-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy to docker #114
Comments
one thing you may want to consider, is that the environment and dependencies needed to build/test an application are different than those needed to run it in production. i'm with you that automatically uploading docker images after a build succeeds is a good goal, but have you thought about the details needed to support shipping a different image? i'm also working towards this goal, with the assumption that the deployable image can be promoted from staging to production without being re-created for config changes. |
@crosbymichael thanks for the feedback. This is a use case I definitely want to handle:
Could we achieve this today with our existing design? Could we build and test the Docker container inside a build environment that is a running Docker container? Here are use cases I'd like to consider as part of our design:
We would also need to scrub private data from containers. For example, your GitHub private ssh key is injected into the container in order to clone private repositories. You probably don't want this key getting shipped around inside a production image. This also impacts things like database integration. Drone currently links your build container to service containers (mysql, redis, rabbitmq, etc) and provides environment variables with connection details (ie What do you think? I definitely want to hash out a design for this and get this functionality built into Drone as soon as possible |
+1 A few things |
For my use cases, the best way would be to build a new container after the testing has been performed. Testing and production environment are often not the same. For instance when using Go, we only need to ship the binary artifact in a production container and there's no need to have Go development tools installed. I think the build pipeline would look something like this:
For the purposes I see, the ideally thing would be to have a new step in between the testing container and the deployment phase that could build Docker containers and that the deployment/publish step can treat the built container as an artifact. |
I think that allowing any drone docker container to talk to the local host docker api is enough to cover all the use cases.
I don't think there is need to support docker special configuration in the yaml file, because it will only make things more complex. Docker is evolving, which means that the yaml file options will have to be updated all the time. So if drone allows to mount |
This was from a private email exchange that I wanted to make sure was documented. I'm not in a huge rush to implement this feature, but I would like something in place in time for DockerCon when (presumably) Docker hosting solutions might be announced. I'll probably start working on this in a month or two. Option 1Link the host Docker installation (tcp://127.0.0.1:4243) inside the build container, exposing the Docker daemon and allowing Docker commands as part of the build script. Pros:
Cons:
Option 2Currently the
In the above example, we could snapshot an image after the Pros:
Cons:
|
I think that option 2 is a bad approach. Regard option 1, how do you plan to expose docker remote api from the host?
|
Option 2 would allow you to push the exact same image that you ran your tests in. For some people this is very important. Option 1 has security issues as I mentioned above. Neither option is perfect.
Either by bind mounting Either way, this poses a security issue that would need to be addressed because all builds would be accessing the host machines Docker installation, via either tcp or mounted socket.
I don't think I discussed the exact implementation in my prior comments. It could be part of the Dockerfile (as suggested in issue #43) or maybe the would be executed inside the container. They definitely won't be executed on the host machine. |
May I ask which are the use cases for pushing the exact same container that On Mon, Apr 7, 2014 at 8:34 PM, Brad Rydzewski notifications@github.comwrote:
|
The use case is knowing that your code will run in your Docker image. Consider this scenario:
And then consider the use case for testing inside the same image you are going to publish:
Option # 2 wasn't my idea, by the way, but I can certainly see the appeal |
As far as I understand, drone generates an image before running thr build. On the other hand, by only giving access to the docker remote api, you
|
Yes, that is how Drone works today, however, the proposal for option 2 is to alter the behavior. It would split the The build process would work like this:
There is not a lot of precedent for building and testing Docker containers, so we are going to experiment with multiple options. We will probably end up implementing multiple options in different branches, and will choose whichever option works best. If you have another proposal, other than the two previously mentioned, that you want considered feel free to add to this thread. Short of writing the actual code I'm not sure there is much else to discuss here. I will implement both options and the community can choose which they like best. |
Following the progress of this, is there any update or current work around to get this working? If so could some point point me in the right direction of how I would get this set up / post their .drone.yml file. Thanks |
Once I have a branch to share I'll update the thread, however, I haven't started working on this yet |
@bradrydzewski and @xetorthio, here's a little more about the use-case we have in mind. I'm pretty new to Drone, but keen to get involved if I can help see this feature over the line. Our ideal workflowdrone receives commit-hook.
drone executes testing block
drone executes teardown block
drone executes deploy block
This way you can include enough to run your unit tests inside your production container (which in ruby, we're likely to do anyway), but you can also avoid installing all the dependencies for your acceptance tests, because a separate conatiner can run these against your new container, running in an "acceptance tests" mode of some kind. |
Thanks @dansowter for the detailed feedback.
There is an important constraint. Drone will create a Docker container and clone your repository directly inside that container. |
@bradrydzewski - If the host's docker daemon is exposed, as per "option 1" above, how much of a constraint would this really be? Wouldn't the container booted by drone, into which the git repo is cloned, mostly act an orchestrator? If you look at http://docs.docker.io/reference/api/docker_remote_api_v1.11/ you can POST to the /build endpoint as part of your existing scripts, for example. |
yes, option 1 would do nothing more than expose Docker to the build container, allowing you to script the workflow described above. |
@bradrydzewski - Anything new to share on this? |
This is something that I'd love to see too. TBH, when I first started looking at Drone, I assumed, being based around Docker, that this was default behaviour to push a completed image to a repository. At the moment I just have an additional local email address on Would something like this work:
This would do the following on the Drone host machine
Anything fancy that needs to be done to make the image ready for release can be part of the I don't see any specific benefit to running docker-in-docker to do the image builds, as a fair amount of trust has already been established between Drone<->Code-Repo (the exception being shared/hosted CI servers) I've not written go before, but I'll give it a shot and see what I can come up with (might be out of my depth though). |
@daviddyball there is a pull request that enables pushing to docker. We are planning to merge, once it has been tested a bit more. You can try it out here: |
I should think this issue can be closed now? #361 works a treat - even better when using the host's daemon to build the images which provides caching between builds. |
@davidwindell I've kept this open because our support for building Docker images and publishing to the registry could be much better. The biggest issue is that you have to run your build in privileged mode. The good news is we've devised a solution and Docker and registry support should be seamless. Stay tuned. |
Hey @bradrydzewski , I have a couple of questions related to this issue, it would be great if could you please help me in understanding these:
|
You can run drone on docker using our image https://registry.hub.docker.com/u/outeredge/edge-docker-drone/ if you like. All you need to do then is mount image: outeredge/edge-docker-drone-base
docker:
net: host
script:
- git-timestamp composer.json
- git-timestamp composer.lock
publish:
docker:
docker_host: tcp://127.0.0.1:2377
registry_login_url: $REGISTRY_URL
registry_login: true
keep_build: true
username: $REGISTRY_USER
password: $REGISTRY_PASS
image_name: $REGISTRY_URL/$IMAGE_NAME
tags: [$DRONE_BRANCH, $(git rev-parse --short HEAD)]
force_tags: true |
One thing that's missing in this workflow is the ability to "test" the build image before pushing it to the registry. |
Just merged the 0.4 branch into master (first major Drone release in a year, and more to follow). This release includes a pretty awesome container-based plugin model. We have an offiicial Docker plugin (see http://addons.drone.io/docker/) that will build and push your image to a public registry. Enjoy! |
So I'm creating an issue so that we can see if this is a good idea. I have already starting working on this but want to make sure the config looks right.
So what I want out of a docker based CI system:
docker build
, produce imageThis is what I'm thinking for the config.
A few problems that I see with drone is that it removes the images and containers after the build and that depoloyment scripts are just bash scripts that execute stuff and dont have information about the container and image in the build. I would also like to consume the docker api via the client (in go) and not shell out on the cli.
The text was updated successfully, but these errors were encountered: