The guts of a drone plugin that runs code on the machines the containers are on.
Project description
drone-plugin-exec
Drone plugin to execute commands in a configured environment on the host the container is running on. The target side clones the repo and checks out the commit given by Drone, runs the command, then cleans up after itself.
Build
Python
python3 -m venv buildvenv
source buildvenv/bin/activate
pip install build twine
python3 -m build
Docker
Build the docker image with the following commands:
docker build . -t local/drone-plugin-exec
Plugin Configuration
privkey
(required) - The plugin side private key.script
(required) - A string with commands to run. This can be multiple lines.target_address
(required) - The IP address or unix socket uri of the target side.target_port
(required) - The port configured for the target side. Not required when using a unix socket.target_pubkey
(required) - The target side public key string.checkout
- Iftrue
then the repo is checked out. Defaults totrue
.log_level
- The plugin side log level. Defaults toINFO
.shell
- The program to use to run the script. Defaults to/bin/bash
.submodules
- Iftrue
all git submodules are updated. Defaults tofalse
.teardown
- When to teardown the runtime environment. Defaults toon-success
.always
- Always teardown after execution.on-success
- Only teardown after successful execution.never
- Never teardown. Always leave the temporary environment in place.
umask
- Set the umask for the script execution. Defaults to unset.user
- Set the user to execute the script as. Defaults to unset (whoever the target is running as).
Target Configuration
The target config is a toml file.
address
(required) - The address to listen on. This can be an IP or unix socket uri. Not required if usingdocker_network
.port
(required) - The port to listen on. Not required if using a unix socket.target_privkey_path
(required) - The path to the target side private key file.plugin_pubkey
(required) - The plugin side public key.docker_network
- The docker network to attach to.docker_uri
- The docker API uri if not the default. Defaults to whatever is set in the environment variables or the local socket.tmp_path_root
- The directory to create temporary directories in. Defaults to/tmp/drone-plugin-exec-target
.
Setup
On The Target
Install the target
sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install drone-plugin-exec
Generate the key pairs
sudo mkdir -p /usr/local/etc/drone-plugin-exec/
sudo drone-plugin-exec-genkeypair --output /usr/local/etc/drone-plugin-exec/target_key
Generate the plugin key pair
This only has to happen once and doesn't necessarily need to happen on the target but it's convenient to do on the first target.
drone-plugin-exec-genkeypair --output plugin_key
Upload the keys as secrets
drone secret add --repository <your username>/<your repo> --name plugin_exec_privkey --data @plugin_key
Or
drone orgsecret add <your orginization> plugin_exec_privkey @plugin_key
Optionally shred the plugin private key once it's been added as a secret.
shred -ux plugin_key
Configure the target
/usr/local/etc/drone-plugin-exec/target.toml
plugin_pubkey = 'base64:<your base64 encoded plugin public key>'
target_privkey_path = '/usr/local/etc/drone-plugin-exec/target_key'
tmp_path_root = '/tmp/drone-exec-plugin-test-temp'
address = 'unix:///var/run/drone-plugin-exec.sock'
Run the target daemon
Directly
drone-plugin-exec-target --config <path to the config>
Systemd
/usr/local/lib/systemd/system/drone-plugin-exec-target.service
[Unit]
Description=Drone Plugin Exec Daemon
After=network.target,docker.service
[Service]
Type=exec
ExecStart=/usr/local/bin/drone-plugin-exec-target --config /usr/local/etc/drone-plugin-exec/target.toml
[Install]
WantedBy=multi-user.target
sudo systemctl enable drone-plugin-exec-target.service
sudo systemctl start drone-plugin-exec-target.service
Hello World
Below are example configs for a target and a plugin.
Target
/usr/local/etc/drone-plugin-exec/target.toml
plugin_pubkey = 'base64:<your base64 encoded plugin public key>'
target_privkey_path = '/usr/local/etc/drone-plugin-exec/target_key'
tmp_path_root = '/tmp/drone-exec-plugin-test-temp'
address = 'unix:///var/run/drone-plugin-exec.sock'
Plugin
This uses the node
option to limit execution to nodes with a target daemon labeled with drone-plugin-exec-target=true
.
.drone.yml
---
kind: pipeline
name: Example exec
type: docker
node:
drone-plugin-exec-target: true
steps:
- name: hello world
image: haxwithaxe/drone-plugin-exec:latest
volumes:
- /var/run/drone-plugin-exec.sock:/var/run/drone-plugin-exec.sock
settings:
checkout: true
log_level: INFO
privkey:
from_secret: plugin_exec_privkey
repo_type: http
script: whoami
address: /var/run/drone-plugin-exec.sock
target_pubkey: base64:<base64 encoded target public key>
teardown: on-success
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for drone_plugin_exec-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a1c2ad41d1f34d55853c6b41aaccc416aced135f34c2458abd7c703a12c94f57 |
|
MD5 | 1af44b074e39f0f0eb1a8a77ed7b6a8d |
|
BLAKE2b-256 | a111fa87541cd0618d9ad4d29d46dadede7fc75bc31c2172a84ef21142f76d2d |