Source to image, aka "s2i", is a Red Hat project originaly created to build images from sources without the need of a Dockerfile, made for Openshit/OKD (see https://www.openshift.com/ and the community version https://www.okd.io/)
Drone is a CI/CD solution that can run on Docker and Kubernetes.
To be able to have the same build solution, you need this plugin.
Before using this plugin, please make sure that you know how is working "source to image".
In your .drone.yml file, you can use metal3d/drone-plugin-s2i
- you can use these paramters:
image
(mandatory) is the "s2i" image that assembles thetarget
imagetarget
(mandatory) is the target image built with s2iimage
push
(boolean, default to false) will push your image after the buildcontext
(string, default to "./") is the context directory inside you repositoryincremental
(boolean, default to false) perform an incremental build if possibleregistry
is the registry you want to login (login not yet supported)insecure
(boolean, default to false) to use theregistry
as "insecure" (http instead of https)username
if set withpassword
, try to authenticateregistry
with that userpassword
is the password used to authenticate usercert
(optional) is the base64 encoded certificate to write in/etc/docker/certs.d/${registry}/ca.crt
whereregistry
is the corresponding parameter. One more time, please use a secret to store the certificate.
Exemple, with docker-registry:5000
as a private registry, and nginx:1.15-s2i image you created to build your own images:
New format (v2 tags):
kind: pipeline
name: default
steps:
- name: s2i-build
image: metal3d/drone-plugin-s2i:v2
pull: always
settings:
registry: docker-registry:5000
insecure: true
builder: docker-registry:5000/metal3d/nginx:1.15-s2i
target: docker-registry:5000/metal3d/httptest
tags:
- latest
- ${DRONE_TAG}
push: true
context: "./src"
increental: false
user:
from_secret: registry-username
password:
from_secret: registry-password
Old format (v1 tags):
kind: pipeline
name: default
steps:
- name: s2i-build
image: metal3d/drone-plugin-s2i:v1
pull: always
settings:
registry: docker-registry:5000
insecure: true
image: docker-registry:5000/metal3d/nginx:1.15-s2i
target: docker-registry:5000/metal3d/httptest
push: true
context: "./src"
increental: false
Note that in kubernetes, "docker-registry" can be the service name of your private registry. For example, if your service docker-registry
resides in the "registry" namespace, you can use docker-registry.registry:5000
.
As we need docker daemon to be launched, you'll need to use "privileged: true
". That means that the repository should be trusted.
To avoid that, you can add the plugin to DRONE_RUNNER_PRIVILEGED_IMAGES
:
DRONE_RUNNER_PRIVILEGED_IMAGES=plugins/docker,plugins/ecr,metal3d/drone-plugin-s2i
That way, you will not need to set privileged mode, and others users will be able to build images with s2i.