Maison/arti-api/auth-service/pipeline/DRONE-SETUP.md

# Drone CI Secrets Configuration

This document explains how to configure secrets in Drone CI for the auth-service pipeline.

## Required Secrets

Configure these secrets in your Drone CI interface at `https://drone.aipice.local`:

### Docker Registry Secrets

```bash
# Docker Hub credentials for pushing images
docker_username: your-docker-username
docker_password: your-docker-password-or-token
```

### Git Secrets (Optional)

```bash
# For creating git tags (if using private repos)
git_username: your-git-username
git_token: your-git-personal-access-token
```

### Notification Secrets (Optional)

```bash
# Webhook URL for build notifications (Slack, Discord, etc.)
webhook_url: https://hooks.slack.com/services/YOUR/WEBHOOK/URL

# Drone API token for deployment notifications
drone_token: your-drone-api-token
```

## Setting Up Secrets in Drone

### Via Drone UI

1. Navigate to `https://drone.aipice.local`
2. Go to your repository settings
3. Click on "Secrets" tab
4. Add each secret with the name and value

### Via Drone CLI

```bash
# Install Drone CLI
curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
sudo install -t /usr/local/bin drone

# Configure Drone CLI
export DRONE_SERVER=https://drone.aipice.local
export DRONE_TOKEN=your-drone-token

# Add secrets
drone secret add --repository your-org/auth-service --name docker_username --data your-docker-username
drone secret add --repository your-org/auth-service --name docker_password --data your-docker-password
```

### Via API

```bash
# Add secret via REST API
curl -X POST https://drone.aipice.local/api/repos/your-org/auth-service/secrets \
  -H "Authorization: Bearer your-drone-token" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "docker_username",
    "data": "your-docker-username"
  }' --insecure
```

## Verifying Configuration

### Test Docker Credentials

```bash
# Test Docker login with your credentials
echo "your-docker-password" | docker login -u your-docker-username --password-stdin
```

### Test Drone Connection

```bash
# Test Drone API access
curl -H "Authorization: Bearer your-drone-token" \
     https://drone.aipice.local/api/user \
     --insecure
```

## Build Trigger

Once secrets are configured, the pipeline will automatically:

1. **On push to main/master:**
   - Build Docker image: `hexah/auth-service:1.0.X` (where X is build number)
   - Push to Docker registry
   - Create Git tag: `v1.0.X`
   - Send notifications (if configured)

2. **On push to other branches:**
   - Run tests and validation
   - Test Docker build (without pushing)

## Version Pattern

The pipeline uses this versioning scheme:

```
Base Version: 1.0 (defined in version.conf)
Build Number: Drone's automatic build counter
Final Version: 1.0.{BUILD_NUMBER}

Examples:
- First build: 1.0.1
- Second build: 1.0.2
- etc.
```

## Customizing Versions

To change the base version (e.g., for major releases):

1. Edit `version.conf`:
   ```
   BASE_VERSION=2.0
   ```

2. Next build will create: `2.0.1`, `2.0.2`, etc.

## Troubleshooting

### Build Fails on Docker Push

Check that:
- Docker credentials are correct
- Repository `hexah/auth-service` exists
- Account has push permissions

### SSL Certificate Issues

The pipeline includes `skip_verify: true` for self-signed certificates, but you can also:

```bash
# Add Drone server certificate to trusted store
openssl s_client -connect drone.aipice.local:443 -servername drone.aipice.local < /dev/null 2>/dev/null | openssl x509 -outform PEM > drone.crt
sudo cp drone.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
```

### Git Tag Creation Fails

Ensure the Drone service account has push permissions to the repository.

## Example Build Output

Successful build will show:

```
✓ version: Building version 1.0.15
✓ docker-build: Successfully built hexah/auth-service:1.0.15
✓ git-tag: Created tag v1.0.15
✓ deploy-notification: Notified deployment system
```