kind: pipeline name: default # 内置变量,通知用 # https://docs.drone.io/pipeline/environment/reference/ # dingtalk 官方文档: https://open.dingtalk.com/document/orgapp/enterprise-internal-robots-send-markdown-messages # type: ssh # 定义流水线类型,还有kubernetes、exec、docker等类型 #server: # host: 127.0.0.1 # user: root # password: # from_secret: passwdlocal # 可以在你的drone web界面设置里进行设置,这儿直接引用 # 用的是树莓派所以架构要用arm64 正常 platform 这项就不用写了 #platform: # os: linux # arch: amd64 # 指定运行 runner,不需要 # node: # name: pi-runner clone: depth: 1 # 定义git克隆的深度,这里只需要完整的克隆项目就行,之前的提交并不需要去克隆 disable: false # CICD 常用插件说明 https://notes.lzwang.ltd/DevOps/CICD/drone_plugin_review/ # 远程与运维¶ # git clone 仓库(默认启用): Drone Plugins - Git # 执行 git push 到指定仓库: Drone Plugins - Git Push # 执行 Ansible Playbook: Drone Plugins - Ansible # SSH登录到远程主机: Drone Plugins - SSH # 制品上传下载与签名¶ # 对制品进行GPG签名: Drone Plugins - GPG Sign # 上传制品到WebDAV服务器上: Drone Plugins - WebDAV # 上传制品到FTP服务器上: Drone Plugins - FTP(S) # 上传制品到SCP服务器上: Drone Plugins - SCP # 下载文件到本地用于此次构建: Drone Plugins - Download # 发布¶ # 推送文件到Codecov进行覆盖率检查: Drone Plugins - Codecov # 发布镜像到Docker Registry: (1) Drone Plugins - Docker (2) Drone Plugins - Drone Buildah # 发布npm包到指定registry: Drone Plugins - NPM # 发布Python包到PyPi: Drone Plugins - PyPI # GitHub相关¶ # 发布静态页面到GitHub: Drone Plugins - GitHub Pages # 发布新的Release到GitHub: Drone Plugins - Github Release # 生成ChangeLog: Drone Plugins - Github-changelog-generator # 发布Comment到GitHub的Pull Request: Drone Plugins - Github Comment # Gitea相关¶ # 发布新的Release到Gitea: Drone Plugins - Gitea Release # 发布Comment到Gitea的Pull Request: Drone Plugins - Gitea Comment # 触发其他构建¶ # 触发一组Drone下游构建: Drone Plugins - Downstream Build # 触发CircleCI构建: Drone Plugins - CircleCI # 触发GitlabCI构建: Drone Plugins - Gitlab-CI # 触发Jenkins构建: Drone Plugins - Jenkins # 消息通知¶ # 发送Webhook消息: Drone Plugins - Webhook # 发送微信消息通知: Drone Plugins - Wechat # 发送企业微信消息通知: Drone Plugins - Wechat for Work # 发送邮件通知: Drone Plugins - Email # 发送丁丁消息通知: Drone Plugins - DingTalk # 发送及时达推送给微信用户通知: Drone Plugins - InstantAccess(即时达) # 发送Telegram消息通知: Drone Plugins - Telegram # 其他¶ # 同步豆瓣标记的数据到csv、json或者Notion数据库: Drone Plugins - Doumark # 相关工具链¶ # Testspace¶ # 云托管测试: Test Management Software - Testspace # 在Drone中配置: CI/CD Support | Testspace # Codecov¶ # 覆盖率检测: Codecov - The Leading Code Coverage Solution # 在Drone中配置: Drone Plugins - Codecov # Badge¶ # 自定义Badge: Shields.io: Quality metadata badges for open source projects # 参考¶ # Drone一直卡在pending状态FAQ: Builds are Stuck in Pending Status - FAQ - Drone # Drone插件市场: Drone Plugins # 插件开发: Overview | Drone ####################################################### ###### steps : https://drone.cool/pipeline/docker/syntax/steps/ ####################################################### # step为执行的步骤,drone的步骤每一步都是使用临时docker的容器来实现的,每一步docker容器执行完会被自动销毁,所以本配置中的第一个用的是docker的ssh镜像,可以用来执行指定容器的命令。