Drone

Drone Default Visibility

We wanted to change our default visibility to private or internal. After receiving some report and doing tests on our own this is what we found. I’m posting here in case anyone else is searching for help on this topic.

Drone server has a lot of “undocumented” environment variables you can set. By default, a project’s visibility is set to public. You can set it to internal if you want.

DRONE_REPOSITORY_VISIBILITY=internal

However, setting it to “private” for the default doesn’t seem to work. Basically, leave it unset for public, or set it to internal for internal.

This setting only affects newly “synced” repositories. It does not affect ones that were already created and are listed in drone. We used an admin token and the CLI to iterate through the repos and set their visibility to internal if they were previously set to public. Use at your own risk, disclaimers, MIT license, etc…

drone repo ls > drone-public.yml

That would list all your repos and write them to a drone.yml file. This can take a long time depending on how many repos you have. It may even be untenable - then you should use the database and direct access.

#!/bin/bash

input="drone-public.yml"
while IFS= read -r line
do
  visibility=$(drone repo info $line | grep Visibility)
  if [ "$visibility" == "Visibility: public" ]; then
    echo "$line public"
    echo $line >> drone-moved.yml
    drone repo update $line --visibility=internal
else
    echo "$line $visibility"
  fi
done < "$input"

That will read in your output file and change the visibility of all of them, one by one, if their visibility was public. It will write the repos you changed to a new file (for auditing, or whatever - maybe undo the changes). And it prints out the visibility of the repositories as it found them.

I wanted to provide an update that you can now use the following confirmation parameter to require authentication for all repositories, including public repositories.

DRONE_SERVER_PRIVATE_MODE=true

Going forward this parameter should be used instead of DRONE_REPOSITORY_VISIBILITY