Is it possible to have a Gitea repo with only one file, .drone.yml, that clones a public Github repo and then builds the docker image? If I mirror the public Github repo to Gitea so all the files are there, the docker image builds fine.
I can’t figure out how to clone the public Github repo during the build process to get the latest code and build the docker image.
Ultimately want a pipeline that builds a new docker image with the latest security updates and pulls in any new changes from Github. The maintainer of the Github repo does not update the docker container very frequently.
Right now I am mirroring the public Github repo to Gitea. I then fork it another Gitea repo so I can do a new pull request when I am notified by RSS that the Github repo is updated. It rebuilds every day so it is up to date from a security perspective. Trying to eliminate the manual step of the pull request and get it fully automated.
I tried the below based on the docs and other posts I have seen, but does not seem to work.
@jimsheldon Thank you. That is one of the variations I tried, but with docker/git instead of alpine/git. That got me a little father.
When it kicks off the build I get the following in the drone UI:
I see the following in the logs even though I have the DRONE_GITEA_CLIENT_ID, DRONE_GITEA_CLIENT_SECRET, and DRONE_RPC_SECRET set as environment variables for the drone container.
{"level":"debug","msg":"api: authentication required for write access","name":"myapp","namespace":"myrepo","request-id":"26vYHFC3XLWB9nkozCYjGH7PDbo","time":"2022-03-26T09:37:16-05:00"}
Restarting the gitea, drone, and runner containers got me past the auth issue. Removing “git checkout $DRONE_COMMIT”, adding a volume and an explicit location to Dockerfile seems to have gotten me further.
Now I get the following:
Unable to reach Docker Daemon after 15 attempts.
Registry credentials or Docker config not provided. Guest mode enabled.
+ /usr/local/bin/docker version
Client:
Version: 20.10.9
API version: 1.41
Go version: go1.16.8
Git commit: c2ea9bc
Built: Mon Oct 4 16:03:22 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
exit status 1
/var/run/docker.sock:/var/run/docker.sock is mounted to the runner container and docker builds work other gitea repos where the files are already present in the repo. My local docker registry does not have any auth on it and I have insecure set to true.
@samcro1967 this error is unrelated to mounting the docker socket into the runner. The docker plugin in your yaml runs in its own separate container, which uses docker in docker, which means it starts its own docker daemon inside the container. The reason you are having issues with the Docker plugin is described at https://docs.drone.io/plugins/popular/docker/#using-volumes
Had to change the volume from /cache to /drone/src/. plugins/docker would not see a volume unless it was in that path. I am sure this in the documentation somewhere I either missed or did not pay attention to closely enough as /cache worked for alpine/git. I also had to make the repo trusted in Drone after making the user an admin, add /drone/src as destination path to the git clone command, and elevate the job to privileged. Lastly, I had to specify the path and name Dockerfile as it is named dockerfile on the public GitHub repo.
@samcro1967 the /drone/src directory is the pipeline workspace volume and is automatically mounted into every pipeline step by default, which means it is redundant to include in your yaml.
Drone automatically creates a temporary volume, known as your workspace, where it clones your repository. The workspace is the current working directory for each step in your pipeline.
Because the workspace is a volume, filesystem changes are persisted between pipeline steps. In other words, individual steps can communicate and share state using the filesystem.
