Hi,
I’m playing around Drone and trying out the different ways I’ve seen used to build Docker images. When I use a service, I end up having trouble setting the DOCKER_TLS_CERTDIR variable to an empty string. Here’s the .drone.yml I’m using:
kind: 'pipeline'
name: 'default'
type: 'docker'
steps:
- name: 'wait-for-sigint'
image: 'ryanjaeb/gowait'
commands:
- '/usr/local/bin/gowait'
- name: 'build-image'
image: 'docker:stable'
environment:
DOCKER_HOST: 'dind'
commands:
- 'sleep 5'
- 'docker build -t ryanjaeb/hello-drone-ci .'
- name: 'list-images'
image: 'docker:stable'
environment:
DOCKER_HOST: 'dind'
commands:
- 'docker image ls'
services:
- name: 'dind'
image: 'docker:stable-dind'
privileged: true
environment:
DOCKER_TLS_CERTDIR: '' # disable TLS
The wait-for-sigint step will block until you exec into the container and kill -SIGINT the PID of the gowait process. I use it so I can exec into the container and look around at how things work.
When I run drone exec --trusted locally on my Windows 10 workstation, the docker:stable-dind container ends up with DOCKER_TLS_CERTDIR=.
When the same thing runs on my build server, which uses CentOS 7 as a host and drone/drone-runner-docker:1 as the Drone server, the docker:stable-dind container ends up with DOCKER_TLS_CERTDIR=/certs.
When I change the value of DOCKER_TLS_CERTDIR to /test then the docker:stable-dind container on my build server ends up with DOCKER_TLS_CERTDIR=/test.
Is the behavior intended to be different between platforms? I’ll look into setting up certificates properly, but figured I’d ask just in case I should be setting that variable a different way.