From ad304506768751de67aabcee3fd5a1274c147962 Mon Sep 17 00:00:00 2001 From: bh0fer Date: Sat, 4 Apr 2026 15:15:59 +0200 Subject: [PATCH 1/2] add drone setup --- .../docs/dokku/drone-ci/drone-runner.mdx | 67 +++++++++++ .../docs/dokku/drone-ci/drone-server.mdx | 110 ++++++++++++++++++ tdev-website/docs/dokku/drone-ci/index.mdx | 54 +++++++++ 3 files changed, 231 insertions(+) create mode 100644 tdev-website/docs/dokku/drone-ci/drone-runner.mdx create mode 100644 tdev-website/docs/dokku/drone-ci/drone-server.mdx create mode 100644 tdev-website/docs/dokku/drone-ci/index.mdx diff --git a/tdev-website/docs/dokku/drone-ci/drone-runner.mdx b/tdev-website/docs/dokku/drone-ci/drone-runner.mdx new file mode 100644 index 000000000..85f85ab72 --- /dev/null +++ b/tdev-website/docs/dokku/drone-ci/drone-runner.mdx @@ -0,0 +1,67 @@ +--- +page_id: 77aa276d-fed2-4ddb-9567-80e58fd4a48c +--- + +# Drone Runner + + +For the runner, follow the same steps as for the server, but make sure you +follow the instructions for the [runners](https://docs.drone.io/runner/docker/installation/linux/). + +```bash {3-7} +docker run --detach \ + --volume=/var/run/docker.sock:/var/run/docker.sock \ + --env=DRONE_RPC_PROTO=https \ + --env=DRONE_RPC_HOST=drone.company.com \ + --env=DRONE_RPC_SECRET=super-duper-secret \ + --env=DRONE_RUNNER_CAPACITY=2 \ + --env=DRONE_RUNNER_NAME=my-first-runner \ + --publish=3000:3000 \ + --restart=always \ + --name=runner \ + drone/drone-runner-docker:1 +``` + +The instructions state that + +- the runner requires the file `/var/run/docker.sock` to be mounted +- it listens on port `3000` + +## Preparing dokku and the image + +```bash +dokku apps:create drone-runner + +# env variables +dokku config:set drone-runner DRONE_RPC_SECRET=$(dokku config:get drone-server DRONE_RPC_SECRET) +dokku config:set drone-runner DRONE_RPC_PROTO=https +dokku config:set drone-runner DRONE_RPC_HOST=drone.lebalz.ch +dokku config:set drone-runner DRONE_RUNNER_CAPACITY=2 +dokku config:set drone-runner DRONE_RUNNER_NAME=bolt + +# mount the docker socket +dokku storage:mount drone-runner /var/run/docker.sock:/var/run/docker.sock + +# change port mapping and set domain +dokku proxy:ports-add drone-runner http:3000:3000 + +# deploy +dokku git:from-image drone-runner drone/drone-runner-docker:latest +``` + +## Update + +If you deployed `:latest`, then you would need to run + +```bash +docker pull drone/drone-runner-docker:latest +dokku ps:rebuild drone-runner +``` + +To update to a specific version (e.g. `1.8.0`) lookup the tags on [https://hub.docker.com/r/drone/drone-runner-docker/tags](https://hub.docker.com/r/drone/drone-runner-docker/tags) and run on your dokku server: + +```bash +dokku git:from-image drone-runner drone/drone-runner-docker:1.8.0 +``` + +The application will be rebuilt automatically. diff --git a/tdev-website/docs/dokku/drone-ci/drone-server.mdx b/tdev-website/docs/dokku/drone-ci/drone-server.mdx new file mode 100644 index 000000000..3a43c2b27 --- /dev/null +++ b/tdev-website/docs/dokku/drone-ci/drone-server.mdx @@ -0,0 +1,110 @@ +--- +page_id: 912ac919-b418-4b2a-bf6e-6ae875311ed9 +--- + +import { DynamicInput, TemplateCode } from '@tdev-components/DynamicValues'; + +# Drone Server + +Drone Server auf Dokku deployen. + +Referenz +: [docs.drone.io](https://docs.drone.io/server/provider/github/) +Dockerhub +: [hub.docker.com/r/drone/drone](https://hub.docker.com/r/drone/drone) + + + + + + + + + + +## Dokku vorbereiten und deployen + + + ```bash title="root@dokku" + # App erstellen + dokku apps:create {{APP}} + + # Domain und Port setzen + dokku domains:set {{APP}} {{DOMAIN}} + dokku ports:add {{APP}} http:80:80 + + # Persistentes Verzeichnis fuer die SQLite-Datenbank mounten + mkdir -p /var/lib/dokku/data/storage/{{APP}} + chown -R 1000:1000 /var/lib/dokku/data/storage/{{APP}} + dokku storage:mount {{APP}} /var/lib/dokku/data/storage/{{APP}}:/data + + # GitHub OAuth und Drone-Konfiguration + dokku config:set --no-restart {{APP}} DRONE_GITHUB_CLIENT_ID="{{DRONE_GITHUB_CLIENT_ID}}" + dokku config:set --no-restart {{APP}} DRONE_GITHUB_CLIENT_SECRET="{{DRONE_GITHUB_CLIENT_SECRET}}" + dokku config:set --no-restart {{APP}} DRONE_RPC_SECRET=$(openssl rand -hex 32) + dokku config:set --no-restart {{APP}} DRONE_SERVER_HOST="{{DOMAIN}}" + dokku config:set --no-restart {{APP}} DRONE_SERVER_PROTO="http" + + # Nur bekannte Benutzer zulassen + dokku config:set --no-restart {{APP}} DRONE_USER_FILTER="{{DRONE_USER_FILTER}}" + + # Admin-Benutzer definieren + dokku config:set --no-restart {{APP}} DRONE_USER_CREATE="{{DRONE_USER_CREATE}}" + + # Optional: E-Mail fuer Let's Encrypt setzen + dokku config:set --no-restart {{APP}} DOKKU_LETSENCRYPT_EMAIL="{{DOKKU_LETSENCRYPT_EMAIL}}" + + # Image deployen + dokku git:from-image {{APP}} {{DRONE_IMAGE}} + + # Optional: SSL aktivieren + dokku letsencrypt:enable {{APP}} + ``` + + +:::info[DRONE_RPC_SECRET] +Der Wert ist ein gemeinsames Secret zwischen Drone Server und Runnern. Server und Runner muessen exakt denselben Wert verwenden. + +Ein sicheres Secret kann so generiert werden: + + + ```bash title="root@dokku" + openssl rand -hex 32 + ``` + +::: + +:::warning[DRONE_SERVER_PROTO auf http lassen] +Bei Dokku wird TLS von Nginx terminiert. Intern wird die Anfrage per HTTP an den Container weitergeleitet. + +Wenn hier `https` gesetzt wird, kann es zu Redirect-Loops kommen. +::: + +:::warning[DRONE_USER_FILTER setzen] +Ohne `DRONE_USER_FILTER` kann sich standardmaessig jeder authentifizieren, der ueber den konfigurierten Provider verfuegt. + +Beispiel: + + + ```bash title="root@dokku" + dokku config:set --no-restart {{APP}} DRONE_USER_FILTER="{{DRONE_USER_FILTER}}" + ``` + +::: + +## Update + + + ```bash title="root@dokku" + docker pull {{DRONE_IMAGE}} + dokku ps:rebuild {{APP}} + ``` + + +Falls auf eine spezifische Version aktualisiert werden soll: + + + ```bash title="root@dokku" + dokku git:from-image {{APP}} drone/drone:2.7.3 + ``` + \ No newline at end of file diff --git a/tdev-website/docs/dokku/drone-ci/index.mdx b/tdev-website/docs/dokku/drone-ci/index.mdx new file mode 100644 index 000000000..05b0820ae --- /dev/null +++ b/tdev-website/docs/dokku/drone-ci/index.mdx @@ -0,0 +1,54 @@ +--- +page_id: 7dd02198-e086-4464-b803-71f4f5eb095e +--- + +# Drone CI + + +[Drone CI](https://www.drone.io/) kann einfach mit Github, *Bitbucket, Gitlab* usw. verwendet werden. Diese Beschreibung bezieht sich auf die Integration mit Github. + +Für das Deployment auf Dokku werden zwei Apps benötigt: [drone-server](./drone-server.mdx) und [drone-runner](./drone-runner.mdx). + +Eine `.drone.yml` im Root-Verzeichnis des Repositorys definiert die auszuführenden Schritte. + +Als