How drone clones a repository


#1

The question was asked how Drone clones a repository. I wanted to document this in Discourse so that others could benefit from the answer (and ask follow-up questions). A common misconception is that the agent clones the repository, or that the repository is cloned inside the agent container, which is not the case.

Drone adds a default clone step to every Pipeline. The clone steps executes the clone plugin, which is pretty much just a vanilla Drone plugin that handles cloning the repository. You can find the plugin here.

Let’s say we have the following configuration file:

kind: pipeline
name: default

steps:
- name: build
  image: golang
  commands:
  - go build
  - go test

Conceptually speaking, Drone automatically prepends the clone step to your Pipeline (demonstrated below). The plugin then clones your repository to the shared workspace volume.

kind: pipeline
name: default

steps:
+ - name: clone
+   image: drone/git
  - name: build
    image: golang
    commands:
      - go build
      - go test

Since the clone plugin is just a Docker container, it can be easily run locally:

docker run \
-e DRONE_COMMIT_SHA=15e3f9b7e16332eee3bbdff9ef31f95d23c5da2c \
-e DRONE_COMMIT_BRANCH=master \
-e DRONE_REMOTE_URL=https://github.com/drone/envsubst drone/git \
drone/git

The clone credentials are passed via the below environment variables (private repositories only)

DRONE_NETRC_MACHINE=github.com
DRONE_NETRC_USERNAME=
DRONE_NETRC_PASSWORD=

The username and password vary based on your source code management system. If your source code management system is github, for example, the password is x-oauth-basic and the username is the oauth token.

There are two caveats to this behavior:

  • the credentials are only passed to the plugin if the repository is private or DRONE_GIT_ALWAYS_AUTH=true
  • if you set DRONE_GIT_USERNAME and DRONE_GIT_PASSWORD, these values are used as the username and password