forked from Deuxfleurs/nixcfg
Drone integration files for new version (Nix runners)
This commit is contained in:
parent
b23218a7f6
commit
be0d7a7ccc
3 changed files with 47 additions and 21 deletions
|
@ -26,25 +26,18 @@ curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compo
|
||||||
chmod +x /usr/local/bin/docker-compose
|
chmod +x /usr/local/bin/docker-compose
|
||||||
```
|
```
|
||||||
|
|
||||||
## Prepare the runner
|
## Install the runner
|
||||||
|
|
||||||
|
*This is our Nix runner version 2, previously we had another way to start Nix runners. This one has a proper way to handle concurrency, require less boilerplate, and should be safer and more idiomatic.*
|
||||||
|
|
||||||
Nix folder must be populated before launching any build.
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run --rm -it -v /var/lib/drone/nix:/mnt nixpkgs/nix:nixos-21.05 cp -r /nix/{store,var} /mnt/
|
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/drone-ci/integration/nix.conf
|
||||||
```
|
wget https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/raw/branch/main/app/drone-ci/integration/docker-compose.yml
|
||||||
|
|
||||||
This folder will grow over time and might need to be garbage collected.
|
# Edit the docker-compose.yml to adapt its variables to your needs,
|
||||||
As a rule of thumb, after running a full release of Garage, this folder will require 10GB.
|
# especially the capacitiy value and its name.
|
||||||
Consider provisioning it with at least 20GB.
|
COMPOSE_PROJECT_NAME=drone DRONE_SECRET=xxx docker-compose up -d
|
||||||
|
|
||||||
## Launch the runner
|
|
||||||
|
|
||||||
Because we use a shared nix folder, we set the number of concurrent builds to 1.
|
|
||||||
For more details and customizations, see `docker-compose.yml`.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
DRONE_NAME=lheureduthe DRONE_OWNER=quentin DRONE_SECRET=xxx docker-compose up -d
|
|
||||||
```
|
```
|
||||||
|
|
||||||
That's all folks.
|
That's all folks.
|
||||||
|
@ -67,6 +60,8 @@ It will give you the following result:
|
||||||
|
|
||||||
## Random note
|
## Random note
|
||||||
|
|
||||||
|
*This part might be deprecated!*
|
||||||
|
|
||||||
This setup is done mainly to allow nix builds with some cache.
|
This setup is done mainly to allow nix builds with some cache.
|
||||||
To use the cache in Drone, you must set your repository as trusted.
|
To use the cache in Drone, you must set your repository as trusted.
|
||||||
The command line tool does not work (it says it successfully set your repository as trusted but it did nothing):
|
The command line tool does not work (it says it successfully set your repository as trusted but it did nothing):
|
||||||
|
|
|
@ -1,5 +1,14 @@
|
||||||
version: '3.4'
|
version: '3.4'
|
||||||
services:
|
services:
|
||||||
|
nix-daemon:
|
||||||
|
image: nixpkgs/nix:nixos-22.05
|
||||||
|
restart: always
|
||||||
|
command: nix-daemon
|
||||||
|
privileged: true
|
||||||
|
volumes:
|
||||||
|
- "nix:/nix"
|
||||||
|
- "./nix.conf:/etc/nix/nix.conf:ro"
|
||||||
|
|
||||||
drone-runner:
|
drone-runner:
|
||||||
image: drone/drone-runner-docker:latest
|
image: drone/drone-runner-docker:latest
|
||||||
restart: always
|
restart: always
|
||||||
|
@ -7,21 +16,32 @@ services:
|
||||||
- DRONE_RPC_PROTO=https
|
- DRONE_RPC_PROTO=https
|
||||||
- DRONE_RPC_HOST=drone.deuxfleurs.fr
|
- DRONE_RPC_HOST=drone.deuxfleurs.fr
|
||||||
- DRONE_RPC_SECRET=${DRONE_SECRET}
|
- DRONE_RPC_SECRET=${DRONE_SECRET}
|
||||||
- DRONE_RUNNER_CAPACITY=1
|
- DRONE_RUNNER_CAPACITY=3
|
||||||
- DRONE_DEBUG=true
|
- DRONE_DEBUG=true
|
||||||
- DRONE_LOGS_TRACE=true
|
- DRONE_LOGS_TRACE=true
|
||||||
- DRONE_RPC_DUMP_HTTP=true
|
- DRONE_RPC_DUMP_HTTP=true
|
||||||
- DRONE_RPC_DUMP_HTTP_BODY=true
|
- DRONE_RPC_DUMP_HTTP_BODY=true
|
||||||
- DRONE_RUNNER_NAME=${DRONE_NAME}
|
- DRONE_RUNNER_NAME=i_forgot_to_change_my_runner_name
|
||||||
- DRONE_RUNNER_LABELS=nix:1
|
- DRONE_RUNNER_LABELS=nix-daemon:1
|
||||||
#- DRONE_RUNNER_VOLUMES=/var/lib/drone/nix:/nix
|
# we should put "nix:/nix:ro but it is not supported by
|
||||||
|
# drone-runner-docker because the dependency envconfig does
|
||||||
|
# not support having two colons (:) in the same stanza.
|
||||||
|
# Without the RO flag (or using docker userns), build isolation
|
||||||
|
# is broken.
|
||||||
|
# https://discourse.drone.io/t/allow-mounting-a-host-volume-as-read-only/10071
|
||||||
|
# https://github.com/kelseyhightower/envconfig/pull/153
|
||||||
|
#
|
||||||
|
# A workaround for isolation is to configure docker with a userns,
|
||||||
|
# so even if the folder is writable to root, it is not to any non
|
||||||
|
# privileged docker daemon ran by drone!
|
||||||
|
- DRONE_RUNNER_VOLUMES=drone_nix:/nix
|
||||||
|
- DRONE_RUNNER_ENVIRON=NIX_REMOTE:daemon
|
||||||
ports:
|
ports:
|
||||||
- "3000:3000/tcp"
|
- "3000:3000/tcp"
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
- "/var/lib/drone/nix:/var/lib/drone/nix"
|
|
||||||
|
|
||||||
drone-gc:
|
drone-gc:
|
||||||
image: drone/gc:latest
|
image: drone/gc:latest
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
|
@ -30,3 +50,5 @@ services:
|
||||||
- GC_INTERVAL=10m
|
- GC_INTERVAL=10m
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
volumes:
|
||||||
|
nix:
|
||||||
|
|
9
cluster/prod/app/drone-ci/integration/nix.conf
Normal file
9
cluster/prod/app/drone-ci/integration/nix.conf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
|
||||||
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
||||||
|
max-jobs = auto
|
||||||
|
cores = 0
|
||||||
|
log-lines = 200
|
||||||
|
filter-syscalls = true
|
||||||
|
sandbox = true
|
||||||
|
keep-outputs = true
|
||||||
|
keep-derivations = true
|
Loading…
Reference in a new issue