`, `2.0.2`, etc. ## Troubleshooting ### Build Fails on Docker Push Check that: - Docker credentials are correct - Repository `hexah/auth-service` exists - Account has push permissions ### SSL Certificate Issues The pipeline includes `skip_verify: true` for self-signed certificates, but you can also: ```bash # Add Drone server certificate to trusted store openssl s_client -connect drone.aipice.local:443 -servername drone.aipice.local < /dev/null 2>/dev/null | openssl x509 -outform PEM > drone.crt sudo cp drone.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates ``` ### Git Tag Creation Fails Ensure the Drone service account has push permissions to the repository. ## Example Build Output Successful build will show: ``` ✓ version: Building version 1.0.15 ✓ docker-build: Successfully built hexah/auth-service:1.0.15 ✓ git-tag: Created tag v1.0.15 ✓ deploy-notification: Notified deployment system ```