Beispiel folgt hier das minimale Skript, das diese Seite baut und deployt, ohne Cache. + +```yml title=.drone.yml +--- +kind: pipeline +type: docker +name: default + +steps: + +- name: submodules + image: alpine/git + commands: + - git submodule update --init --recursive + +- name: website + image: node:16.11.1 + commands: + - mkdir -p $HOME/.ssh + - ssh-keyscan -t rsa github.com >> $HOME/.ssh/known_hosts + - echo "$GITHUB_PRIVATE_KEY" > "$HOME/.ssh/id_rsa" + - chmod 0600 $HOME/.ssh/id_rsa + - yarn install --frozen-lockfile + - npm run deploy + environment: + USE_SSH: true + GIT_USER: $DRONE_COMMIT_AUTHOR + GITHUB_PRIVATE_KEY: + from_secret: "git_deploy_private_key" + when: + event: + include: + - push + - pull_request + +trigger: + branch: + - main +``` + +Das Setup erwartet eine Umgebungsvariable mit dem Namen `git_deploy_private_key`, die den privaten Schlüssel enthält. Der zugehörige öffentliche Schlüssel muss beispielsweise in Github als Deploy Key hinterlegt sein. \ No newline at end of file From 2e03d51a6bbb463d854c1e7b17d75291078052be Mon Sep 17 00:00:00 2001 From: bh0fer Date: Sat, 4 Apr 2026 16:24:32 +0200 Subject: [PATCH 2/2] update drone manual --- .../docs/dokku/drone-ci/drone-runner.mdx | 85 ++++++++----------- .../docs/dokku/drone-ci/drone-server.mdx | 8 +- 2 files changed, 39 insertions(+), 54 deletions(-) diff --git a/tdev-website/docs/dokku/drone-ci/drone-runner.mdx b/tdev-website/docs/dokku/drone-ci/drone-runner.mdx index 85f85ab72..46108d420 100644 --- a/tdev-website/docs/dokku/drone-ci/drone-runner.mdx +++ b/tdev-website/docs/dokku/drone-ci/drone-runner.mdx @@ -2,66 +2,51 @@ page_id: 77aa276d-fed2-4ddb-9567-80e58fd4a48c --- -# Drone Runner - - -For the runner, follow the same steps as for the server, but make sure you -follow the instructions for the [runners](https://docs.drone.io/runner/docker/installation/linux/). - -```bash {3-7} -docker run --detach \ - --volume=/var/run/docker.sock:/var/run/docker.sock \ - --env=DRONE_RPC_PROTO=https \ - --env=DRONE_RPC_HOST=drone.company.com \ - --env=DRONE_RPC_SECRET=super-duper-secret \ - --env=DRONE_RUNNER_CAPACITY=2 \ - --env=DRONE_RUNNER_NAME=my-first-runner \ - --publish=3000:3000 \ - --restart=always \ - --name=runner \ - drone/drone-runner-docker:1 -``` +import { Val, TemplateCode, DynamicInput } from '@tdev-components/DynamicValues'; -The instructions state that +# Drone Runner -- the runner requires the file `/var/run/docker.sock` to be mounted -- it listens on port `3000` +[Drone Docker Runner](https://docs.drone.io/runner/docker/installation/linux/) auf Dokku deployen. -## Preparing dokku and the image + + + + + + -```bash -dokku apps:create drone-runner + + ```bash title="root@dokku" + dokku apps:create {{APP}} -# env variables -dokku config:set drone-runner DRONE_RPC_SECRET=$(dokku config:get drone-server DRONE_RPC_SECRET) -dokku config:set drone-runner DRONE_RPC_PROTO=https -dokku config:set drone-runner DRONE_RPC_HOST=drone.lebalz.ch -dokku config:set drone-runner DRONE_RUNNER_CAPACITY=2 -dokku config:set drone-runner DRONE_RUNNER_NAME=bolt + # Umgebungsvariablen für die Verbindung zum Drone Server + dokku config:set --no-restart {{APP}} DRONE_RPC_SECRET="$(dokku config:get {{DRONE_SERVER_APP}} DRONE_RPC_SECRET)" + dokku config:set --no-restart {{APP}} DRONE_RPC_PROTO="{{DRONE_RPC_PROTO}}" + dokku