article/gitea+drone_cicd部署.md

# gitea+drone_cicd部署记录



## 基础环境

1. centos 7.6 bit64 *3
2. mysql 8.0
3. gitea 1.16.8
4. Nginx nginx-1.20.0

## 服务器划分

- 一台 2H4G8M80G硬盘的腾讯云(248-3) 安装 mysql+gitea+nginx(代理gitea)
- 一台 2H4G8M60G硬盘的腾讯云(248-2) 安装docker+drone+drone runner 
- 一台 2H4G8M60G硬盘的腾讯云(248-1) 安装 mysql+java+ nginx(服务发布)  



## 安装mysql

#### 下载mysql 源

打开地址

https://dev.mysql.com/downloads/repo/yum/

找到 **Red Hat Enterprise Linux 7 / Oracle Linux 7 （Architecture Independent）， RPM Package**

点击进去 找到 mysql 8.0 的源

在ssh 中下载  

```
wget  https://repo.mysql.com//mysql80-community-release-el7-6.noarch.rpm
```

查找 并卸载 自带的mysql 

```
rpm -qa|grep mysql
find / -name mysql

rpm -e --nodeps mysql-libs-5.1.*

```

#### 安装mysql

```

//安装 mysql 源
yum localinstall mysql80-community-release-el7-3.noarch.rpm


//安装密钥
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

//安装mysql 8.0
yum install mysql-community-server


//启动 mysql
service mysqld start

```

#### 修改mysql 密码

```arcade
//查询密码
grep 'temporary password' /var/log/mysqld.log

//登录mysql
mysql -uroot -p 

//修改密码
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass4!';

//刷新权限
flush privileges;


//创建用户名
create user '你的用户名'@'%' identified with mysql_native_password by '你的密码';
create user 'gitea'@'%' identified with mysql_native_password by 'gitea147258;D';
//设置权限
grant all on *.* to '你的用户名'@'%';
grant all on *.* to 'gitea'@'%';
//刷新权限
flush privileges;

```

## 安装gitea



### 安装git

```
yum -y install git
```

### 安装gitea

```
创建一个目录用于存放gitea和git数据的目录
mkdir /opt/git

// 创建用户组
groupadd git
//创建用户
useradd git -g git 

//进入创建的目录 
cd /opt/git

//下载github 最新版 (https://github.com/go-gitea/gitea)
wget -O gitea  https://github.com/go-gitea/gitea/releases/download/v1.16.8/gitea-1.16.8-linux-amd64

// 设置成可运行文件
chmod +x gitea


//切换至 git 用户
su git

测试运行  能访问后 退出 切换到 root  
./gitea web

//将刚刚创建的目录授权给 git 用户，组。
chown -R git:git /opt/git


//设置进程守护
vim /etc/systemd/system/gitea.service

[Unit]
Description=Gitea
After=syslog.target
After=network.target

[Service]
RestartSec=2s
Type=simple
User=git
Group=git
ExecStart=/opt/git/gitea web --config /opt/git/custom/conf/app.ini
Restart=always

[Install]
WantedBy=multi-user.target



//运行
systemctl start gitea
// 查看是否成功运行
ps -aux | grep gitea
```

### 安装Nginx

#### 下载nginx 

```bash
//切换目录 (看个人习惯)
cd /opt/nginx
wget http://nginx.org/download/nginx-1.20.0.tar.gz

```

#### 安装依赖

```
# 安装gcc、gcc-c++
yum -y install gcc
yum -y install gcc-c++

# 安装pcre 、zilb
yum -y install pcre*
yum -y install zlib*

# 安装openssl(若需要支持 https 协议)
yum -y install openssl
yum -y install openssl-devel
```



#### 解压nginx

```
tar -zxvf nginx-1.20.0.tar.gz
```

#### 编译nginx

```
 //进入nginx 目录
 cd nginx-1.20.0
 
 //配置编译参数
 ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre
 
 //编译安装
 make && make install
 
 //指定配置启动 访问ip 看到欢迎信息则成功
 /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
 
 
 
