Maison/arti-api/auth-service/pipeline/DRONE-SETUP.md

Drone CI Secrets Configuration

This document explains how to configure secrets in Drone CI for the auth-service pipeline.

Required Secrets

Configure these secrets in your Drone CI interface at https://drone.aipice.local:

Docker Registry Secrets

# Docker Hub credentials for pushing images
docker_username: your-docker-username
docker_password: your-docker-password-or-token

Git Secrets (Optional)

# For creating git tags (if using private repos)
git_username: your-git-username
git_token: your-git-personal-access-token

Notification Secrets (Optional)

# Webhook URL for build notifications (Slack, Discord, etc.)
webhook_url: https://hooks.slack.com/services/YOUR/WEBHOOK/URL

# Drone API token for deployment notifications
drone_token: your-drone-api-token

Setting Up Secrets in Drone

Via Drone UI

1. Navigate to https://drone.aipice.local
2. Go to your repository settings
3. Click on "Secrets" tab
4. Add each secret with the name and value

Via Drone CLI

# Install Drone CLI
curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
sudo install -t /usr/local/bin drone

# Configure Drone CLI
export DRONE_SERVER=https://drone.aipice.local
export DRONE_TOKEN=your-drone-token

# Add secrets
drone secret add --repository your-org/auth-service --name docker_username --data your-docker-username
drone secret add --repository your-org/auth-service --name docker_password --data your-docker-password

Via API

# Add secret via REST API
curl -X POST https://drone.aipice.local/api/repos/your-org/auth-service/secrets \
  -H "Authorization: Bearer your-drone-token" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "docker_username",
    "data": "your-docker-username"
  }' --insecure

Verifying Configuration

Test Docker Credentials

# Test Docker login with your credentials
echo "your-docker-password" | docker login -u your-docker-username --password-stdin

Test Drone Connection

# Test Drone API access
curl -H "Authorization: Bearer your-drone-token" \
     https://drone.aipice.local/api/user \
     --insecure

Build Trigger

Once secrets are configured, the pipeline will automatically:

1. On push to main/master:

   • Build Docker image: hexah/auth-service:1.0.X (where X is build number)
   • Push to Docker registry
   • Create Git tag: v1.0.X
   • Send notifications (if configured)

2. On push to other branches:

   • Run tests and validation
   • Test Docker build (without pushing)

Version Pattern

The pipeline uses this versioning scheme:

Base Version: 1.0 (defined in version.conf)
Build Number: Drone's automatic build counter
Final Version: 1.0.{BUILD_NUMBER}

Examples:
- First build: 1.0.1
- Second build: 1.0.2
- etc.

Customizing Versions

To change the base version (e.g., for major releases):

1. Edit version.conf:

   BASE_VERSION=2.0
   

2. Next build will create: 2.0.1, 2.0.2, etc.

Troubleshooting

Build Fails on Docker Push

Check that:

• Docker credentials are correct
• Repository hexah/auth-service exists
• Account has push permissions

SSL Certificate Issues

The pipeline includes skip_verify: true for self-signed certificates, but you can also:

# Add Drone server certificate to trusted store
openssl s_client -connect drone.aipice.local:443 -servername drone.aipice.local < /dev/null 2>/dev/null | openssl x509 -outform PEM > drone.crt
sudo cp drone.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Git Tag Creation Fails

Ensure the Drone service account has push permissions to the repository.

Example Build Output

Successful build will show:

✓ version: Building version 1.0.15
✓ docker-build: Successfully built hexah/auth-service:1.0.15
✓ git-tag: Created tag v1.0.15
✓ deploy-notification: Notified deployment system