config:set --no-restart {{APP}} DRONE_RPC_HOST="{{DRONE_RPC_HOST}}" + dokku config:set --no-restart {{APP}} DRONE_RUNNER_CAPACITY="{{DRONE_RUNNER_CAPACITY}}" + dokku config:set --no-restart {{APP}} DRONE_RUNNER_NAME="{{DRONE_RUNNER_NAME}}" -# mount the docker socket -dokku storage:mount drone-runner /var/run/docker.sock:/var/run/docker.sock + # Docker Socket mounten, damit Builds/Container gestartet werden können + dokku storage:mount {{APP}} /var/run/docker.sock:/var/run/docker.sock -# change port mapping and set domain -dokku proxy:ports-add drone-runner http:3000:3000 + # Port-Mapping (Runner lauscht auf 3000) + dokku ports:set {{APP}} http:3000:3000 -# deploy -dokku git:from-image drone-runner drone/drone-runner-docker:latest -``` + # Deploy + dokku git:from-image {{APP}} drone/drone-runner-docker:latest + ``` + ## Update -If you deployed `:latest`, then you would need to run - -```bash -docker pull drone/drone-runner-docker:latest -dokku ps:rebuild drone-runner -``` - -To update to a specific version (e.g. `1.8.0`) lookup the tags on [https://hub.docker.com/r/drone/drone-runner-docker/tags](https://hub.docker.com/r/drone/drone-runner-docker/tags) and run on your dokku server: + + -```bash -dokku git:from-image drone-runner drone/drone-runner-docker:1.8.0 -``` + + ```bash title="root@dokku" + docker pull drone/drone-runner-docker:{{IMAGE_TAG}} + dokku git:from-image {{APP}} drone/drone-runner-docker:{{IMAGE_TAG}} + ``` + -The application will be rebuilt automatically. +Verfügbare Tags: [drone/drone-runner-docker/tags](https://hub.docker.com/r/drone/drone-runner-docker/tags) diff --git a/tdev-website/docs/dokku/drone-ci/drone-server.mdx b/tdev-website/docs/dokku/drone-ci/drone-server.mdx index 3a43c2b27..052dc705d 100644 --- a/tdev-website/docs/dokku/drone-ci/drone-server.mdx +++ b/tdev-website/docs/dokku/drone-ci/drone-server.mdx @@ -33,7 +33,7 @@ Dockerhub dokku domains:set {{APP}} {{DOMAIN}} dokku ports:add {{APP}} http:80:80 - # Persistentes Verzeichnis fuer die SQLite-Datenbank mounten + # Persistentes Verzeichnis für die SQLite-Datenbank mounten mkdir -p /var/lib/dokku/data/storage/{{APP}} chown -R 1000:1000 /var/lib/dokku/data/storage/{{APP}} dokku storage:mount {{APP}} /var/lib/dokku/data/storage/{{APP}}:/data @@ -51,7 +51,7 @@ Dockerhub # Admin-Benutzer definieren dokku config:set --no-restart {{APP}} DRONE_USER_CREATE="{{DRONE_USER_CREATE}}" - # Optional: E-Mail fuer Let's Encrypt setzen + # Optional: E-Mail für Let's Encrypt setzen dokku config:set --no-restart {{APP}} DOKKU_LETSENCRYPT_EMAIL="{{DOKKU_LETSENCRYPT_EMAIL}}" # Image deployen @@ -63,7 +63,7 @@ Dockerhub :::info[DRONE_RPC_SECRET] -Der Wert ist ein gemeinsames Secret zwischen Drone Server und Runnern. Server und Runner muessen exakt denselben Wert verwenden. +Der Wert ist ein gemeinsames Secret zwischen Drone Server und Runnern. Server und Runner müssen exakt denselben Wert verwenden. Ein sicheres Secret kann so generiert werden: @@ -81,7 +81,7 @@ Wenn hier `https` gesetzt wird, kann es zu Redirect-Loops kommen. ::: :::warning[DRONE_USER_FILTER setzen] -Ohne `DRONE_USER_FILTER` kann sich standardmaessig jeder authentifizieren, der ueber den konfigurierten Provider verfuegt. +Ohne `DRONE_USER_FILTER` kann sich standardmässig jeder authentifizieren, der über den konfigurierten Provider verfügt. Beispiel: