gitea-drone-ci/drone/compose.yml

services:
# DRONE SERVER
  drone-server:
    image: drone/drone:2.16
    container_name: drone-server
    ports:
      - "3001:80"
      - "9001:9000"
    volumes:
      - ./drone-srv:/var/lib/drone/
    restart: always
    env_file:
      - .env
    environment:
      - DRONE_OPEN=true
      - DRONE_SERVER_HOST=drone.${DOMAIN}
      - DRONE_GITEA=true
      - DRONE_GITEA_SERVER=${DRONE_GITEA_SERVER}
      - DRONE_NETWORK=gitea
      - DRONE_GITEA_SKIP_VERIFY=true
      - DRONE_TLS_AUTOCERT=false
      - DRONE_GITEA_GIT_USERNAME=${DRONE_GITEA_GIT_USERNAME}
      - DRONE_GITEA_GIT_PASSWORD=${DRONE_GITEA_GIT_PASSWORD}
      - DRONE_GIT_USERNAME=${DRONE_GITEA_GIT_USERNAME}
      - DRONE_GIT_PASSWORD=${DRONE_GITEA_GIT_PASSWORD}
      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} 
      - DRONE_ADMIN=${DRONE_GITEA_GIT_USERNAME}
      - DRONE_SERVER_PROTO=https
      - DRONE_SECRET_ENDPOINT=http://drone-vault:3003
    networks:
      - gitea

# DRONE RUNNER
  drone-runner:
    image: drone/drone-runner-docker:1.8.2
    container_name: drone-runner
    restart: always
    depends_on: [ drone-server, drone-vault ]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./drone-runner:/drone/src
    env_file:
      - .env
    environment:
      - DRONE_RPC_HOST=drone.${DOMAIN}
      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
      - DRONE_RPC_PROTO=https
      - DRONE_RUNNER_NAME="drone-runner"
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock
#      - DRONE_SECRET_PLUGIN_ENDPOINT=drone-vault:3003
#      - DRONE_SECRET_PLUGIN_TOKEN=${DRONE_SECRET}
      - DRONE_RPC_SERVER=https://drone-server:3001
      - DRONE_SECRET_ENDPOINT=http://drone-vault:3003
      - DRONE_LOGS_TRACE=true
    ports:
      - "3002:3000"
    networks:
      - gitea

# DRONE VAULT (optionnel)
  drone-vault:
    image: drone/vault:1.3
    container_name: drone-vault
    restart: always
    ports:
      - "3003:3000"
    env_file:
      - .env
    environment:
      - DRONE_SECRET=${DRONE_VAULT_SECRET}
      - VAULT_ADDR=http://drone.${DOMAIN}:3003
      - VAULT_TOKEN_RENEWAL=8h
      - VAULT_TOKEN_TTL=48h
      - VAULT_TOKEN=${DRONE_VAULT_SECRET}
      - DRONE_RPC_SERVER=https://drone-server:3001
      - DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
      - DEBUG=true

volumes:
  drone-srv:
  drone-runner:

networks:
  gitea:
    name: gitea