Is that possible to expose ports from a container to host machine? For example, I would use selenium/standalone-chrome-debug image and during the build, I would connect VNC exposed port for debugging purpose.
1 Like
Can anyone make any suggestions, how I can do that?
I have this issue as well, really need a syslog server as a service, but I need it to publish the ports so that other test infra can access it on the network during the build. Not a great solution, but I am planning on SSHing back into the worker from inside the container and dropping the service on the worker that way. But obviously if drone would read the ports directive in the compose yml, and publish the ports that would be far superior.
1 Like
The two challenges with opening up ports on the host machine are security and concurrency. Your agent may fail to process two builds that both try and open the same port.
The other issues (and this is more behavioral) is that many novice drone users think that they need to expose ports for service containers. We see a lot of examples where people do this:
pipeline:
build:
image: redis
commands:
- redis-cli -h redis ping
- redis-cli -h redis set FOO bar
- redis-cli -h redis get FOO
services:
redis:
image: redis
+ ports: [ 6380 ]
A novice user assumes they need to open up port 6380 so that the build step can access the service container, which is not the case since they share the same bridge network. As a result, the user could be unwittingly exposing host machine ports – and then complain drone is broken when they cannot run two builds at a time because docker errors opening the port – lucky me 
These are things I’ve been considering when it comes to host machine ports …
yea, good points. I suppose a solution could be to not use the standard ports option and make some custom super obvious option name so that you get less naive complaints?
services:
myservice:
image: blah
dangerous-public-mapped-port: [8080]
1 Like
For this use case wouldn’t you be able to setup selenium/standalone-chrome-debug outside the drone services context and just more like drone it self on the host?
1 Like
Thanks everyone for thoughts and suggestions. If I do a PR with a functionality of exposing ports, would it be accept @bradrydzewski?
+1 for this feature, my use case:
We run UI tests for our site on Drone. Debugging test failures would be significantly easier if we could point a browser at the site in the test run container.
@uponthesun exposing ports is not necessarily required for browser testing. You can, for example, use a selenium service container for firefox and chrome testing:
kind: pipeline
name: default
steps:
- name: build
image: node
commands:
- npm install
- npm run bundle
- name: start
detach: true
commands:
- npm start
- name: test
commands:
- npm test
services:
- name: selenium
image: selenium/standalone-chrome
We have some example projects that demonstrate the capability, albeit the examples were written using the 0.8 yaml format.
I’d like to perform LetsEncrypt challenges in the drone runner and for that I need a port exposed. Is this possible yet? I’m happy if it’s just a configuration environment variable.
There’s of course a concurrency issue with statically exposed port numbers, but I guess it may be possible to check if port binding fails in the running code, if those binds fail if the host port is in use.