Drone 轻量级 CI/CD 系统搭建
Drone 是一款基于容器的轻量级持续集成与持续部署(CI/CD)平台。相比 Jenkins 等传统 CI 工具,Drone 资源占用极低、配置简洁,非常适合在搬瓦工 VPS 这类资源有限的环境中运行。每个构建步骤都在独立的 Docker 容器中执行,保证了环境隔离和可重复性。
一、环境要求
- 操作系统:Ubuntu 20.04+ 或 Debian 11+。
- Docker:需要先安装 Docker。
- 内存:Drone Server 仅需 256MB,Runner 根据构建任务而定。
- 代码仓库:支持 GitHub、GitLab、Gitea、Bitbucket 等。
二、创建 OAuth 应用
以 GitHub 为例,在 GitHub Settings → Developer settings → OAuth Apps 中创建新应用:
- Application name:Drone CI。
- Homepage URL:
https://drone.yourdomain.com。 - Authorization callback URL:
https://drone.yourdomain.com/login。
记录下 Client ID 和 Client Secret。
三、使用 Docker Compose 部署
创建 docker-compose.yml:
version: '3.8'
services:
drone-server:
image: drone/drone:2
container_name: drone-server
restart: always
ports:
- "3080:80"
- "3443:443"
environment:
- DRONE_GITHUB_CLIENT_ID=your_client_id
- DRONE_GITHUB_CLIENT_SECRET=your_client_secret
- DRONE_RPC_SECRET=your_rpc_secret_here
- DRONE_SERVER_HOST=drone.yourdomain.com
- DRONE_SERVER_PROTO=https
- DRONE_DATABASE_DRIVER=sqlite3
- DRONE_DATABASE_DATASOURCE=/data/database.sqlite
- DRONE_USER_CREATE=username:yourgithubname,admin:true
volumes:
- drone_data:/data
drone-runner:
image: drone/drone-runner-docker:1
container_name: drone-runner
restart: always
depends_on:
- drone-server
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone-server
- DRONE_RPC_SECRET=your_rpc_secret_here
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NAME=bwg-runner
volumes:
- /var/run/docker.sock:/var/run/docker.sock
volumes:
drone_data:生成 RPC Secret:
openssl rand -hex 16将生成的值填入两个服务的 DRONE_RPC_SECRET 环境变量。
3.1 启动服务
docker compose up -d3.2 查看服务状态
docker compose ps
docker compose logs drone-server
docker compose logs drone-runner四、集成 Gitea(自建 Git)
如果你使用 Gitea 作为代码仓库,配置如下:
environment:
- DRONE_GITEA_SERVER=https://gitea.yourdomain.com
- DRONE_GITEA_CLIENT_ID=your_gitea_oauth_id
- DRONE_GITEA_CLIENT_SECRET=your_gitea_oauth_secret
- DRONE_RPC_SECRET=your_rpc_secret
- DRONE_SERVER_HOST=drone.yourdomain.com
- DRONE_SERVER_PROTO=https在 Gitea 的 Site Administration → Applications 中创建 OAuth2 应用,回调地址为 https://drone.yourdomain.com/login。
五、编写 .drone.yml
在项目根目录创建 .drone.yml 定义构建流水线:
5.1 基础构建流水线
kind: pipeline
type: docker
name: default
steps:
- name: install
image: node:18-alpine
commands:
- npm ci
- name: test
image: node:18-alpine
commands:
- npm run test
- name: build
image: node:18-alpine
commands:
- npm run build
- name: deploy
image: appleboy/drone-ssh
settings:
host:
from_secret: deploy_host
username:
from_secret: deploy_user
key:
from_secret: deploy_key
script:
- cd /opt/app
- git pull origin main
- npm ci --production
- pm2 restart all
trigger:
branch:
- main
event:
- push5.2 Docker 镜像构建
kind: pipeline
type: docker
name: docker-build
steps:
- name: build-push
image: plugins/docker
settings:
repo: yourname/myapp
username:
from_secret: docker_username
password:
from_secret: docker_password
tags:
- latest
- ${DRONE_COMMIT_SHA:0:8}
when:
branch:
- main六、管理 Secrets
通过 Drone UI 或 CLI 添加构建密钥:
# 安装 Drone CLI
curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
install -t /usr/local/bin drone
# 配置 CLI
export DRONE_SERVER=https://drone.yourdomain.com
export DRONE_TOKEN=your_personal_token
# 添加 Secret
drone secret add --repository yourname/myapp --name deploy_host --data "192.168.1.10"
drone secret add --repository yourname/myapp --name deploy_key --data @~/.ssh/id_rsa七、多流水线配置
Drone 支持在同一文件中定义多个流水线,用 --- 分隔:
kind: pipeline
type: docker
name: test
steps:
- name: test
image: node:18-alpine
commands:
- npm ci
- npm test
---
kind: pipeline
type: docker
name: deploy
steps:
- name: deploy
image: appleboy/drone-ssh
settings:
host:
from_secret: deploy_host
username: root
key:
from_secret: deploy_key
script:
- cd /opt/app && git pull && npm ci --production
depends_on:
- test
trigger:
branch:
- main八、配置 Nginx 反向代理
server {
listen 80;
server_name drone.yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name drone.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/drone.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/drone.yourdomain.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:3080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
chunked_transfer_encoding off;
}
}九、常见问题
Runner 无法连接 Server
检查 RPC Secret 是否一致,以及两个容器是否在同一 Docker 网络中:
docker compose logs drone-runner | grep -i "error\|connect"构建步骤卡住
检查 Runner 的并发能力和可用资源:
docker statsWebhook 未触发
在代码仓库中检查 Webhook 的投递日志,确认 Drone Server 的地址可以被仓库服务器访问。
总结
Drone 是搬瓦工 VPS 上搭建 CI/CD 的绝佳选择,资源占用低、配置简洁、原生支持容器化构建。搭配 Docker 和 Gitea 可以构建完整的自托管开发平台。选购搬瓦工 VPS 请参考 全部方案,使用优惠码 NODESEEK2026 享受 6.77% 折扣。