settings中配置了ssh要登录的host、username等,由于我们把username的信息放入drone来配置,这样保证了这些敏感字段的安全 #- name: run-python # image: appleboy/drone-ssh # settings: # host: 192.168.1.246 # username: # from_secret: pi_user # password: # from_secret: pi_password # port: 22 # environment: # GOOS: linux # command_timeout: 5m # script: # - echo success # - cd /buildCache # - chmod 777 run.sh # - bash run.sh # 条件 # when: # branch: # - master # when: # status: # - failure # - success # failure: ignore 失败后如何? #failure: "" #failure: "fail" #failure: "fail-fast" #failure: "fast" #failure: "always" # #failure: "ignore" # 单个失败,不影响整个 pipline # # detach: true # 后台异步执行,并且忽略其结果 # # privileged: true 给容器赋予访问主机权限 # # 任意阶段任意命令返回非0,则全部按照失败终止 ####################################################### ###### service : https://drone.cool/pipeline/docker/syntax/services/ ####################################################### ####################################################### ###### plugins : https://plugins.drone.io/ ####################################################### # 比如单侧单独用 redis,这里可以异步起动一个服务,pipline完成后关闭 #steps: #- name: ping # image: redis # commands: # - redis-cli -h cache ping #services: #- name: cache # image: redis ##################################### 编译 ################################## steps: - name: 编译 image: maven:3-jdk-11 pull: if-not-exists volumes: - name: mvnCache path: /root/.m2 commands: - mvn compile -DskipTests=true -Dmaven.javadoc.skip=true -B -V - echo 'STATUS ALL FINISHED!' # - echo 'STATUS mvn package FINISHED!' # - cp xxxxx.jar unionbuildCache # - cp Dockerfile ... # - cp run.sh build/run.sh #- name: build-java-app # image: docker.io/kameshsampath/drone-java-maven-plugin:v1.0.0 # pull: if-not-exists ##################################### quality ################################## # Sonar 代码质量,包含 FindBugs、PMD等 # Fortity 代码安全扫描 收费 # pom 漏洞扫描 # SonarQube https://github.com/mibexsoftware/sonar-bitbucket-plugin # OWASP ZAP # Brakeman # CodeClimate # Coverity # Klocwork # PMD # SonarLint # FindBugs 官网 15年停更 # 代码规范:Alibaba Java Coding Guidelines、checkStyle # https://juejin.cn/post/6844904018297225224 #- name: sonar-scan # image: newtmitch/sonar-scanner:4.0.0-alpine # environment: # SONAR_TOKEN: # from_secret: sonar_token # GITHUB_ACCESS_TOKEN_FOR_SONARQUBE: # from_secret: github_access_token_for_sonarqube # commands: # - > # sonar-scanner # -Dsonar.host.url=https://sonarqube.company-beta.com/ # -Dsonar.login=?SONAR_TOKEN # -Dsonar.projectKey=smcp-service-BE # -Dsonar.projectName=smcp-service-BE # -Dsonar.projectVersion=${DRONE_BUILD_NUMBER} # -Dsonar.sources=src/main/java # -Dsonar.tests=src/test/java # -Dsonar.language=java # -Dsonar.java.coveragePlugin=jacoco # -Dsonar.modules=smcp-api,smcp-web # -Dsonar.java.binaries=target # -Dsonar.projectBaseDir=. # -Dsonar.analysis.mode=preview # -Dsonar.github.repository=Today_Group/SMCP-Service # -Dsonar.github.oauth=?GITHUB_ACCESS_TOKEN_FOR_SONARQUBE # -Dsonar.github.pullRequest=${DRONE_PULL_REQUEST} # -Dsonar.github.disableInlineComments=false # when: # event: # - pull_request # branch: # - develop # # # post sonarscan result back to git PR (not in preview mode) # - name: sonar-scan-feedback # image: newtmitch/sonar-scanner:4.0.0-alpine # environment: # SONAR_TOKEN: # from_secret: sonar_token # GITHUB_ACCESS_TOKEN_FOR_SONARQUBE: # from_secret: github_access_token_for_sonarqube # commands: # - > # sonar-scanner # -Dsonar.host.url=https://sonarqube.company-beta.com/ # -Dsonar.login=?SONAR_TOKEN # -Dsonar.projectKey=smcp-service-BE # -Dsonar.projectName=smcp-service-BE # -Dsonar.projectVersion=${DRONE_BUILD_NUMBER} # -Dsonar.sources=src/main/java # -Dsonar.tests=src/test/java # -Dsonar.language=java # -Dsonar.java.coveragePlugin=jacoco # -Dsonar.modules=smcp-api,smcp-web # -Dsonar.java.binaries=target # -Dsonar.projectBaseDir=. # -Dsonar.analysis.gitRepo=Today_Group/SMCP-Service # -Dsonar.analysis.pullRequest=${DRONE_PULL_REQUEST} # when: # event: # - pull_request # branch: # - develop ##################################### NOTIFY #################################### --- kind: pipeline type: docker name: notify # 以下内容不再需要clone代码 clone: disable: true steps: - name: 钉钉通知 image: guoxudongdocker/drone-dingtalk settings: token: 178f267b9b16b168e0a0afb223b3d41f3a58e62180ab5288aa576db02965dd72 type: markdown #5f6c32b36e771df227b1ccb8898325158e12d851ae61982d1ec225a1aa58e251 - name: dingtalk image: lddsb/drone-dingtalk-message settings: token: 178f267b9b16b168e0a0afb223b3d41f3a58e62180ab5288aa576db02965dd72 type: markdown success_color: 008000 failure_color: FF0000 success_pic: http://82.157.141.169:16666/avatars/1 msg_at_mobiles: 15858193327 - name: email-notify image: drillster/drone-email settings: # true 只发送给指定邮件收件人 false: 只发给流水线触发人 recipients_only: true recipients: from_secret: email_sender subject: "Drone build: [{{ build.status }}] {{ repo.name }} ({{ repo.branch }}) #{{ build.number }}" host: smtp.qq.com port: 465 username: from_secret: email_sender password: from_secret: email_pwd from: from_secret: email_sender - name: wechat notify image: lizheming/drone-wechat settings: corpid: ww01cb42e24566126d corp_secret: un_CtWqThxc11MKWPK5SNWsFEgU9MkI7MIjvyvV9KjA agent_id: 1000002 to_tag: ${DRONE_REPO_NAME} msg_url: ${DRONE_BUILD_LINK} safe: 1 btn_txt: more title: ${DRONE_REPO_NAME} message: > {%if success %} build {{build.number}} succeeded. Good job. {% else %} build {{build.number}} failed. Fix me please. {% endif %} - name: wechat image: clem109/drone-wechat settings: corpid: ww01cb42e24566126d corp_secret: un_CtWqThxc11MKWPK5SNWsFEgU9MkI7MIjvyvV9KjA agent_id: 1000002 title: ${DRONE_REPO_NAME} description: "Build Number: ${DRONE_BUILD_NUMBER} failed. ${DRONE_COMMIT_AUTHOR} please fix. Check the results here: ${DRONE_BUILD_LINK} " msg_url: ${DRONE_BUILD_LINK} btn_txt: bt #- name: webhook # image: plugins/webhook # settings: # username: myusername # password: mypassword # urls: https://oapi.dingtalk.com/robot/send?access_token= # content_type: application/json # template: | # { # "msgtype": "markdown", # "markdown": { # "content": "{{#success build.status}}✅{{else}}❌{{/success}}**{{ repo.owner }}/{{ repo.name }}** (Build #{{build.number}})\n # >**构建结果**: {{ build.status }} # >**构建详情**: [点击查看]({{ build.link }}) # >**代码分支**: {{ build.branch }} # >**提交标识**: {{ build.commit }} # >**提交发起**: {{ build.author }} # >**提交信息**: {{ build.message }} # " # } # } volumes: - name: mvnCache host: path: /tmp/cache/.m2 trigger: branch: - master event: - push # 构建完了在执行通知 depends_on: [default]