Drone CI
You can use the Phase CLI to effortlessly inject or expose secret inside your CI pipelines or jobs.
Prerequisites
- Have signed up for the Phase Console and created an application.
PHASE_SERVICE_TOKEN.
If you are using a Self-Hosted instance of the Phase Console, you may supply
PHASE_HOST environment variable with your URL (https://<HOST>).
For detailed cli install options, please see: Installation
Setting PHASE_SERVICE_TOKEN:
- In your repository on Drone CI, navigate to
Settings. - Under
Secrets, clickAdd Secretand set the name asPHASE_SERVICE_TOKENand input its value.
Single staged
kind: pipeline
name: default
steps:
- name: prepare
image: alpine:latest
commands:
- curl -fsSL https://pkg.phase.dev/install.sh | bash
- export $(phase secrets export --app "my application name" --env prod DOCKERHUB_USERNAME DOCKERHUB_TOKEN | xargs)
- name: build_and_push
image: docker:dind
volumes:
- name: dockersock
path: /var/run
commands:
- docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_TOKEN
- docker build -t my-image .
- docker push my-image:latest
volumes:
- name: dockersock
host:
path: /var/run
Multi staged
Drone CI supports multi-stage builds where one step's outputs can be used in another. Here's an example:
kind: pipeline
name: default
steps:
- name: prepare
image: phasehq/cli:latest
commands:
- secrets export --app "my application name" --env prod DOCKERHUB_USERNAME DOCKERHUB_TOKEN > /shared/envs.txt
- name: build_and_push
image: docker:dind
volumes:
- name: dockersock
path: /var/run
- name: shared
path: /shared
commands:
- export $(cat /shared/envs.txt | xargs)
- docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_TOKEN
- docker build -t my-image .
- docker push my-image:latest
volumes:
- name: dockersock
host:
path: /var/run
- name: shared
temp: {}