DRONE.IO CICD

[Jean-Baptiste-Lasselle]

• Create the github application for the pegasus-io github organization : with cloud.drone.io , the autoregister at login, creates the github application that will be used.
• All you need to do, is to grant the application (as you create it), the required github permissions on the github organization that contains the git repo :

• After that, in your drone.io dashboard, in the github repositories list, I activate the drone pipeline, and get to its configuration page :

• first settings are to set the drone-ci yaml file name, and a few other settings related to github webhooks and how they trigger the pipeline :

• Among those first settings, one is about an interesting drone ci feature :
  • Some files, like a configuration file, can be signed, and its signature checked to be signed by a verified GPG signer
  • if the signature is verified, then the pipeline execution can happen. If GPG signature verification fails, pipeline execution is cancelled.
  • signature's signingKey has to be configured in drone as well, and this is done using the .drone.yml file :

---
kind: pipeline
type: docker
name: default

steps:
- name: build
  image: golang
  commands:
  - go build
  - go test

---
kind: signature
hmac: F10E2821BBBEA527EA02200352313BC059445190

...

• the verification can be enabled/disabled using the "protected" labelled checkbox below :

• This can be integrated with git commit signature :
  • the git signingKey signs commits, not files, but we can add a signature's public key in the .drone.yml file , that is expected to be equal to the git commit signer.
  • So that the git signingKey has to be equal to the public key configured in the .drone.yml file, and the public key configured in the .drone.yml file has to verify the commit of the GIT version being run in the pipeline/

• Then you will configure secrets and schedule recurring pipeline execution ("cron job") :

• then you can get the drone.io badge for the project:

[![Build Status](https://cloud.drone.io/api/badges/pegasus-io/this-is-gravitee/status.svg)](https://cloud.drone.io/pegasus-io/this-is-gravitee)

[Jean-Baptiste-Lasselle]

• so my first .drone.yml is :

kind: pipeline
# you could have [type: kubernetes]
type: docker
name: default

steps:
- name: testpipeline1
  image: alpine
  commands:
  - echo 'This'
  - echo 'is'
  - echo 'Gravitee!'
- name: testpipeline2
  image: alpine
  commands:
  - echo "We are in [$(pwd)]"
  - ls -allh
  - echo 'ok!'

• I create a new feature branch with the gitflow, named drone_ci_setup
• I create, add, commit and push the additional .drone.yml file, and the badge in the README.md : for each commit on my branch feature, the drone pipeline will execute the pipeline on the feature branch, on the commit that was just pushed :

• I create a pull request from the feature/drone_ci_setup branch, to the develop branch :
  • this will trigger the Drone Pipeline, and what is interesting here, is that when the triggering event is a pull/merge request, drone will "simulate", the merge into the pipeline, without pushing to original repo :

• and there you go for the pipeline execution mentioned in the github pull request :

• all in all, I had three pipeline execution , 2 for the 2 commits on my feature branch, and one for the pull request (which simulates merge to develop) :

[Jean-Baptiste-Lasselle]

closed by https://github.com/pegasus-io/this-is-gravitee/pull/8