drone.io downstream builds to trigger dependencies
Goal
As mentioned in my previous post I have a drone build system up and running with gogs as git repository server. I use it for my jekyl projects but I like to do more with it. Now I have multiple rancher managed docker hosts running and I would like to have the images of my application be built with the drone.io build system. Once running I would like to automatically build all my docker images, I plan to introduce a build dependency to build the application images when the base image gets updated.
Make containers build with drone
If there is a Dockerfile in the repository, making drone build the container is quite simple. In fact it really needs just one step to make it work. The following snippet is the one used to build the piwigo docker image .
Example parts from the Dockerfile to build piwigo:
FROM dockerhub.haefelfinger.net/nginxphp
MAINTAINER Philipp Häfelfinger <philipp@haefelfinger.ch>
LABEL version="2.9.2"
#.... more statements
EXPOSE 80
ENTRYPOINT /entrypoint.shThe used “.drone.yml” build file to build the container.
pipeline:
docker:
image: plugins/docker
repo: dockerhub.haefelfinger.net/piwigo
registry: dockerhub.haefelfinger.net
tags:
- latest
- 2.9.2
secrets: [ docker_username, docker_password ]
when:
event: push
branch: masterThe only thing to do is to enable the repository to build and add the secrets for docker_username and docker_password so the build pipeline is allowed to push the built docker image.
setup the dependencies
I would love to see drone support some kind of subscription model or keeps track what docker images builds on which base image to automatically build up this downstream queue. But this feature is not supported yet. Perhaps there will be such a feature available in future releases. But even without such an automatic feature to support downstream rebuilds, we can do this manually. This works as long as you have a small amount of images but will not be easy to manage in large environments.
To enable downstream build we have to modify the “.drone.yml” of the upstream build a little bit. Here is the example used for building my base nginx php image for my php applications.
pipeline:
docker:
image: plugins/docker
repo: dockerhub.haefelfinger.net/nginxphp
registry: dockerhub.haefelfinger.net
tags:
- latest
secrets: [ docker_username, docker_password ]
when:
event: push
branch: master
trigger:
image: plugins/downstream
server: https://drone.haefelfinger.net
fork: true
repositories:
- dockerapps/piwigo
- dockerapps/postfixadmin
- dockerapps/kanboard
- dockerapps/baikal
- dockerapps/roundcube
secrets: [ downstream_token ]The first step should be clear and easy to read. The interesting part is the code starting at the “trigger:” statement. This adds a new build step called “trigger” to the build pipeline. There is a plugin for drone that is able to trigger builds for downstream repositories. We have to tell it the server address and that the build should be independend from the current (fork). Then we provide a list of repositories that should be rebuilt after finishing the current build job. Finally we have to provide the drone access token as a secret to let this plugin to communicate with drone.
That’s it. Now if you rebuild the image nginxphp, it will rebuild and push all downstream images as well.
Further todos
There are still some tasks to prepare to be fully automated on my docker images.
- Integrate a plugin to redeploy the updated images in the my rancher stacks
- Setup a daily schedule to rebuild the root container on a daily bases
Sidenote: Why not use dockerhub or a similar provider?
This is just because I really want to understand how stuff works. I want to know how such a registry may work and how to integrate all the tools to build up such a system. For a company I think I would buy a plan for a hosted registry at QUAY.IO that also supports building docker images. As an addition I would probably host a caching proxy within my infrastructure to speedup deployment and reduce dependency on quay.io for daily business.