In a previous post, I explored why Jenkins should no longer be the default choice for CI/CD for new software projects. This time, let’s discuss an alternative that I’ve gotten quite familiar with recently: Drone CI.
Drone is simply described as a ‘self-service Continuous Integration platform for busy development teams’. Configuring a CI pipeline is as simple as activating the repo in the web UI and committing a .drone.yml file in the project’s root directory.
I’ve successfully used Drone for typical use cases such as linting and testing in response to PRs/merges as well as scheduling task executions via their cron feature.
The project documentation already provides a lot of resources on how to get up and running, so this article will provide tips from experience on how to best operate a Drone installation.
The Drone service needs to be public-facing
In order for Drone to work properly, TCP port 443 needs to be publicly accessible so that it can receive requests from your repo hosting provider.
Conveniently, Drone is bundled with its own LetsEncrypt ACME client to automatically set up free TLS, which can be activated by setting the DRONE_TLS_AUTOCERT environment variable on the Drone container in conjunction with the desired FQDN. For LetsEncrypt to work, there needs to be a working DNS entry.
DRONE_TLS_AUTOCERT=true
DRONE_SERVER_HOST=server.domain.tld
Use a read-through cache for resilience to Docker Hub outages
Most likely, you will be using the Docker runner to execute steps in your pipeline, which depends on launching ephemeral containers to run each step. This means that any outages in your upstream container registry (Docker Hub in particular) will break the execution of your pipeline.
To prevent this, on the server(s) running the Docker runner, also run an instance of a container registry configured as a read-through cache:
docker run -d -p 5000:5000 \
-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
--restart always \
--name registry registry:2
Then, write the following configuration to /etc/docker/daemon.json and restart Docker:
{
"insecure-registries" : ["127.0.0.1:5000" ],
"registry-mirrors": ["http://127.0.0.1:5000"]
}
Add yourself as an administrator to new Drone installations
There are certain things you can’t do without an administrator account to your Drone instance, such as:
- Changing the timeout for pipeline execution on a per-repo basis
- Full access to API features
To add yourself, simply add the following environment variable to your Drone container, where USERNAME is your username on the repo management software you’re using (Github, Gitlab, Bitbucket, etc):
DRONE_USER_CREATE=username:USERNAME,admin:true
Set your cron interval
By default, Drone will execute cron tasks once per hour, which isn’t nearly often enough for some use cases. Set this environment variable on the Drone container to perform runs every 5 minutes:
DRONE_CRON_INTERVAL=5m
Use the CLI tool
Yes, Drone has a CLI tool available that can do even more than the web UI can! Particularly, the CLI allows for creation of more sophisticated cron expressions.
Next time…
We will discuss several tips and tricks on how to build, configure, and monitor Drone CI pipelines!
I’m passionate about enabling software engineering teams to succeed using the right set of tools, process, and culture. Reach out if you’re interested in working with me!
(Image produced by OpenAI DALL·E 2 with prompt “a photo of a robot in a lab coat performing a scientific experiment”.)