nixcfg/cluster/prod/app/drone-ci/integration
2022-09-09 12:24:11 +02:00
..
docker-compose.yml Drone integration files for new version (Nix runners) 2022-09-09 12:24:11 +02:00
nix.conf Drone integration files for new version (Nix runners) 2022-09-09 12:24:11 +02:00
README.md Drone integration files for new version (Nix runners) 2022-09-09 12:24:11 +02:00

Install Debian

We recommend Debian Bullseye

Install Docker CE from docker.io

Do not use the docker engine shipped by Debian

Doc:

On a fresh install, as root:

apt-get remove -y docker docker-engine docker.io containerd runc
apt-get update
apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Install the runner

This is our Nix runner version 2, previously we had another way to start Nix runners. This one has a proper way to handle concurrency, require less boilerplate, and should be safer and more idiomatic.

wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/drone-ci/integration/nix.conf
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/drone-ci/integration/docker-compose.yml

# Edit the docker-compose.yml to adapt its variables to your needs,
# especially the capacitiy value and its name.
COMPOSE_PROJECT_NAME=drone DRONE_SECRET=xxx docker-compose up -d

That's all folks.

Check if a given job is built by your runner

export URL=https://drone.deuxfleurs.fr
export REPO=Deuxfleurs/garage
export BUILD=1312
curl ${URL}/api/repos/${REPO}/builds/${BUILD} \
  | jq -c '[.stages[] | { name: .name, machine: .machine }]'

It will give you the following result:

[{"name":"default","machine":"1686a"},{"name":"release-linux-x86_64","machine":"vimaire"},{"name":"release-linux-i686","machine":"carcajou"},{"name":"release-linux-aarch64","machine":"caribou"},{"name":"release-linux-armv6l","machine":"cariacou"},{"name":"refresh-release-page","machine":null}]

Random note

This part might be deprecated!

This setup is done mainly to allow nix builds with some cache. To use the cache in Drone, you must set your repository as trusted. The command line tool does not work (it says it successfully set your repository as trusted but it did nothing): the only way to set your repository as trusted is to connect on the DB and set the repo_trusted field of your repo to true.