How to Achieve Fully Traceable Builds with Drone

A build without build-info is like a black box. You don’t know what’s in it, what dependencies it uses, who created it, when it was created and with which tool. And then there are properties, tags and a host of metadata that gives the build its identity. Without build-info, your build is essentially useless. The build-info is critical to make your build traceable and fully reproducible, so if a bug is found at any time in the application lifecycle you can precisely recreate the build and debug it. With the help of JFrog CLI, JFrog Artifactory collects and stores exhaustive build information for Drone builds.

It’s a bird, it’s a plane, it’s a Drone

Drone is a continuous delivery system built on container technology. It uses a simple YAML configuration file, a superset of docker-compose, to define and execute pipelines inside Docker containers. Drone works with any language, database or service that runs inside a container, and seamlessly integrates with popular version control systems, including GitHub, GitHub Enterprise, Bitbucket and more.

Once you point Drone at your source code repositories and “activate” one of them”, every commit and pull request on that repository sends a hook from your version control system to the Drone server triggering it to execute a new build. And since there’s no better place for your builds than JFrog Artifactory, we created an integration with Drone letting you publish and manage these binaries in Artifactory. Drone works with Artifactory, through JFrog CLI, to fetch and cache dependencies, and then publishes created packages along with their build information back to Artifactory.

After a successful build you can view exhaustive build information in Artifactory including:

  • Published modules and dependencies
  • Environment Variables
  • License Summary
  • Diffs between builds

With all this information, that black box becomes crystal clear, and you know exactly what went into each build, who put it there and when.

Let’s integrate Artifactory with your Drone CI workflow

In the following step-by-step example we will show you how to use the integration between Drone and Artifactory using JFrog CLI. In this example we will use Go, but you could just as easily use one of the other examples for a different package type in our  project-examples repository on GitHub.

1. Clone this GO sample project into your own Github repository and activate this repository on your Drone server as shown below:

2. From the menu in the top right corner of the screen, select “Secret” and configure your Artifactory credentials and the name of the repository in your GO project:
ARTIFACTORY_URL: adminARTIFACTORY_PASS: passwordREPOSITORY_KEY: Name of the target repository in Artifactory for the build output of this example Go project:

3. Commit the drone.yml configuration file under the root directory of your project:

   image: golang
     – echo $GOPATH
     – go get -u
     – export vgo=$GOPATH/bin/vgo
     – cd hello
  # Download the JFrog CLI
     – curl -fL | sh
     – ./jfrog rt config –url=$ARTIFACTORY_URL –user=$ARTIFACTORY_USER –password=$ARTIFACTORY_PASSWORD
– ./jfrog rt c show

   # Change the repository name in the configuration.yml to the the REPOSITORY_KEY .
     – sed -i ‘s,REPOSITORY_KEY,'”$REPOSITORY_KEY”‘,g’ ../configuration.yml

   # Run the go command with the CLI
     – ./jfrog rt go build –no-registry
– ls -ll $GOPATH/src/mod
– ./jfrog rt go build go
– ./jfrog rt gp go-local v1.1.0 –build-name=Drone-GO-Demo –build-number=1.1.0

   # Collect the environment variables with bce command
     – ./jfrog rt bce Drone-GO-Demo 1.1.0

   # Publish the build with bp command
     – ./jfrog rt bp Drone-GO-Demo 1.1.0


4. Navigate to the job in the Drone UI to view the build process and and JFrog Artifactory

5. Once the build job has completed, navigate to the Artifact Repository Browser in Artifactory to view your published artifacts:

6. See the build information in the Build Browser:

Click on any Build ID to get all the information you need to fully reproduce that build.

Crystal clear.

Ready for fully traceable builds with