"Life is all about sharing. If we are good at something, pass it on." - Mary Berry

Docker Compose healthcheck


The most important thing when running integration test using docker-compose is ensured that one container is started completely before others.

Sometime wait-for-it is not enough:

 1  cassandra:
 2    image: bitnami/cassandra:latest
 3    ports:
 4      - '7000:7000'
 5      - '9042:9042'
 6    volumes:
 7      - /path/to/init-scripts:/docker-entrypoint-initdb.d
 9  wait-for-cassandra:
10    image: willwill/wait-for-it
11    command: cassandra:9042 -t 60
12    depends_on:
13      - cassandra:


condition form of depends_on in docker-compose version 3


As version 3 no longer supports the condition form of depends_on, what is the alternative way to wait for a container to be started completely?

From 1.27.0, 2.x and 3.x are merged with COMPOSE_SPEC schema.

version is now optional. So, you can just remove it and specify a condition as before:

 2  web:
 3    build: .
 4    depends_on:
 5      redis:
 6        condition: service_healthy
 7  redis:
 8    image: redis
 9    healthcheck:
10      test: ["CMD", "redis-cli", "ping"]
11      interval: 1s
12      timeout: 3s
13      retries: 30


Let's Encrypt too many certificates already issued


Traefik is configured to use Let’s Encrypt to generate certificate for my blog (and other services) automatically. One day after restarting, I cannot access to my blog via HTTPS anymore (NET::ERR_CERT_AUTHORITY_INVALID). Why?

By looking at the Traefik logs, I found this:

time=“2021-02-04T01:54:33Z” level=error msg=“Unable to obtain ACME certificate for domains \“quantonganh.com\”: unable to generate a certificate for the domains [quantonganh.com]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued for exact set of domains: quantonganh.com: see https://letsencrypt.org/docs/rate-limits/, url: “ providerName=le.acme routerName=blog-secured@docker rule=“Host(quantonganh.com)”


plugins/docker failed to resolve Keycloak hostname?


After integrating Docker registry with Keycloak, the publishing step failed to authenticate with Docker Registry.

The full error message is:

1time="2021-01-26T13:44:18.485121053Z" level=error msg="Handler for POST /v1.40/auth returned error: Get https://docker.domain.com/v2/: Get https://sso.domain.com/auth/realms/application/protocol/docker-v2/auth?account=******&client_id=docker&offline_token=true&service=aws-docker-registry: dial tcp: lookup sso.domain.com on no such host"

sso.domain.com is a local hostname which can be resolved on the host. How can I make it resolvable inside the plugins/docker container?

I found some similar issues:

but they are slightly differences.

Look at this: http://plugins.drone.io/drone-plugins/drone-docker/


How to run a pipeline step only when pushing to a new branch?


GitHub sends push hook when pushing to a new branch and merging a PR. How can we distinguish between them?

We are running integration test by triggering a downstream build when a PR is merged into specific branches. In the downstream repository, we pull all the docker images which has been built and pushed from upstream. The thing is we also used the drone-convert-pathschanged to only publish what modules has been changed.

So, what happens when pushing to a new release-* branch?


Unable to obtain ACME certificate for domains


Lets Encrypt tells me that my domain contains an invalid character. What is it?

remark42 is configured like this:

 1  remark42:
 2    image: umputun/remark42:arm64
 3    container_name: "remark42"
 4    restart: always
 5    labels:
 6      - traefik.enable=true
 7      - traefik.http.routers.remark42.rule=Host(`${REMARK_URL}`)
 8      - traefik.http.routers.remark42.entrypoints=https
 9      - traefik.http.routers.remark42.tls.certresolver=le
10      - traefik.http.services.remark42.loadbalancer.server.port=8080


A && B || C is not the same as if-then-else


I have been thought that if-then-else statement can be written in one line by using A && B || C but I was wrong.

To speed up my Drone CI time, I configured the static-check step to only run when there are some .go files have been changed:

1git --no-pager diff --name-only ${DRONE_COMMIT_LINK##*/} | grep -q "\.go$" && golangci-lint run --deadline 2m -v ./... || true

I was thought that A && B || C is the same as:


How to perform integration testing in Go?


Integration testing can be triggered by using Drone downstream plugin:

 2- name: trigger
 3  image: plugins/downstream:linux-amd64
 4  settings:
 5    params:
 7    repositories:
 8    - repo/integration-test@${DRONE_COMMIT_BRANCH}
 9    server: https://drone.example.com
10    token:
11      from_secret: drone_token

It can be separated with unit tests by using build tags:

1// +build integration
3package webserver_test

Then we can write code to perform integration test as usual.


How to trigger build steps based on modified directory?


Using monorepo with multiple micro services, every single commit will trigger a full lint/test/build/publish for every service. What can I do to limit the scope?

To do that, we can use git diff to show changes between commits:

 1  if [[ -n "${DRONE_PULL_REQUEST}" ]]; then
 2    most_recent_before="origin/${DRONE_TARGET_BRANCH}"
 3  elif [[ "${DRONE_BUILD_EVENT}" = "push" && ("${DRONE_COMMIT_BRANCH}" = "master" || "${DRONE_COMMIT_BRANCH}" = "release-"*) ]]; then
 4    if [[ "${DRONE_COMMIT_BEFORE}" = "$zero" ]]; then
 5      exit 0
 6    else
 7      most_recent_before="${DRONE_COMMIT_BEFORE}"
 8    fi
 9  fi
10  modified_files=$(git --no-pager diff --name-only "${DRONE_COMMIT_SHA}".."${most_recent_before}");


Drone build is not triggered after pushing code to Gitea?


I pushed code to Gitea and nothing happens in Drone. Why?

But if I go to Settings -> Webhooks, then click “Test Delivery” -> build pipeline will be executed. Why?

First, look at the “Recent Deliveries” to see if a webhook is triggerd here when you pushing code. In my case, it’s not. So, looks like the problem is on Gitea side.

By pay close attention to the git output when pushing:

 1Counting objects: 4, done.
 2Delta compression using up to 4 threads.
 3Compressing objects: 100% (4/4), done.
 4Writing objects: 100% (4/4), 2.02 KiB | 2.02 MiB/s, done.
 5Total 4 (delta 2), reused 0 (delta 0)
 6hint: The 'hooks/pre-receive' hook was ignored because it's not set as executable.
 7hint: You can disable this warning with `git config advice.ignoredHook false`.
 8hint: The 'hooks/update' hook was ignored because it's not set as executable.
 9hint: You can disable this warning with `git config advice.ignoredHook false`.
10hint: The 'hooks/post-receive' hook was ignored because it's not set as executable.
11hint: You can disable this warning with `git config advice.ignoredHook false`.
12To gitea.pi:quanta/blog.git
13 + d29f63d...47e9ed3 master -> master (forced update)