```

#### 进程守护

```
# 新建文件
vim /lib/systemd/system/nginx.service

# 添加内容
[Unit]
Description=nginx.server
After=network.target

[Service]
Type=forking
PIDFILE=/var/run/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecRepload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
```



#### 开机自启

```
# 启动nginx服务
systemctl start nginx.service

# 停止nginx服务
systemctl stop nginx.service

# 重启nginx服务
systemctl restart nginx.service

# 查看nginx服务当前状态
systemctl status nginx.service

# 设置nginx服务开机自启动
systemctl enable nginx.service

# 停止nginx服务开机自启动
systemctl disable nginx.service
```



#### 常用命令

```
# 进入目录
cd /usr/local/nginx/sbin

# 验证配置是否正确
./nginx -t
# 如果看到如下内容, 那么配置正确, 可以重启Nginx
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

# 重启Nginx, 之后就可以通过域名访问了, 哈哈
./nginx -s reload
```



#### 配置反向代理

目录 ssl证书自行替换

```
server
{
    listen 80;
	listen 443 ssl http2;
    server_name gitea.dr1997.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/gitea_dr1997_com;

    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    /www/ssl/gitea_dr1997_com/fullchain.pem;
    ssl_certificate_key    /www/ssl/gitea_dr1997_com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    #SSL-END

    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    #ERROR-PAGE-END

	#引用反向代理规则，注释后配置的反向代理将无效

	location / {
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass    http://127.0.0.1:3000;
	}
	location ~ .*\.(js|css|png)$ {
		proxy_pass  http://127.0.0.1:3000;
	}
	#PROXY-END/
	
    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }


    access_log  /www/wwwlogs/gitea.dr1997.com.log;
    error_log  /www/wwwlogs/gitea.dr1997.com.error.log;
}
```

## 安装 Drone

### 安装 drone server

### 安装 drone runner

### 流水线配置

```
workspace:
  base: /srv/drone-demo
  path: .

pipeline:
  build:
     image: golang:alpine
     # pull: true
     environment:
       - KEY=VALUE
     secrets: [key1, key2]
     commands:
       - echo $$KEY
       - pwd
       - ls
       - go version  
       - GO111MODULE=off CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app ./
       - ls
       - ./app

```

全程容器化



```

docker run \
  --volume=/var/lib/drone:/data \
  --env=DRONE_GITEA_SERVER=https://git.dr1997.com \
  --env=DRONE_GITEA_CLIENT_ID=74e78545-efa3-4c69-b9a3-226579f65ead \
  --env=DRONE_GITEA_CLIENT_SECRET=BeSfuXea0EFwNCNNE3dLA4aDbZUyAeFEmpjpibZx1Ysq \
  --env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \
  --env=DRONE_SERVER_HOST=drone.dr1997.com \
  --env=DRONE_SERVER_PROTO=https \
  --env=DRONE_TLS_AUTOCERT=true \
  --env=DRONE_GIT_ALWAYS_AUTH=true \
  --publish=80:80 \
  --publish=443:443 \
  --restart=always \
  --detach=true \
  --name=drone \
  drone/drone:2
  
  
  
  
  docker pull drone/drone-runner-docker:1
  
  
  
  docker run --detach \
  --volume=/var/run/docker.sock:/var/run/docker.sock \
  --env=DRONE_RPC_PROTO=https \
  --env=DRONE_RPC_HOST=drone.dr1997.com \
  --env=DRONE_RPC_SECRET=ad12a3284ecc37e2bcb03d40a88854e2 \
  --env=DRONE_RUNNER_CAPACITY=2 \
  --env=DRONE_RUNNER_NAME=my-first-runner \
  --publish=3000:3000 \
  --restart=always \
  --name=runner \
  drone/drone-runner-docker:1
```