drone使用之配置Secrets

Posted 2020-11-28

Repository secrets用于存储密码、秘钥、令牌等机密信息。
在仓库的setting界面可以配置repository secrets

使用方式：

kind: pipeline
name: default

steps:
- name: build
  image: alpine
  environment:
    USERNAME:
      from_secret: docker_username
    PASSWORD:
      from_secret: docker_password

但是在用户所有Repository的secrets都一样的情况下，每次都配置很麻烦，此时就需要Organization secrets。Organization secrets可以由属于Organization的任何Repository使用。
配置Organization secrets需要先安装drone的命令行工具
drone的命令行是提供drone管理用户和repository 设置的重要工具
1、安装drone-cli（linux）：

curl -L https://github.com/drone/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx
sudo install -t /usr/local/bin drone

其他安装方式：https://docs.drone.io/cli/install/
配置drone_server地址和token：

export DRONE_SERVER=http://drone.mycompany.com
export DRONE_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

在user-setting界面可以获取信息

此时就可以使用drone命令行工具了
2、使用drone-cli
命令行参数

# drone -h
NAME:
   drone - command line utility

USAGE:
   drone [global options] command [command options] [arguments...]

VERSION:
   1.2.0

COMMANDS:
     build      manage builds
     cron       manage cron jobs
     log        manage logs
     encrypt    encrypt a secret
     exec       execute a local build
     info       show information about the current user
     repo       manage repositories
     user       manage users
     secret     manage secrets
     server     manage servers
     queue      queue operations
     orgsecret  manage organization secrets
     autoscale  manage autoscaling
     fmt        format the yaml file
     convert    convert legacy format
     lint       lint the yaml file
     sign       sign the yaml file
     jsonnet    generate .drone.yml from jsonnet
     starlark   generate .drone.yml from starlark
     plugins    plugin helper functions
     help, h    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   -t value, --token value   server auth token [$DRONE_TOKEN]
   -s value, --server value  server address [$DRONE_SERVER]
   --autoscaler value        autoscaler address [$DRONE_AUTOSCALER]
   --help, -h                show help
   --version, -v             print the version

详细命令信息：https://docs.drone.io/cli/commands/
创建通用secrets

$ drone orgsecret add [organization] [name] [data]
//例如
$ drone orgsecret add octocat docker_password pa55word
$ drone orgsecret ls
    docker_password 
    Organization:       octocat
    Pull Request Read:  false
    Pull Request Write: false