Skip to content

How to release in Drone (CI)

Jump to bottom Edit New page
Gabriele Petronella edited this page Feb 9, 2018 · 7 revisions

Release with Drone CI

Make sure you've read first How to set up your CI and the prelude of How to set up secure releases in your CI.

Setting up Drone in a secure fashion requires you to have two different pipeline steps with the following properties:

  • Your build pipeline step where you run all tests.
  • Your publish pipeline step where you only compile, package and publish.
    • You do not run any test.
    • You do not run the publish step for pull-requests.
    • You do not run the publish step if the build step has failed.
    • You use a different image (can be identical, but with different id) than the build pipeline.

The idea is that both steps are isolated and that the build step has no access to credentials. Therefore, when setting up the credentials, you must scope them to the publish pipeline's image. Read the Secret Guide and remember to specify --image when adding the secrets. An example: drone secret add --image=$MY_PUBLISHING_IMAGRE $MY_ORG_AND_REPO $SECRET_KEY $SECRET_VALUE.

Of course, you must not allow to run the CI if the configuration file is not properly signed by one of the core contributors. This is the default, and you must not change it.

Next, I provide a rough skeleton of how the configuration of the build step looks like. This skeleton is not meant to be copy-pasteable because the configuration options may change between different Drone versions, and Drone is not stable enough yet to guarantee no changes in .drone.yml syntax.

Publish pipeline

As a reference, you may have a build pipeline like:

  build:
    image: $YOUR_ID/$YOUR_IMAGE:1.0
    commands:
      # Compile and run tests
      - $YOUR_SBT_COMMAND
      // ... the rest of the pipeline follows here

Then, your publish pipeline has to look like this:

  publish:
    image: $YOUR_ID/$YOUR_IMAGE_FOR_PUBLISHING:1.0
    # This is a way to add your server GPG keys to the CI step
    volumes:
      - /$YOUR_VOLUME_WITH_GPG_KEYS:/$YOUR_ROOT_FOR_PGP_KEYS
    when:
      event: [ push, tag, deployment ]
      status: success
    commands:
      # This is typically `sbt releaseEarly`
      - $YOUR_SBT_COMMAND_FOR_PUBLISHING_ONLY

Release on tag

To make sure that when you push a tag a release is cut, you must enable "release on tag" from the Settings tab in Drone's UI of your repository.

Additionally, Drone's default clone step doesn't fetch Git tags, so you will need to configure it explicitly.

Example:

clone:
  git:
    image: plugins/git
    tags: true

pipeline:
  ...

Credits

This is a Scala Center project, originally created by jvican. It now powers the Scala Platform sbt plugin and several Scala Center projects. If you find it useful, give the Center a shout-out in our official Twitter account or let us know in our Gitter channel. Your feedback is important and motivates us to keep improving this plugin.

Add a custom sidebar
Clone this wiki locally