Docker 安装 Gitea + Drone 开源代码仓库及 CI/CD 教程

共计 5959 个字符，预计需要花费 15 分钟才能阅读完成。

前言

早期写过一篇 Gitlab 的代码仓库安装教程, 但是 Gitlab 还是太重, 不太适合个人或者小型团队使用. 于是最近尝试使用了一下 gitea, 并结合drone 来实现 CI/CD 需求.

Gitea 文档

Drone 文档

---

部署

注意: 本文示例是将服务器 22 端口预留给 Gitea 的SSH使用, 如果 22 端口已被其他程序占用, 可以参考 官方文档 配置端口转发.

docker-compose 部署 Gitea

本节仅部署 Gitea 代码仓库和 MariaDB 数据库，如需搭配Drone, 请继续阅读下文.

docker-compose.yml

version: "3"
services:
  server:
    image: gitea/gitea:1.15.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=your_database_passwd
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22"
    depends_on:
      - db

  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=your_root_passwd
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=your_database_passwd
      - MYSQL_DATABASE=gitea
    volumes:
      - ./db:/var/lib/mysql

nginx 反向代理

配置 nginx 反向代理, 本文以 dnmp 环境的配置为例, 请根据实际环境来修改相关路径配置.

upstream gitea {server 172.17.0.1:3000;}

server {
    listen 80;
    server_name  git.ioiox.com;
    return 301 https://git.ioiox.com$request_uri;
}

server {
    listen 443 ssl;
    server_name  git.ioiox.com;
    gzip on;

    ssl_certificate /ssl/ioiox.com.cer;
    ssl_certificate_key /ssl/ioiox.com.key;
    ssl_trusted_certificate /ssl/ioiox.com.cer;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_redirect off;
        proxy_pass http://gitea;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

docker-compose 部署 Gitea 及 Drone

docker-compose.yml

version: "3"
services:
  server:
    image: gitea/gitea:1.15.7
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=your_database_passwd
    restart: always
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "22:22"
    depends_on:
      - db

  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=your_root_passwd
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=your_database_passwd
      - MYSQL_DATABASE=gitea
    volumes:
      - ./db:/var/lib/mysql

  drone:
    image: drone/drone
    container_name: drone
    ports:
      - "44480:80"
      - "44443:443"
    volumes:
      - ./drone:/data
    environment:
      - DRONE_GITEA_SERVER=https://git.ioiox.com
      - DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
      - DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8
      - DRONE_RPC_SECRET=your_drone_rpc_scret
      - DRONE_SERVER_HOST=drone.ioiox.com
      - DRONE_SERVER_PROTO=https
    restart: always
    depends_on:
      - server

  runner:
    image: drone/drone-runner-docker:1
    container_name: runner
    ports:
      - "43000:3000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=drone.ioiox.com
      - DRONE_RPC_SECRET=your_drone_rpc_scret
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=IOIOX-RUNNER
    restart: always
    depends_on:
      - drone

nginx 反向代理

配置 nginx 反向代理, 本文以 dnmp 环境的配置为例, 请根据实际环境来修改相关路径配置.
Gitea的 git.ioiox.com 反向代理配置 参考上节 .
Drone 的drone.ioiox.com反向代理配置参考如下:

upstream drone {server 172.17.0.1:44480;}

server {
    listen 80;
    server_name  drone.ioiox.com;
    return 301 https://drone.ioiox.com$request_uri;
}

server {
    listen 443 ssl;
    server_name  drone.ioiox.com;
    gzip on;

    ssl_certificate /ssl/ioiox.com.cer;
    ssl_certificate_key /ssl/ioiox.com.key;
    ssl_trusted_certificate /ssl/ioiox.com.cer;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve secp384r1;
    ssl_session_timeout  10m;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_session_tickets off;
    resolver 8.8.8.8 8.8.4.4 valid=60s ipv6=off;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_redirect off;
        proxy_pass http://drone;

        proxy_set_header  Host                $http_host;
        proxy_set_header  X-Real-IP           $remote_addr;
        proxy_set_header  X-Forwarded-Ssl     on;
        proxy_set_header  X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto   $scheme;
        proxy_set_header  X-Frame-Options     SAMEORIGIN;

        client_max_body_size        100m;
        client_body_buffer_size     128k;

        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
    }
}

安装配置

Gitea 配置

访问域名 https://git.ioiox.com 开始配置 Gitea.
首次访问首页会自动填充数据库密码, 参考下图继续配置:

SSH 服务域名 参考下图仅填写域名, 注意 不要 填写 https 协议.
SSH 服务端口 填写22 端口, 由于本文示例是将 22 端口给 Gitea 使用, 所以此处无需修改.
HTTP 服务端口 默认3000, 根据上文docker-compose.yml 配置, 无需修改, 由 nginx 反向代理即可.
基础 URL 填写完整的 https://git.ioiox.com 域名.

配置电子邮件设置, 此处需要注意的是 SMTP 主机名 需要指定端口, 同时创建管理员账号.

点击 立即安装 即可完成初始化配置并登陆.

Drone 配置

创建仓库

设置 – 应用 – 创建新的 OAuth2 应用程序
应用名称 – 随意命名
重定向 URI – 按照下图填写域名地址

创建应用获取 客户端 D 和 客户端密钥
此时需要 docker-compose down 停止容器, 并修改 docker-compose.yml 中的:

• DRONE_GITEA_CLIENT_ID=ecb4b239-3c2d-4f23-b914-8e947843eb17
• DRONE_GITEA_CLIENT_SECRET=CqOwAaAhvZRKV3PdI0GLgbrZSSNWF0cgwiNr5PfHpIl8

替换为上文生成的 客户端 D 和 客户端密钥 , 再次执行docker-compose up -d 启动容器.

访问drone.ioiox.com

登陆过 Gitea 后可以直接开始 应用授权

完善信息

成功登陆并显示了 Gitea 里创建的仓库.

点击进去激活仓库

回到 Gitea 仓库, 创建一个测试工作流, 并提交代码.

Drone监测到代码提交开始进行工作流.

测试完毕

其他相关配置

管理后台 – 应用配置
检查邮件服务是否成功, 如配置有误, 可以在 gitea/gitea/conf/app.ini 修改[mailer]

设置 – SSH / GPG 密钥
将本地的 id_rsa.pub 添加到密钥中, 即可使用 git clone git@git.ioiox.com:stille/test.git 来管理代码仓库.

---