infrastructure/app/drone-ci/integration
2021-10-19 12:55:51 +02:00
..
docker-compose.yml Add a docker compose for runners 2021-10-19 12:55:51 +02:00
README.md Add a docker compose for runners 2021-10-19 12:55:51 +02:00

Install Debian

We recommend Debian Bullseye

Install Docker CE from docker.io

Do not use the docker engine shipped by Debian

Doc:

On a fresh install, as root:

apt-get remove -y docker docker-engine docker.io containerd runc
apt-get update
apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Prepare the runner

Nix folder must be populated before launching any build.

docker run --rm -it -v /var/lib/drone/nix:/mnt nixpkgs/nix:nixos-21.05 cp -r /nix/{store,var} /mnt/

This folder will grow over time and might need to be garbage collected. As a rule of thumb, after running a full release of Garage, this folder will require 10GB. Consider provisioning it with at least 20GB.

Launch the runner

Because we use a shared nix folder, we set the number of concurrent builds to 1. For more details and customizations, see docker-compose.yml.

DRONE_NAME=lheureduthe DRONE_OWNER=quentin DRONE_SECRET=xxx docker-compose up -d

That's all folks.

Random note

This setup is done mainly to allow nix builds with some cache. To use the cache in Drone, you must set your repository as trusted. The command line tool does not work (it says it successfully set your repository as trusted but it did nothing): the only way to set your repository as trusted is to connect on the DB and set the repo_trusted field of your repo to true.