drone.io downstream builds to trigger dependencies
As mentioned in my previous post I have a drone build system up and running with gogs as git repository server. I use it for my jekyl projects but I like to do more with it. Now I have multiple rancher managed docker hosts running and I would like to have the images of my application be built with the drone.io build system. Once running I would like to automatically build all my docker images, I plan to introduce a build dependency to build the application images when the base image gets updated.
Make containers build with drone
If there is a Dockerfile in the repository, making drone build the container is quite simple. In fact it really needs just one step to make it work. The following snippet is the one used to build the piwigo docker image .
Example parts from the Dockerfile to build piwigo:
FROM dockerhub.haefelfinger.net/nginxphp MAINTAINER Philipp Häfelfinger <email@example.com> LABEL version="2.9.2" #.... more statements EXPOSE 80 ENTRYPOINT /entrypoint.sh
The used “.drone.yml” build file to build the container.
pipeline: docker: image: plugins/docker repo: dockerhub.haefelfinger.net/piwigo registry: dockerhub.haefelfinger.net tags: - latest - 2.9.2 secrets: [ docker_username, docker_password ] when: event: push branch: master
The only thing to do is to enable the repository to build and add the secrets for docker_username and docker_password so the build pipeline is allowed to push the built docker image.
setup the dependencies
I would love to see drone support some kind of subscription model or keeps track what docker images builds on which base image to automatically build up this downstream queue. But this feature is not supported yet. Perhaps there will be such a feature available in future releases. But even without such an automatic feature to support downstream rebuilds, we can do this manually. This works as long as you have a small amount of images but will not be easy to manage in large environments.
To enable downstream build we have to modify the “.drone.yml” of the upstream build a little bit. Here is the example used for building my base nginx php image for my php applications.
pipeline: docker: image: plugins/docker repo: dockerhub.haefelfinger.net/nginxphp registry: dockerhub.haefelfinger.net tags: - latest secrets: [ docker_username, docker_password ] when: event: push branch: master trigger: image: plugins/downstream server: https://drone.haefelfinger.net fork: true repositories: - dockerapps/piwigo - dockerapps/postfixadmin - dockerapps/kanboard - dockerapps/baikal - dockerapps/roundcube secrets: [ downstream_token ]
The first step should be clear and easy to read. The interesting part is the code starting at the “trigger:” statement. This adds a new build step called “trigger” to the build pipeline. There is a plugin for drone that is able to trigger builds for downstream repositories. We have to tell it the server address and that the build should be independend from the current (fork). Then we provide a list of repositories that should be rebuilt after finishing the current build job. Finally we have to provide the drone access token as a secret to let this plugin to communicate with drone.
That’s it. Now if you rebuild the image nginxphp, it will rebuild and push all downstream images as well.
There are still some tasks to prepare to be fully automated on my docker images.
- Integrate a plugin to redeploy the updated images in the my rancher stacks
- Setup a daily schedule to rebuild the root container on a daily bases
Sidenote: Why not use dockerhub or a similar provider?
This is just because I really want to understand how stuff works. I want to know how such a registry may work and how to integrate all the tools to build up such a system. For a company I think I would buy a plan for a hosted registry at QUAY.IO that also supports building docker images. As an addition I would probably host a caching proxy within my infrastructure to speedup deployment and reduce dependency on quay.io for daily business.